如何在註冊後自動登錄用戶

Question

我是使用PHP的新手。我想爲我的網站添加一個自動登錄部分，以便用戶在我的網站上創建帳戶後自動登錄。有人可以告訴我如何在註冊後自動登錄用戶嗎？我不確定我應該從哪裏開始。我感謝你能給我的所有幫助。非常感謝！ :)

這裏是我的register.php腳本：

<?php 
ob_start(); 
session_start(); 
if(isset($_SESSION['user'])!=""){ 
    header("Location: /"); 
} 
include_once 'dbconnect.php'; 

$error = false; 

if (isset($_POST['btn-signup'])) { 

    $name = trim($_POST['name']); 
    $name = strip_tags($name); 
    $name = htmlspecialchars($name); 

    $email = trim($_POST['email']); 
    $email = strip_tags($email); 
    $email = htmlspecialchars($email); 

    $pass = trim($_POST['pass']); 
    $pass = strip_tags($pass); 
    $pass = htmlspecialchars($pass); 

    $company = trim($_POST['company']); 
    $pcompany = strip_tags($company); 
    $company = htmlspecialchars($company); 

    if (empty($name)) { 
    $error = true; 
    $nameError = "Please enter your full name."; 
    } else if (strlen($name) < 3) { 
    $error = true; 
    $nameError = "Name must have atleat 3 characters."; 
    } else if (!preg_match("/^[a-zA-Z ]+$/",$name)) { 
    $error = true; 
    $nameError = "Name must contain alphabets and space."; 
    } 

    if (!filter_var($email,FILTER_VALIDATE_EMAIL)) { 
    $error = true; 
    $emailError = "Please enter valid email address."; 
    } else { 
    $query = "SELECT userEmail FROM users WHERE userEmail='$email'"; 
    $result = mysqli_query($conn,$query); 
    $count = mysqli_num_rows($result); 
    if($count!=0){ 
    $error = true; 
    $emailError = "Provided Email is already in use."; 
    } 
    } 
    if (empty($pass)){ 
    $error = true; 
    $passError = "Please enter password."; 
    } else if(strlen($pass) < 6) { 
    $error = true; 
    $passError = "Password must have atleast 6 characters."; 
    } 

    $password = hash('sha256', $pass); 

    if(!$error) { 

    $query = "INSERT INTO users(userName,userEmail,userPass,userCompany) VALUES('$name','$email','$password','$company')"; 
    $res = mysqli_query($conn,$query); 

    if ($res) { 
    $errTyp = "success"; 
    $errMSG = "Successfully registered, you may login now"; 
    unset($name); 
    unset($email); 
    unset($pass); 
    unset($company); 
    } else { 
    $errTyp = "danger"; 
    $errMSG = "Something went wrong, try again later..."; 
    } 

    } 


} 

//include your login validation 
if(empty($errors)){ 
    //User->login(); or anything you use for validating logins 
} 

?> 
<!DOCTYPE html> 
<html> 

<head> 
    <meta charset="UTF-8"> 
    <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport"> 
    <title>Register | Hexa</title> 
    <link rel="icon" href="https://app.myhexa.co/favicon.ico" type="image/x-icon"> 
    <link href="https://fonts.googleapis.com/css?family=Roboto:400,700&subset=latin,cyrillic-ext" rel="stylesheet" type="text/css"> 
    <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" type="text/css"> 
    <link href="plugins/bootstrap/css/bootstrap.css" rel="stylesheet"> 
    <link href="plugins/node-waves/waves.css" rel="stylesheet" /> 
    <link href="plugins/animate-css/animate.css" rel="stylesheet" /> 
    <link href="css/login.css" rel="stylesheet"> 
</head> 

<body class="signup-page bg-blue-grey"> 
    <div class="signup-box"> 
     <div class="logo"> 
      <center><img src="img/logo.png" height="50" width="155"></center> 
     </div> 
     <div class="card"> 
      <div class="body"> 
       <form id="sign_up" method="POST"> 
       <div class="msg"><h3 class="col-blue-grey">CREATE ACCOUNT</h3></div><br> 

           <?php 
    if (isset($errMSG)) { 

    ?> 
    <span class="fa fa-exclamation-triangle"></span> <?php echo $errMSG; ?> 
       </div> 
      </div> 
       <?php 
    } 
    ?> 



        <div class="input-group"> 

         <span class="input-group-addon"> 

          <i class="material-icons">person</i> 
         </span> 
         <div class="form-line"> 
          <input type="text" name="name" class="form-control" placeholder="Name" maxlength="50" value="<?php echo $name ?>" /"> 
         </div> 
        </div> 
                    <span class="text-danger"><?php echo $nameError; ?></span><br> 

