3

我发布了一个问题寻求帮助以解决我遇到的问题,它已关闭,因为它是本地化的。我现在已经缩小了我的问题。

我问的原始问题可以看到PHP Login Script Returning Same user id? .

我的登录脚本有问题。一切似乎都很好,我没有收到任何错误或任何东西。

基本上,当我登录时,从数据库中检索到的user_uid(用户 uid)始终为 3,由于某种原因,它没有得到正确的user_uid,但是存储在会话中的所有其他详细信息都是正确的。

导致问题的查询是这个

$stmt = $dbh->prepare("
     SELECT
         *
     FROM
         users, users_roles, users_profiles
     WHERE
         user_login = :username
     OR
         user_email = :email

     LIMIT 1");

如果我从 SQL 查询中删除users_rolesusers_profiles并仅从users表中检索它会得到正确的user_uid,这一定与我从多个表中检索并且查询在某处搞砸的事实有关。

这是 SqlFiddle 的链接,其中包含我的架构和 SQL 查询http://sqlfiddle.com/#!2/3cc32/1/0

下面是回显的值数组,出于某种原因,即使在以测试帐户phplover登录时user_uid假设为6,它也显示user_uid '3' 这是表中的第一行,似乎在某处发生冲突。

经过进一步测试,它似乎从users表中获取了除user_uid之外的正确数据,但它从users_profilesusers_roles中检索数据库第一行的信息,可能是从 users 表中正确获取user_uid,但查询可能是覆盖它。

我运行的查询是 phpMyAdmin,它仍然做同样的事情,肯定与我的 SQL 查询有关,我怎样才能修复我的查询,以便它检索正确的user_uid

Array
(
    [user_uid] => 3 // should be 6, 3 is the user_uid of the first row in database, seems to just fetch first row :/
    [user_status] => 1 
    [user_login] => PhpLover
    [user_pass] => 5e79a29e6292e7690a6bf56484140114f1374933081d499b8cc5034685950a16668868cd0886d93f9bc634a5649a6037022a5ef62e9b5d13cda24619bbdf610b;507a7ea891f609.84619944
    [user_email] => smaple@sample.com
    [user_registered] => 2012-10-14 09:58:16
    [user_display_name] => 
    [user_failed_logins] => 0
    [id] => 3 // not sure where this is coming from  but should be 6 like user_uid
    [user_role] => subscriber
    [user_gender] => 
    [user_url] => 
    [user_msn] => 
    [user_aim] => 
    [user_yim] => 
    [user_twitter] => 
    [user_facebook] => 
)

这是我的登录脚本,无需显示它,因为我已将问题缩小到我的 SQL 查询,但我想我会发布它以帮助人们进一步了解正在发生的事情。

<?php
// ob_start()
ob_start();

// Include config.php
require_once("".$_SERVER['DOCUMENT_ROOT']."/de-admin/config.php");

// if user is logged in redirect them to control panel
// an already logged in user cannot login whilst already logged in!
alreadyloggedin();

// top.inc.php
require_once($top_inc);
?>

<!-- Meta start -->
<title><?php echo SITE_NAME; ?> - Member Login</title>
<meta name="description" content="<?php echo SITE_NAME; ?> - Member Login, Sign in" />
<meta name="keywords" content="sign up, member, login, signin, account, membership, <?php echo SITE_NAME; ?>" />
<!-- Meta end -->

<?php
// sidebar.inc.php
require_once($sidebar_inc);

// main.inc.php
require_once($main_inc);
?>

<?php

    if(isset($_POST['username_email'], $_POST['password'], $_POST[BOT_TEST], $_POST['token'])){

        // check if form token is valid
        IsValidFormTokenHash();

        // initialize form errors array
        $error    = array();

        // fetch form data
        $username_email = trim($_POST['username_email']);
        $password       = trim($_POST['password']);
        $bottest        = $_POST[BOT_TEST];

        // validate form data
        if(empty($username_email)){
            $error[] = 'Please enter your username or email address';
        }
        if(empty($password)){
            $error[] = 'Please enter your password';
        }
        if(!empty($bottest)){
            $error[] = 'Spambot detected, if your human please try again';
        }
        if(!empty($username_email) && !empty($password)){
            try{

                // connect to database
                $dbh = sql_con();

                // prepare query
                $stmt = $dbh->prepare("
                            SELECT
                                *
                            FROM
                                users, users_roles, users_profiles
                            WHERE
                                users.user_login = :username
                            OR
                                users.user_email = :email
                            AND
                                users.user_uid = users_roles.user_uid
                            AND
                                users.user_uid = users_profiles.user_uid
                            LIMIT 1");

                // execute query
                $stmt->execute(array(':username' => $username_email, ':email' => $username_email));

                if ($stmt->rowCount() > 0) {

                    $result = $stmt->fetch(PDO::FETCH_ASSOC);
                    echo '<pre>';
                    print_r($result);
                    echo '</pre>';
                    $user_db_pass = $result['user_pass'];

                    if(!ValidatePassword($password, $user_db_pass)){
                        $error[] = 'Invalid Login Details';
                    } else {

                        $user_status = $result['user_status'];

