1. 首页
  2. 问答
  3. 抓取当前用户标识-php class

抓取当前用户标识-php class

2009-10-13 48 views
0

我正在建设一个小型工作应用程序网站,我使用从Nettuts.com教程中获取的登录系统的基础。 登录工作正常,但我无法获取当前登录的用户的详细信息,例如,如果用户输入他们的个人详细信息,我可以将数据处理到数据库,但它不链接到哪个用户!抓取当前用户标识-php class

我希望将id放入名为$ userID的变量中。

我需要一种方法来识别用户当前登录,所以我可以更新我的插入语句,如... 'UPDATE cv其中userID = $ userID'。

class Mysql { 
private $conn; 

function __construct() { 
    $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
        die('There was a problem connecting to the database.'); 
} 

function verify_Username_and_Pass($un, $pwd) { 

    $query = "SELECT * 
      FROM users 
      WHERE username = ? AND password = ? 
      LIMIT 1"; 

    if($stmt = $this->conn->prepare($query)) { 
     $stmt->bind_param('ss', $un, $pwd); 
     $stmt->execute(); 

     if($stmt->fetch()) { 
     $stmt->close(); 
     return true; 

     } 
    }  
}

}

类成员{

function validate_user($un, $pwd) { 
    $mysql = New Mysql(); 
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); 

    // if above = true 
    if($ensure_credentials) { 
     $_SESSION['status'] = 'authorized'; 
     $_SESSION['username'] = $un; 
     $_SESSION['password'] = $pwd; 
     header("location: ../myIWC.php"); 
    } else return "Please enter a correct username and password"; 

} 

function log_User_Out() { 
    if(isset($_SESSION['status'])) { 
     unset($_SESSION['status']); 
     unset($_SESSION['username']); 
     unset($_SESSION['password']); 
     if(isset($_COOKIE[session_name()])) 
      setcookie(session_name(), '', time() - 1000); 
      session_destroy(); 
    } 
} 

function confirm_Member() { 
    session_start(); 
    if($_SESSION['status'] !='authorized') header("location: ../login.php"); 
} 


$currentUN = $_SESSION['username']; 
$currentPWD = $_SESSION['password']; 

$mysql = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a  problem connecting to the database'); 
$stmt = $mysql->prepare('SELECT id FROM users WHERE username = ? AND password = ? LIMIT 1'); 
$stmt->bind_param('ss',$currentUN, $currentPWD); 
$stmt->execute(); 
$stmt->bind_result($currentID); 
}

来源

2009-10-13 Aaron Bentley

回答

0

重写你的verify_Username_and_Pass功能,所以它返回用户数据的阵列,或者写一个新的函数,得到它的思考。 然后在你的validate_user功能,这个数据保存到会话:

$_SESSION['user_data'] = $user_data; // got from database

来源

2009-10-13 14:31:04

+0

THX的答复队友,我在莫有点OOP小白,我如何做到这一点? – 2009-10-13 14:36:19

0

嗯,我会说,在本教程中给出的代码是不是一个很好的例子。数据库类应该就是这样,只处理数据库函数,它不应该有真正的用户函数(verify_Username_and_Pass)。另外从安全角度来看,我强烈建议不要在会话中存储未加密的密码。

但是,我很欣赏你所提供的代码片段可能是更广泛的实现的一部分,因此你将无法充分利用它。正如下面的代码将在你的上下文中工作。

在用户类 
class Mysql { 
private $conn; 

function __construct() { 
     $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
            die('There was a problem connecting to the database.'); 
} 

function verify_Username_and_Pass($un, $pwd) { 

     $query = "SELECT id 
         FROM users 
         WHERE username = ? AND password = ? 
         LIMIT 1"; 

     if($stmt = $this->conn->prepare($query)) { 
       $stmt->bind_param('ss', $un, $pwd); 
       $stmt->execute(); 
       $stmt->bind_result($id); 

       if($stmt->fetch()) { 
       $stmt->close(); 
       return $id; 

       } else { 
        return false; 
       } 
     }    
}

然后

if($ensure_credentials !== false) { 
       $_SESSION['id'] = $ensure_credentials; 
       $_SESSION['status'] = 'authorized'; 
       $_SESSION['username'] = $un; 
       $_SESSION['password'] = $pwd; 
       header("location: ../myIWC.php"); 
     } else return "Please enter a correct username and password";

来源

2009-11-02 13:22:33 RMcLeod

相关问题

 相关问题