1

目前尝试运行查询,我已经设法通过添加确切的用户名来使其工作,但是当我尝试使用当前查询来使用 $_Session 识别的用户名时,它不起作用。

<?php 
    include ("config.php"); 
    session_start();    
    $username = $_SESSION['username'];
    $stmt = $db->exec ("UPDATE users SET lastlogindate = NOW() WHERE username = '$username'");
?>

编辑 - Login.php 代码

<?php 
    require("config.php"); 
    $submitted_username = ''; 
    if(!empty($_POST)){ 
        $query = " 
            SELECT 
                id, 
                username, 
                password, 
                salt, 
                email 
            FROM users 
            WHERE 
                username = :username 
        "; 
        $query_params = array( 
            ':username' => $_POST['username'] 
        ); 

        try{ 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } 
        $login_ok = false; 
        $row = $stmt->fetch(); 
        if($row){ 
            $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
            for($round = 0; $round < 65536; $round++){
                $check_password = hash('sha256', $check_password . $row['salt']);
            } 
            if($check_password === $row['password']){
                $login_ok = true;
            } 
        } 

        if($login_ok){ 
            unset($row['salt']); 
            unset($row['password']);
            $_SESSION['user'] = $row;
            header("Location: main.php"); 
            die("Redirecting to: main.php");    
        } 
        else{ 
            print("Login Failed."); 
            $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
        } 
    }; 
?>
4

1 回答 1

3

您在 login.php 中设置$row$_SESSION['user']然后$_SESSION['username']错误地获取它,您应该使用它$_SESSION['user']

尝试这个 :

<?php
    include ("config.php"); 
    session_start();    
    $username = $_SESSION['user'];
    $stmt = $db->prepare("UPDATE users SET lastlogindate = NOW() WHERE username = ?");
    $stmt->bindParam(1, $username['username']);
    $stmt->execute();
?>
于 2013-11-14T19:45:16.350 回答