0

我有一个包含各种输入的页面,他们输入一些文本,然后按提交,将他们输入的信息插入数据库......它工作正常但是当我将它们重定向回他们的主页时(仅适用于登录用户)我的网站实际上将它们带回索引页面(每个人都可以使用),并显示“您必须登录才能执行此操作...”消息

然后我重新登录以检查我输入的内容是否已发布,它是......并且它是以我的名字发布的,这告诉我至少插入我的帖子的页面已经存储了我的会话

我已经检查了我的代码,以确保我正在传递会话变量,并且我似乎在做正确的事情。

这是我在主页上确保用户已登录的内容:

<?php session_start(); ?>
<?php
    if (!isset($_SESSION['id'])){
        header("Location: index.php?message=You Must Log in to go there!");
    }
?>

这是 insert-post.php 页面的代码:

<?php session_start(); ?>
<?php require_once("../includes/include_all.php"); ?>
<?php


    #myslqi connection
    $con = new mysqli(host,db_username,db_password, db_name);

    #THE POST VARIABLES
    $content = $con->real_escape_string($_POST['content']);
    $details = $con->real_escape_string(nl2br($_POST['details']));
    $user_id = $_SESSION['id'];
    $subjectArray = explode(',', $_POST['subject']);
    $bonus = $_POST['bonus'];
    #DATES
    $date = date('Y-m-d G:i:s', time());
    $date_expires = date('Y-m-d G:i:s', time() + (3600*4)); 
    #photo
    $photo_name = $_POST['photo_name'];


    #cost of this post
    $cost = $bonus+200;


    #insert the question

    $query = "INSERT INTO questions 
                (content, award, image, details, user_id, category, sub_category, date_created, date_expires, alive) 
                    VALUES ('".$content."', 
                                    '".$bonus."',
                                    '".$photo_name."',
                                    '".$details."',
                                    '".$_SESSION['id']."', 
                                    '".$subjectArray[1]."',
                                    '".$subjectArray[0]."',
                                    '".$date."',
                                    '".$date_expires."',
                                    1)
                    ";
    $insert_question = $con->query($query);

    if (!$insert_question){
        die("Could not enter the question [" .$con->error . "]");
    } else{
        header("Location: ".document_root."home.php?query=questions&message=Your question post was successful!");
    }

?>

标题将您带回主页,查询 = 问题,它只显示您最近的帖子并给您留下一条消息......它在同一个页面上,验证用户已登录......

编辑:登录验证代码:

#check for user via username/password
public function can_log_in($inputs){


   $query = "SELECT * FROM users WHERE user_name = '".$inputs['user_name']. "' AND password = '".$inputs['password']."'";
   $result = $this->con->query($query);
   if (!$result){
     die("Not performing query [" .$this->con->error);
   }
   if ($result->num_rows == 1){
    #start session
    $_SESSION['id'] = $this->get_user_id($inputs['user_name']);
    $_SESSION['user'] = $inputs['user_name'];
        return true;
    } else{
        return false;
        }
}

和获取 user_id 功能

#fetch user id
public function get_user_id($username){
     $query = "SELECT * FROM users WHERE user_name = '".$username."'";
     $result = $this->con->query($query);
     while ($row = $result->fetch_assoc()){
    return $row['id'];
     }
}

这些在用户类中

4

0 回答 0