0
我將用戶權限存儲在與用戶信息相同的表中,因此有三個布爾條目,用於三個權限級別。登錄後,從該用戶的行中的數據插入到會話變量與下面的代碼:[PHP]從會話變量中給出錯誤值的SQL表
private function loginWithPostData($user_name, $user_password, $user_rememberme)
{
if (empty($user_name)) {
$this->errors[] = MESSAGE_USERNAME_EMPTY;
} else if (empty($user_password)) {
$this->errors[] = MESSAGE_PASSWORD_EMPTY;
// if POST data (from login form) contains non-empty user_name and non-empty user_password
} else {
// user can login with his username or his email address.
// if user has not typed a valid email address, we try to identify him with his user_name
if (!filter_var($user_name, FILTER_VALIDATE_EMAIL)) {
// database query, getting all the info of the selected user
$result_row = $this->getUserData(trim($user_name));
// if user has typed a valid email address, we try to identify him with his user_email
} else if ($this->databaseConnection()) {
// database query, getting all the info of the selected user
$query_user = $this->db_connection->prepare('SELECT * FROM users WHERE user_email = :user_email');
$query_user->bindValue(':user_email', trim($user_name), PDO::PARAM_STR);
$query_user->execute();
// get result row (as an object)
$result_row = $query_user->fetchObject();
}
// if this user not exists
if (! isset($result_row->user_id)) {
// was MESSAGE_USER_DOES_NOT_EXIST before, but has changed to MESSAGE_LOGIN_FAILED
// to prevent potential attackers showing if the user exists
$this->errors[] = MESSAGE_LOGIN_FAILED;
} else if (($result_row->user_failed_logins >= 3) && ($result_row->user_last_failed_login > (time() - 30))) {
$this->errors[] = MESSAGE_PASSWORD_WRONG_3_TIMES;
// using PHP 5.5's password_verify() function to check if the provided passwords fits to the hash of that user's password
} else if (! password_verify($user_password, $result_row->user_password_hash)) {
// increment the failed login counter for that user
$sth = $this->db_connection->prepare('UPDATE users '
. 'SET user_failed_logins = user_failed_logins+1, user_last_failed_login = :user_last_failed_login '
. 'WHERE user_name = :user_name OR user_email = :user_name');
$sth->execute(array(':user_name' => $user_name, ':user_last_failed_login' => time()));
$this->errors[] = MESSAGE_PASSWORD_WRONG;
// has the user activated their account with the verification email
} else if ($result_row->user_active != 1) {
$this->errors[] = MESSAGE_ACCOUNT_NOT_ACTIVATED;
} else {
// write user data into PHP SESSION [a file on your server]
$_SESSION['user_id'] = $result_row->user_id;
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_logged_in'] = 1;
$_SESSION['user_first_name'] = $result_row->user_first_name;
$_SESSION['user_last_name'] = $result_row->user_last_name;
$_SESSION['user_address_line_1'] = $result_row->user_address_line_1;
$_SESSION['permission_1'] = $result_row->permission_1;
$_SESSION['permission_2'] = $result_row->permission_2;
$_SESSION['permission_3'] = $result_row->permission_3;
// declare user id, set the login status to true
$this->user_id = $result_row->user_id;
$this->user_name = $result_row->user_name;
$this->user_email = $result_row->user_email;
$this->user_is_logged_in = true;
現在,當我使用PHP來告訴我,該列有一個1,我得到不正確的數據,雖然使用所有其他數據同樣的方法(第一姓名,電子郵件地址等)的作品perfectly.This是我使用的代碼:我做了什麼
if($_SESSION['permission_1'] = 1){
echo "ADMIN";
} else {
if($_SESSION['permission_2'] = 1){
echo "MANAGEMENT COMPANY";
} else {
if($_SESSION['permission_3'] = 1){
echo "USER";
} else {
echo "You do not currently have any permissions. Please wait for a member of the management team to verify you.";
}
}
}
導致要麼沒有被破壞唯一布爾值會話結束還是報告不準確?
看起來你正在設置permission_admin,permission_lessor等,而不是permission_1,permission_2? – Shravan 2014-09-11 08:57:49
是的,我在這裏改變這些,他們都是perm_admin,出租人等在代碼中,我認爲id改變了他們所有,它不是.. – user3805867 2014-09-11 09:03:37
你可以更新代碼以及var_dump($ _ SESSION)顯示什麼? – Shravan 2014-09-11 09:05:08