在我的登錄頁面中,我只使用電話號碼和密碼字段進行登錄,此後,我正在使用電話號碼創建和存儲會話。如何在創建會話時獲取兩個字段?
insted的,我想呼應用戶名當前登錄到顯示在我的情況下,當前用戶becasue我目前只能夠顯示電話號碼登錄的用戶的。我怎麼做?
這裏是我的登錄腳本
<?php
// Starting Session
session_start();
include "../script.php";
$error=''; // Variable To Store Error Message
if (isset($_POST['signin'])) {
if (empty($_POST['signinphone']) || empty($_POST['signpassword'])) {
$error = "Phone or Password is invalid";
}
else
{
// Define $username and $password
$phone=$_POST['signinphone'];
$password=$_POST['signpassword'];
// To protect MySQL injection for Security purpose
$phone = stripslashes($phone);
$password = stripslashes($password);
$phone = pg_escape_string($db, $phone); // Set email variable
$password = pg_escape_string($db, $password); // Set hash variable
$pass_crypted = password_hash($password);
// SQL query to fetch information of registerd users and finds user match.
$sql="SELECT usr_id, usr_email, usr_first_name, usr_last_name,
usr_encrypted_password,
usr_salt, usr_stos_id, usr_pers_id, usr_username, usr_updated_at,
usr_created_at, usr_enabled, usr_role_id, usr_jbrn_id,
usr_mobile_number,
stp_acc_id, usr_location, usr_mobile_imei, usr_type
FROM js_core.stp_users
where usr_mobile_number='$phone'
AND usr_encrypted_password='$password'";
$result=pg_query($db, $sql);
$rows = pg_num_rows($result);
if ($rows == 1) {
$_SESSION['phone']=$phone; // Initializing Session
$_SESSION['username'] = pg_fetch_object($result)->usr_last_name;
header("location: ../index.php");
} else {
//echo "0 results";
echo "Try Again the credentials you entered don't much ours";
}
; // Closing Connection
}
}
?>
,這裏是我的示例代碼,我想以顯示電話
<li>
<?php
if(isset($_SESSION['username'])) {
echo '<li><a href="#">'. $_SESSION["username"] . '</a></li>';
echo '<li>
<a href="config/logout.php" id="logout">Log Out</a></li>';
} else {
echo '<a class="signing" href="#login" data-toggle="modal" data-target="#signIn">Login </a>';
}
?>
</li>
將會話數組分配給發佈數組。另外,我希望你不會與此相處。 MD5不再安全。 –
@ Fred-ii-我該怎麼做? – john
您正在從查詢中獲取所有用戶信息,因此只需保存會話所需的位。例如,在'if($ rows == 1){'add:'$ _SESSION ['username'] = pg_fetch_object($ result) - > usr_username;' – Steve