0

我有一个登录脚本,当前存储 2 个变量一个有效变量和一个用户名变量。我现在正在尝试添加一个名称变量,因此我更改了 MySQL 查询以从数据库中获取名称,并尝试将名称存储在会话变量中,但由于某种原因它只是不存储它。可能最好只是向您展示脚本,我学习 PHP 仅 2 个月,非常感谢您的帮助。

<?php
ob_start(); // Start output buffering

session_start(); //must call session_start before using any $_SESSION variables3
$_SESSION['username'] = $username;

function validateUser($username)
{

    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] = 1;
    $_SESSION['username'] = $username;
    $_SESSION['name'] = $userData['name'];
}

      $username = isset($_POST['username'])?$_POST['username']:'';
     $password = isset($_POST['password'])?$_POST['password']:'';

//connect to the database here

$hostname_Takeaway = "localhost";
$database_Takeaway = "diningtime";
$username_Takeaway = "root";
$password_Takeaway = "root";
$Takeaway = mysql_pconnect($hostname_Takeaway, $username_Takeaway, $password_Takeaway) or trigger_error(mysql_error(),E_USER_ERROR); 
mysql_select_db($database_Takeaway, $Takeaway);

$username = mysql_real_escape_string($username);

$query = "SELECT name, password, salt FROM admin_users WHERE username = '$username';";

$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result) < 1) //no such user exists
{
    header('Location: http://localhost/diningtime/admin-home.php?login=fail');

    die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) //incorrect password


{
    header('Location: http://localhost/diningtime/admin-home.php?login=fail');

    die();
}
else
{

   validateUser($username); //sets the session data for this user
}
//redirect to another page or display "login success" message
header('Location: http://localhost/diningtime/main');
die();




//redirect to another page or display "login success" message


?>
4

3 回答 3

1

您的validateUser()函数在范围内没有$userData变量,因此您将 NULL 分配给 $_SESSION['name']。

要么使 $userData 成为全局变量,因此它在函数范围内可见,或者将其作为参数传递:

function validateUser($user, $userData) {
                             ^^^^^^^^^-- pass as arg
   global $userData;
   ^^^^^^^^^^^^^^^^^--- bring var in-scope
   ...
   $_SESSION['name'] = $GLOBALS['userData']['name'];
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^--- refer to global scope
}

这三个选项中的任何一个都可以解决问题(只是不要同时做这三个)

于 2012-11-08T20:05:36.847 回答
1

您的validateUser函数没有从 $userData 数组中获取值,您需要在其中添加另一个参数,例如

function validateUser($username, $name)

然后从您的代码中传递这些值,或者您可以在此函数中移动 mysql 身份验证,然后它将起作用。通常,函数无法识别您在该函数之外定义的任何变量。

PS第五行应该是什么

$_SESSION['username'] = $username;

做?我怀疑它在那个地方完全没用:-)

于 2012-11-08T20:06:22.767 回答
0

这里有很多错误。

<?php
ob_start(); // Start output buffering

session_start(); //must call session_start before using any $_SESSION variables3
$_SESSION['username'] = $username;

从哪里来$username

 $username = isset($_POST['username'])?$_POST['username']:'';
 $password = isset($_POST['password'])?$_POST['password']:'';

现在您正在检查它的存在。

    $Takeaway = mysql_pconnect($hostname_Takeaway, $username_Takeaway, $password_Takeaway) or trigger_error(mysql_error(),E_USER_ERROR); 
mysql_select_db($database_Takeaway, $Takeaway);

mysql_*弃用过程已经开始。与您的问题无关,但值得一提

然后来了validateUser($username); //sets the session data for this user

现在您正在调用该函数。让我们看一下函数。

function validateUser($username)
{

    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] = 1;
    $_SESSION['username'] = $username;
    $_SESSION['name'] = $userData['name'];
}

$username你作为参数传递,但$userData['name']从哪里来?(有关范围,请参阅 MarcBs 解决方案)

所以你有很多事情要弄清楚。

于 2012-11-08T20:06:53.947 回答