-2

您好,我有一个大问题.. 我正在创建一个用户登录站点,但问题是如果我在数据库中有 2 个或更多用户,并且如果我尝试使用我的第二个用户的凭据登录,它只会给我第一个用户信息. 任何帮助将不胜感激。

登录.php

include '../init/init.php';

if (empty($_POST) === false) {
    // ...
    $username = $_POST['log_username'];
    $password = $_POST['log_password'];

    $login = login($username, $password);
    if ($login === false){
        die(msg1(0, 'Password is incorrect.'));
    }else{
        $_SESSION['id'] = $login;
        die(msg1(1,"members.php"));
        exit();
    }
}

users.php(我这里有我所有的用户功能)

    <?php

// ...
function user_id_from_username($username) {
    $username = sanitize($username);
    $query_user_id = mysql_query("SELECT (`id`) FROM `users` WHERE `username` = '$username'");
    return mysql_result($query_user_id, 0, 'id');
}

function login($username, $password) {
    $id = user_id_from_username($username);

    $username = sanitize($username);
    $password = md5($password);

    $query_login = mysql_query("SELECT COUNT(`id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
    return (mysql_result($query_login, 0) == 1) ? $id : false;

}
?>

这显示了登录后的个人资料:

// ...
if (logged_in() === true){ 
  $session_user_id = $_SESSION['id']; 
  $sql = mysql_query("SELECT * FROM users"); 
  $id = 'id'; 
  $username = 'username'; 
  $rows = mysql_fetch_assoc($sql); 
}
$errors = array();

// show profile based on $rows
4

1 回答 1

1

从评论部分的代码来看,我建议将代码更改为:

$session_user_id = $_SESSION['id']; 
$sql = mysql_query("SELECT * FROM users WHERE `id`='$session_user_id'");

我假设您$_SESSION['id']事先进行了消毒。

于 2012-10-09T05:11:14.453 回答