        <div class="input-group"> 

         <span class="input-group-addon"> 
          <i class="material-icons">email</i> 
         </span> 
         <div class="form-line"> 
          <input type="email" name="email" class="form-control" placeholder="Email Address" maxlength="40" value="<?php echo $email ?>" /> 
         </div> 
        </div> 
                    <span class="text-danger"><?php echo $emailError; ?></span><br> 

         <div class="input-group"> 
         <span class="input-group-addon"> 
          <i class="material-icons">people</i> 
         </span> 
         <div class="form-line"> 
          <input type="text" name="company" class="form-control" placeholder="Company" value="<?php echo $company ?>" /> 
         </div> 
        </div><br> 
        <div class="input-group"> 
         <span class="input-group-addon"> 
          <i class="material-icons">lock</i> 
         </span> 
         <div class="form-line"> 
          <input type="password" name="password" class="form-control" placeholder="Password" maxlength="15" id="password" required> 
         </div> 
        </div> 
                    <span class="text-danger"><?php echo $passError; ?></span><br> 

        <div class="input-group"> 
         <span class="input-group-addon"> 
          <i class="material-icons">lock</i> 
         </span> 
         <div class="form-line"> 
     <input type="password" name="pass" class="form-control" placeholder="Confirm Password" maxlength="15" id="confirm_password" required> 
         </div> 
        </div> 
        <div class="form-group"> 
         <input type="checkbox" name="terms" id="terms" class="filled-in chk-col-deep-orange"> 
         <label for="terms">I read and agree to the <a href="javascript:void(0);">terms of usage</a>.</label> 
        </div> 

        <button type="submit" class="btn btn-block btn-lg bg-deep-orange waves-effect" name="btn-signup">REGISTER</button> 

        <div class="m-t-25 m-b--5 align-center"> 
         <a href="login">Have An Account?</a> 
        </div> 
       </form> 
      </div> 
     </div> 
    </div> 
    <script src="plugins/jquery/jquery.min.js"></script> 
    <script src="plugins/bootstrap/js/bootstrap.js"></script> 
    <script src="plugins/node-waves/waves.js"></script> 
    <script src="plugins/jquery-validation/jquery.validate.js"></script> 
    <script src="plugins/js/admin.js"></script> 
    <script>var password = document.getElementById("password") 
    , confirm_password = document.getElementById("confirm_password"); 

function validatePassword(){ 
    if(password.value != confirm_password.value) { 
    confirm_password.setCustomValidity("Passwords Don't Match"); 
    } else { 
    confirm_password.setCustomValidity(''); 
    } 
} 

password.onchange = validatePassword; 
confirm_password.onkeyup = validatePassword; 
</script> 
</body> 

</html> 

<?php ob_end_flush(); ?> 

Answer 1

從你的jsfiddle在評論鏈接，你成功登錄因此

$_SESSION['user'] = $row['userId']; 

這意味着，後設置會話您需要在完成註冊後將$_SESSION['user']會話設置爲最後一次插入的ID，以實現您所詢問的內容。您可以使用mysqli_insert_id()函數獲取最後插入的ID。這會是這樣

if ($res) { 
    $errTyp = "success"; 
    $errMSG = "Successfully registered, you may login now"; 
    $_SESSION['user'] = mysqli_insert_id($conn); // Sets the session and logs the user in instantly 
} 

其他信息

• 你已經在使用支持準備好的語句與有界變量輸入的API，你應該利用與佔位符參數化查詢（準備好的語句）來保護您的數據庫免受SQL-injection的影響！ 開始使用mysqli::prepare()和mysqli_stmt::bind_param()。

• 您還應該使用PHP password_*函數來散列和驗證密碼，而不是使用sha512。

• 此外，你有if(isset($_SESSION['user'])!=""){ - 它比較一個布爾值與一個空字符串。應改爲if (isset($_SESSION['user'])) {。

• exit;應在每調用一次header("Location: ..");後添加，以防止腳本進一步執行。

• 最後，功能如htmlspecialchars()打算用於輸出而不是輸入。這些與「轉義」或清理數據無關，而是用於確保從數據庫輸出數據時HTML有效（從而防止XSS攻擊）。 密碼根本不應該改變 - 只要將它們散列爲 - 因爲如果在散列之前/之後使用其他函數，散列可能會不同。

• strip_tags()可能適用於其他變量，但我不認爲它適合在這裏（取決於，你應該明白該功能的作用，請閱讀strip_tags()手冊）。

參考

• PHP.net on mysqli_insert_id()
• PHP。net on password_hash()/password_verify()