0

好吧,我有一个登录页面,我在其中输入用户名和密码并登录到 ucp-home.php 页面。这是 ucp-home.php 文件的开头:

    <?php include("sql.php");include("auth.php");
$con = mysql_connect("localhost","axylus","denismm1234");
mysql_query("SET NAMES UTF8");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("velto", $con);

$result = mysql_query("SELECT * FROM users");

while($row = mysql_fetch_array($result))
  {
  $skin = $row['SkinID'];
  $igname = $row['Username'];
  $playerid = $row['UID'];
  $tls = $row['TLS'];
  $phonenumber = $row['Ph'];
  $fightingstyle = $row['FightingStyle'];
  $pastnames = $row['PastNames'];
  $staff = $row['Staff'];
  $staff2 = $row['Staff2'];
  $staff3 = $row['Staff3'];
  $staff4 = $row['Staff4'];
  $donor = $row['Donor'];
  $driving = $row['Driving'];
  $weapon = $row['Weapon'];
  $flying = $row['Flying'];
  };

mysql_close($con);

问题是它使用的是最后一行的数据,而不是登录用户名的行。

这是我的 log.php 文件:

    <?php
    include("sql.php"); //Connect to SQL

    session_start(); //Start session for writing

    function Fix($str) { //Clean the fields
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    $errmsg = array(); //Array to store errors

    $errflag = false; //Error flag

    $username = Fix($_POST['username']); //Username
    $password = Fix($_POST['password']); //Password

    //Check Username

    //Check Password


    //If there are input validations, redirect back to the registration form
    if($errflag) {
        $_SESSION['ERRMSG'] = $errmsg;
        session_write_close();
        header("location: index.php");
        exit();
    }

    //Create SELECT query
    $qry = "SELECT * FROM `users` WHERE `Username` = '$username' AND `Password` = '" . md5($password) . "'";
    $result = mysql_query($qry);

    //Check whether the query was successful or not
    if(mysql_num_rows($result) == 1) {
        while($row = mysql_fetch_assoc($result)) {
            $_SESSION['UID'] = $row['UID'];
            $_SESSION['USERNAME'] = $username;
            if($_SESSION['Full Name'] = $_SESSION['Full Name']) echo "Success";
            session_write_close();
            header("location: dashboard.php");
        }
    } else {
        $_SESSION['ERRMSG'] = "Invalid username or password";
        session_write_close();
        header("location: index-invalid.php");
        exit();
    }
?>

我希望你明白我的问题到底是什么。先感谢您。

4

1 回答 1

1

使用登录脚本时,您必须将当前会话的详细信息写入会话数组。所以在您的 log.php 中,执行此操作(或使用类似的键,如时间+用户名哈希)

session_start();
...
//if user is authenticated
$_SESSION['user'] = $username;

在你的 ucp-home.php 中使用这个:

...
session_start();
$result = mysql_query("SELECT * FROM users WHERE Username='$_SESSION[user]'");
...
于 2013-04-28T18:39:49.243 回答