0
例如,目前我能够在登录后回显用户名会话。我希望能够根据用户的身份回显其他会话,例如“公司”登录。该信息也位于members表中。我想在登录文件中添加另一个会话
<?php
//include config
require_once('includes/config.php');
//check if already logged in move to home page
if($user->is_logged_in()){ header('Location: dashboard.php'); }
//process login form if submitted
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: dashboard.php');
exit;
} else {
$error[] = 'Wrong username or password or your account has not been activated.';
}
}//end if submit
//define page title
$title = 'Login';
//include header template
require('layout/header.php');
?>
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<form role="form" method="post" action="" autocomplete="off">
<h2>Please Login</h2>
<p class="message">Not registered? <a href="signup.php">Create an account</a></p>
<hr>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p class="bg-danger">'.$error.'</p>';
}
}
if(isset($_GET['action'])){
//check the action
switch ($_GET['action']) {
case 'active':
echo "<h2 class='bg-success'>Your account is now active you may now log in.</h2>";
break;
case 'reset':
echo "<h2 class='bg-success'>Please check your inbox for a reset link.</h2>";
break;
case 'resetAccount':
echo "<h2 class='bg-success'>Password changed, you may now login.</h2>";
break;
}
}
?>
<div class="form-group">
<input type="text" name="username" id="username" class="form-control input-lg" placeholder="User Name" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="1">
</div>
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password" tabindex="3">
</div>
<div class="row">
<div class="col-xs-9 col-sm-9 col-md-9">
<a href='reset.php'>Forgot your Password?</a>
</div>
</div>
<hr>
<div class="row">
<div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Login" class="btn btn-primary btn-block btn-lg" tabindex="5"></div>
</div>
</form>
</div>
</div>
</div>
<?php
//include header template
require('layout/footer.php');
?>
我建议分配会话的用户ID和那么您可以从用户标识中获取所有信息以回显其他信息。 – Option
你意识到这个代码完全不安全,不适合在实时环境中使用。如果你想保持你的数据安全和数据库完好无损,请使用准备好的语句和'password_hash()/ password_verify()'。 –
@ Fred-ii-你看到我不喜欢的东西吗?据我们所知,'$ user-> login()'方法可能包含预处理语句和password_hash()。可能不会,但它可以。回声'$ _POST'变量,但不过滤它们,这只是乞求XSS攻击+没有CSRF保护。 –