                        if($user_status == USER_STATUS_VERIFY){
                            $error[] = 'You must verify your account before you can log in';
                        }elseif($user_status == USER_STATUS_SUSPENDED){
                            $error[] = 'This account has been suspended';
                        }elseif($user_status == USER_STATUS_SPAM){
                            $error[] = 'This account has been marked as potentially spam';
                        } else {

                            // user valid

                            // fetch user details and assign there details to there sessions
                            $_SESSION['user_uid']          = $result['user_uid'];
                            $_SESSION['user_status']       = $result['user_status'];
                            $_SESSION['user_login']        = $result['user_login'];
                            $_SESSION['user_email']        = $result['user_email'];
                            $_SESSION['user_registered']   = $result['user_registered'];
                            $_SESSION['user_display_name'] = $result['user_display_name'];
                            $_SESSION['user_role']         = $result['user_role'];
                            $_SESSION['user_gender']       = $result['user_gender'];
                            $_SESSION['user_url']          = $result['user_url'];
                            $_SESSION['user_msn']          = $result['user_msn'];
                            $_SESSION['user_aim']          = $result['user_aim'];
                            $_SESSION['user_yim']          = $result['user_yim'];
                            $_SESSION['user_twitter']      = $result['user_twitter'];
                            $_SESSION['user_facebook']     = $result['user_facebook'];

                            // unset (destroy) form token
                            UnsetFormToken();

                            // On successful login get URI user was on
                            // so we can redirect them back to URI they was on
                            /*if(isset($_SESSION['redirect_to'])){
                                // if session redirect_to is found this means
                                // they tried to access a membersarea()
                                // so we get the URI and redirect to the
                                // secure page they tried accessing before logged in
                                $redirect_to = $_SESSION['redirect_to'];
                                // unset the session var
                                unset($_SESSION['redirect_to']);
                                // redirect
                                header("Location: ".SITE_URL."$redirect_to");
                                exit();
                            } else {
                                header("Location: /member/control-panel");
                                exit();
                            }*/

                            // now logged in redirect to control panel
                            //header("Location: /member/control-panel");
                            exit;
                        }
                    }

                } else {
                    $error[] = 'Incorrect login details';
                }

                // close database connection
                $dbh = null;

            }
            catch (PDOException $e){
                ExceptionErrorHandler($e);
                require_once($footer_inc);
                exit;
            }
        }

        // If errors found display errors
        if(!empty($error)){
            $SiteErrorMessages = '';
            foreach($error as $msg){
                $SiteErrorMessages .= "$msg <br />";
            }
        }
    }


    // display error messages
    if(isset($SiteErrorMessages)){
        SiteErrorMessages();
    }

    // the below values is to replace placeholders in tpl
    $TemplateReplacementValues = array(
        'SITE_NAME'         => SITE_NAME,
        'FORM_TOKEN_HASH'   => GenerateFormTokenHash(),
        'BOT_TEST'          => BotTest()
    );

    // signup.tpl template location
    $tpl = DOCUMENT_ROOT.'inc/tpl/login.tpl';

    // load signup template
    PageContentTemplate($tpl, $TemplateReplacementValues);

?>

<?php
// footer.inc.php
require_once($footer_inc);

// ob_end-flush
ob_end_flush();
?>
4

5 回答 5

3

重写这个:

FROM users, users_profiles, users_roles

对此:

FROM users
INNER JOIN users_profiles USING (user_uid)
INNER JOIN users_roles USING (user_uid)

...否则您的查询会产生一个CROSS JOIN(至少可以说这是非常低效的)。

如果某些users记录可能没有对应的记录,users_profiles则应在此处将 INNER JOIN 替换为 LEFT OUTER JOIN users_roles(对于这些用户,在返回的行集中相应的列值将设置为 NULL)。

于 2012-10-18T09:55:23.297 回答
0
$stmt = $dbh->prepare("
     SELECT
         *
     FROM
         users, users_roles, users_profiles
     WHERE
         (user_login = :username OR user_email = :email)
         AND users.user_uid = users_roles.user_uid
         AND users.user_uid = users_profiles.user_uid

     LIMIT 1");
于 2012-10-18T09:56:08.593 回答
0

尝试

SELECT users.*,users_roles.*,users_profiles.* FROM  users
LEFT OUTER JOIN user_roles ON users.user_uid=users_roles.user_uid
LEFT OUTER JOIN  users_profiles ON  users.user_uid = users_profiles.user_uid 
WHERE users.user_login = :username OR users.user_email = :email LIMIT 1
于 2012-10-18T09:58:59.583 回答
0

您正在尝试加入 2 个以上的表,这就是它在小提琴中的工作方式:

SELECT *
FROM users 
INNER JOIN users_roles ON users.user_uid=users_roles.user_uid
INNER JOIN users_profiles ON users.user_uid = users_profiles.user_uid
WHERE (users.user_uid=6) AND (users.user_login='phplover')
于 2012-10-18T10:08:45.297 回答
0

使用这个查询

“SELECT * FROM users as u left join users_roles as us on u.user_uid = us.user_uid left join users_profiles as up u.user_uid = up.user_uid WHERE u.user_login= :username OR u.user_email =:email LIMIT 1”

于 2012-10-18T10:10:07.203 回答