我想在他們登錄后顯示在線用戶

Question

我想顯示：登錄為： _ __ _ ___

到目前為止的代碼：

登錄檢查，

<?php
include('config.php');

// username and password sent from form 
$myemail=$_POST['myemail']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myemail = stripslashes($myemail);
$mypassword = stripslashes($mypassword);
$myemail = mysql_real_escape_string($myemail);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email='$myemail' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

if($count==1){
session_start(); 
$_SESSION['myemail'] = $myemail; 
header("Location: http://www.jblanksby.yourwebsolution.net/login_success.php?            user=$myemail"); } 
else 
{ header("Location: http://www.jblanksby.yourwebsolution.net/loginerror.php"); 
} 
?>

登錄成功頁面/第一個成員頁面，

<? 
$email = $_GET['myemail']; 
session_start(); 
$_SESSION['myemail'] = $email;  

if(isset($_SESSION['email'])){ 
} else { 
echo " 
<script language='javascript'> 
alert('Sorry, but you must login to view the members area!') 
</script> 
<script> 
window.location='http://jblanksby.yourwebsolution.net/sign_in.php' 
</script> 
"; } 
?>

<html>
blah blah blah
</html>

用於顯示用戶電子郵件的代碼，

Logged in as: <? echo "$email"; ?>

登錄方面的事情是完美的。 僅顯示用戶電子郵件證明是困難的。 我做錯了什么/錯過了什么？

Answer 1

由於您嘗試從會話中顯示值，因此必須使用$_SESSION['email'] 。

session_start(); // Or, if you have done it ahead, then omit this
echo "Logged in as:".$_SESSION['email'];

Answer 2

在$_SESSION上使用Starx建議，但你需要將session_start作為頁面上的第一行PHP移動，在$email = $_GET['myemail']; （或$email = $_SESSION['email'] ）

<?php
session_start();
$email = $_SESSION['email'];
?>

添加

要使用會話變量，請將其聲明為（假設您在表單提交時使用method = post）：

<?php
session_start();
$_SESSION['email'] = $_POST['email'];
?>

這當然對於用戶輸入是不安全的，假設您在將用戶輸入從一個頁面傳遞到另一個頁面並將其注入查詢之前對其進行了靜態處理，這只是一個簡單的示例。

Answer 3

登錄腳本：

$username = $_POST['username'];
$password = $_POST['password'];
$password = sha1($password);

if ($username&&$password) {
        require_once('../db/nstDBconnector.php');
        $qr = "SELECT * FROM `users` WHERE `username` = '$username'";
        $query = mysql_query($qr);
        $numrows = mysql_num_rows($query);

        if ($numrows!=0) {
            // check password against the password in the database
            while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) {
                $storedUsername = $row['username'];
                $storedPassword = $row['password'];
                $storedUserType = $row['user_type'];
                $storedUserFName = $row['full_name'];
                $_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
            }
            // check to see if username and password match
            if ($username==$storedUsername&&$password==$storedPassword) {
                ob_start();
                session_start();
                $_SESSION['username'] = $storedUsername;
                $_SESSION['user_type'] = $storedUserType;
                $_SESSION['full_name'] = $storedUserFName;
                header ('Location: main.php?login=successful');
            } else {
                header ('Location: index.php?error=incorrectPassword');
            }
        } else {
            header ('Location: index.php?error=noUser');
        }
    } else {
        header ('Location: index.php?error=missingUserAndPass');

    }

登錄后您帶他們去的頁面：

if ($_SESSION['username']) {
    $userLogged = $_SESSION['username'];
    $userType = $_SESSION['user_type'];
    $userFName = $_SESSION['full_name'];
} else {
    header ('Location: http://www.yourdomain.com/index.php?error=notLoggedIn');
}

您要在頁面上顯示用戶名的位置：

Logged in as <?php echo $userFName; ?>.

要么

echo "Logged in as ", $userFName, ".";