php PHP登录并获取用户信息
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3084481/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP login and get user information
提问by Jorge
How can I get the user information when the user successfully login?
用户登录成功后如何获取用户信息?
Here is my login.phpcode
这是我的login.php代码
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
// mysql connect function here....
// mysql query here....
$sql = "SELECT * FROM user_accounts WHERE username = '$username' and password = '$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 1) {
session_register(username);
session_register(password);
header('location: index.php');
}
else {
$error = "Invalid Username or Password Please Try Again";
}
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?=$error=?>
Username : <input type="text" name="username">
Password : <input type="password" name="password">
<input type="submit" />
</form>
and here is my index.phpcode
这是我的index.php代码
<?
session_start();
if(!session_is_registered(username)){
header("location:login.php");
}
$username = session_is_registered(username);
$password = session_is_registered(password);
echo $username;
echo $password;
?>
Example:This is the database info.
示例:这是数据库信息。
User ID --> 001
Username --> admin
Password --> admin
When I echo $usernameand $passwordthe result for username = 1 and for password = 1. I wanted the result is username = admin and password = admin.
当我回显$username并且$password用户名 = 1 和密码 = 1 的结果时。我想要的结果是用户名 = admin 和密码 = admin。
How can I get the username and password that logs? I need it to be query so I can get his/her e.g. First Name, Last Name.
如何获取登录的用户名和密码?我需要它进行查询,以便我可以得到他/她,例如名字,姓氏。
回答by Sarfraz
You already have username and password coming from the POST array, you can store them in session like this:
您已经拥有来自 POST 数组的用户名和密码,您可以将它们存储在会话中,如下所示:
session_start(); // this will go on top of the page
.........
if($count == 1) {
session_register(username);
session_register(password);
$_SESSION['username'] = $_POST['username']; // store username
$_SESSION['password'] = $_POST['password']; // store password
header('location: index.php');
}
else {
$error = "Invalid Username or Password Please Try Again";
}
Later you can get them like:
稍后你可以得到它们:
echo $_SESSION['username'];
echo $_SESSION['password'];
Notethat you should destroy them in session logout file.
请注意,您应该在会话注销文件中销毁它们。
Note 2session_registerhas been DEPRECATED as of PHP 5.3.0. Simply use $_SESSIONarray for storing your values.
Note 2session_register从 PHP 5.3.0 开始被弃用。只需使用$_SESSION数组来存储您的值。
回答by svens
You're using the old session functions and you're using them wrong. Let me show you how to do it only with the $_SESSION array. Note that session_register() and session_is_registered() are deperecated functions as of PHP 5.3, which means that they could get removed later. Also you should always escape input coming from the user, when you want to use it in queries. You might want to use prepared statements, PDO or mysqli.
您正在使用旧的会话函数并且您错误地使用了它们。让我向您展示如何仅使用 $_SESSION 数组来执行此操作。请注意 session_register() 和 session_is_registered() 是 PHP 5.3 中弃用的函数,这意味着它们可以在以后被删除。此外,当您想在查询中使用它时,您应该始终转义来自用户的输入。您可能想要使用准备好的语句、PDO 或 mysqli。
<?php
// login.php
session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
// mysql connect function here.... (moved up here)
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$sql = "SELECT * FROM user_accounts WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die( "MySQL Error: ".mysql_error() );
$user = mysql_fetch_assoc($result);
if($user !== false) {
$_SESSION['username'] = $user['username'];
$_SESSION['password'] = $user['password'];
header('Location: index.php');
} else {
$error = "Invalid Username or Password Please Try Again";
}
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?=$error=?>
Username : <input type="text" name="username">
Password : <input type="password" name="password">
<input type="submit" />
</form>
Note the mysql_real_escape_string()function and the use of the $_SESSIONsuperglobal in the above example.
请注意上面示例中超全局变量的mysql_real_escape_string()功能和使用$_SESSION。
<?php
// index.php
session_start();
if(!isset($_SESSION['username'])) {
header("Location: login.php");
}
$username = $_SESSION['username'];
$password = $_SESSION['password'];
echo $username;
echo $password;
?>
You can use isset()instead of session_is_registered()to check if a session value has been set or not.
您可以使用isset()而不是session_is_registered()检查会话值是否已设置。
回答by svens
session_is_registered is boolean so it would check if it was set not get it.
session_is_registered 是布尔值,所以它会检查它是否设置了没有得到它。
You would want $username = $_SESSION['username'];and
你会想要$username = $_SESSION['username'];和
$password= $_SESSION['password'];
Try not to use username and password as session names though.
尽量不要使用用户名和密码作为会话名称。
I've found that it is already by mysql and stores the mysql username and password in sessions
我发现它已经被 mysql 和 mysql 用户名和密码存储在会话中
Edit:
编辑:
Also session_register is deprecated
不推荐使用 session_register
