2009-10-13 82 views
0

我正在建設一個小型工作應用程序網站,我使用從Nettuts.com教程中獲取的登錄系統的基礎。 登錄工作正常,但我無法獲取當前登錄的用戶的詳細信息,例如,如果用戶輸入他們的個人詳細信息,我可以將數據處理到數據庫,但它不鏈接到哪個用戶!抓取當前用戶標識-php class

我希望將id放入名爲$ userID的變量中。

我需要一種方法來識別用戶當前登錄,所以我可以更新我的插入語句,如... 'UPDATE cv其中userID = $ userID'。

class Mysql { 
private $conn; 

function __construct() { 
    $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
        die('There was a problem connecting to the database.'); 
} 

function verify_Username_and_Pass($un, $pwd) { 

    $query = "SELECT * 
      FROM users 
      WHERE username = ? AND password = ? 
      LIMIT 1"; 

    if($stmt = $this->conn->prepare($query)) { 
     $stmt->bind_param('ss', $un, $pwd); 
     $stmt->execute(); 

     if($stmt->fetch()) { 
     $stmt->close(); 
     return true; 

     } 
    }  
} 

}

類成員{

function validate_user($un, $pwd) { 
    $mysql = New Mysql(); 
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); 

    // if above = true 
    if($ensure_credentials) { 
     $_SESSION['status'] = 'authorized'; 
     $_SESSION['username'] = $un; 
     $_SESSION['password'] = $pwd; 
     header("location: ../myIWC.php"); 
    } else return "Please enter a correct username and password"; 

} 

function log_User_Out() { 
    if(isset($_SESSION['status'])) { 
     unset($_SESSION['status']); 
     unset($_SESSION['username']); 
     unset($_SESSION['password']); 
     if(isset($_COOKIE[session_name()])) 
      setcookie(session_name(), '', time() - 1000); 
      session_destroy(); 
    } 
} 

function confirm_Member() { 
    session_start(); 
    if($_SESSION['status'] !='authorized') header("location: ../login.php"); 
} 


$currentUN = $_SESSION['username']; 
$currentPWD = $_SESSION['password']; 

$mysql = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a  problem connecting to the database'); 
$stmt = $mysql->prepare('SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1'); 
$stmt->bind_param('ss',$currentUN, $currentPWD); 
$stmt->execute(); 
$stmt->bind_result($currentID); 
} 

回答

0

重寫你的verify_Username_and_Pass功能,所以它返回用戶數據的陣列,或者寫一個新的函數,得到它的思考。 然後在你的validate_user功能,這個數據保存到會話:

$_SESSION['user_data'] = $user_data; // got from database 
+0

THX的答覆隊友,我在莫有點OOP小白,我如何做到這一點? – 2009-10-13 14:36:19

0

嗯,我會說,在本教程中給出的代碼是不是一個很好的例子。數據庫類應該就是這樣,只處理數據庫函數,它不應該有真正的用戶函數(verify_Username_and_Pass)。另外從安全角度來看,我強烈建議不要在會話中存儲未加密的密碼。

但是,我很欣賞你所提供的代碼片段可能是更廣泛的實現的一部分,因此你將無法充分利用它。正如下面的代碼將在你的上下文中工作。

在用戶類
class Mysql { 
private $conn; 

function __construct() { 
     $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
            die('There was a problem connecting to the database.'); 
} 

function verify_Username_and_Pass($un, $pwd) { 

     $query = "SELECT id 
         FROM users 
         WHERE username = ? AND password = ? 
         LIMIT 1"; 

     if($stmt = $this->conn->prepare($query)) { 
       $stmt->bind_param('ss', $un, $pwd); 
       $stmt->execute(); 
       $stmt->bind_result($id); 

       if($stmt->fetch()) { 
       $stmt->close(); 
       return $id; 

       } else { 
        return false; 
       } 
     }    
} 

然後

if($ensure_credentials !== false) { 
       $_SESSION['id'] = $ensure_credentials; 
       $_SESSION['status'] = 'authorized'; 
       $_SESSION['username'] = $un; 
       $_SESSION['password'] = $pwd; 
       header("location: ../myIWC.php"); 
     } else return "Please enter a correct username and password";