0

我需要有关为 jQuery 文件上传实现所需用户登录的最简单方法的建议。在网站主页上,用户使用电子邮件和密码登录。然后,我们使用$_SESSION[email]站点范围来允许或禁止访问页面,具体取决于用户是否登录。

到目前为止,这在所有 PHP 页面上都运行良好,下面是正在使用的代码示例:

<?php
// at the top most of the page
session_start();

// Checking user login credentials
if(!isset($_SESSION['email'])){

// Alerting the user they must be logged in
echo "<script>alert('You must be logged in to access this page.')</script>";

// Sending the non-logged in user back to the home page
echo "<script>window.open('../index.php','_self')</script>";
}

// If the user is logged in let them see the page
else { ?>

// added to the very last line of the page
<?php } ?>

登录表单如下,以防您需要查看:

<form method="post" action="#">

        <table width="90%" border="0" align="center" bgcolor="white">


            <tr>
                <td bgcolor="ffffff" colspan="2" align="center"><h2>User Login</h2></td>
            </tr>

            <tr>
                <td align="right">Email:</td>
                <td><input type="text" name="email" id="email"></td>
            </tr>

            <tr>
                <td align="right">Password:</td>
                <td><input type="password" name="password" id="password"></td>
            </tr>

            <tr>
                <td colspan="2" align="center"><input type="button" name="login" id="login" value="Login"></td>

            </tr>

            <tr>
                <td colspan="2" align="center"><h3 style="margin-top:7px;"><a href="nonadmin_user_forgot_password.php" target="_blank" title="Reset Your Lost Password">Forgot Password?</a></h3></td>
            </tr>


            <tr>
                <td bgcolor="#ffffff" colspan="2" align="center"><div style="padding-top:5px;"><span style="font-size:20px;">Don't have an account?<br /><a href="/includes/register-user.php" title="Register with us!" target="_self">Sign Up</a> is <em>quick</em> and <em>easy</em>!</span></div></td>

        </table>
    </form>

这是登录 PHP 文件:

<?php
session_start();

// Connecting to the database and making the Bcrypt functions available
include("admin/includes/connect.php");
include ("lib/password.php");

// Let's get the mail and password from the Login Form
$email=$_POST['email1'];
$password= ($_POST['password1']); 

// Let's see if the entered email is in the database and if it is retrieve the password
$result = mysqli_query($conn, "SELECT * FROM nonadmin_user_login WHERE email='$email'");

// Create variables for the database result, password and email
$data = mysqli_fetch_array($result);
$bcrypt_pass = $data['nonadmin_user_pass'];
$email_match = $data['email'];

// If the email and password match up
if (password_verify ($password, $bcrypt_pass) == 1 AND $email == $email_match) {

// Start a session bound to the email
$_SESSION['email']=$email;

// Alert the user of a successful login
echo "Successfully Logged in.";

// Make a variable for the date and time
$mysqltime = date ("Y-m-d H:i:s");

// Update the database to show the time of the user's last successful login
mysqli_query($conn, "UPDATE nonadmin_user_login SET last_login='$mysqltime' WHERE email ='".$email."' ") or die(mysqli_error($conn));

}

// Alert the user of a failed login
else{
echo "Email or Password is wrong please try again.";
}

?>

这是登录 JS:

<script>
// Let's get this party started
$(document).ready(function(){

// Binding this to the login form submit button
$("#login").click(function(){

// Setting variables and binding them to the login form fields
var email = $("#email").val();
var password = $("#password").val();

// Checking if the email or password is empty
if( email =='' || password ==''){
$('input[type="text"],input[type="password"]');
$('input[type="text"],input[type="password"]');

// Alerting the user of empty email and/or password
alert("Please fill all fields.");

// If the fields are not empty
}else {

// Posting the entered email and password to log-me-in.php
$.post("log-me-in.php",{ email1: email, password1:password},

// Function to event handle incorrect email or password
function(data) {

// If the email is invalid
if(data=='Invalid Email.......') {
$('input[type="text"]');
$('input[type="password"]');

// Alert the user of invalid entry
alert(data);

// If email and/or password don't match the database query
}else if(data=='Email or Password is wrong please try again.'){
$('input[type="text"],input[type="password"]');

// Alert the user of invalid entry
alert(data);

// If nothing went wrong so far it's time to login and alert user of login success
} else if(data=='Successfully Logged in.'){

// Let's refresh the window so the sidebar signin block can swap to the logged in block
window.location=window.location;
$("form")[0].reset();
$('input[type="text"],input[type="password"]');
alert(data);
} else{
alert(data);
}
});
}
});
});</script>

我尝试了几种方法,但都失败了。我尝试使用 jQuery File Upload index.html 顶部的所有其他页面上使用的标准代码(最上面的代码示例框),但这是不行的。

我还尝试将此标准代码(最上面的代码示例框)添加到 jQuery File Upload UploadHandler.php 中,其中@session start 代码行是...

protected function get_user_id() { //
        @session_start();
        return session_id();
    }

......再次它没有工作。现在地球上的任何人都可以打开 jQuery 文件上传页面并开始加载文件,这是不正常的。我的想法是,如果用户未登录,我可能需要放弃不显示整个页面,而只是让页面显示......然后如果此时单击上传文件按钮,则上传失败登录?

如果您对如何根据登录名阻止整个页面有任何建议,请告诉我。如果您对如何基于登录阻止文件上传有任何建议,请告诉我。如果您对任何事情有任何建议,请告诉我,我全神贯注,并提前感谢您提供的任何帮助!

4

1 回答 1

1

为什么不检查是否

if(isset($_SESSION['email']))

已设置,如果是,则执行文件上传脚本,如果不是,则不运行脚本并返回错误

if(!isset($_SESSION['email'])) 
{ actual upload script } 
else
{ echo "I dont think so hombre" }
于 2015-03-27T16:43:17.473 回答