1. 首页
  2. 问答
  3. PHP登录脚本和SQL查询总是返回相同的用户ID

PHP登录脚本和SQL查询总是返回相同的用户ID

2012-10-18 31 views
3

我发布了一个问题,寻求帮助来解决我遇到的问题,因为它本地化而被关闭。我现在已经缩小了我的问题。PHP登录脚本和SQL查询总是返回相同的用户ID

我问的原始问题可以看到PHP Login Script Returning Same user id?

我的登录脚本出现问题。一切似乎工作正常,我没有得到任何错误或任何东西。

基本上当我登入user_uid(用户UID)从数据库中检索总是3,由于某种原因,没有得到正确的user_uid,但是所有存储在会话中的其他细节正确。

导致该问题的查询是这样的一个

$stmt = $dbh->prepare(" 
    SELECT 
     * 
    FROM 
     users, users_roles, users_profiles 
    WHERE 
     user_login = :username 
    OR 
     user_email = :email 

    LIMIT 1");

如果我删除users_rolesusers_profiles从SQL查询,并从刚刚用户表它得到正确的只是检索user_uid,必须与我从多个表中检索到的事实有关,并且查询在某处出现混乱。

这里有一个链接我的模式和SQL查询http://sqlfiddle.com/#!2/3cc32/1/0

下面以SqlFiddle是值的数组呼应的,由于某种原因,即使user_uid被假设是作为测试登录时账户phplover,它显示user_uid'3'是表中的第一行,似乎在某处发生冲突。

后进一步测试它似乎从用户得到正确的数据表除了user_uid,但它检索从users_profilesusers_roles在数据库中的第一行中的信息,也许是越来越来自用户的user_uid表正确,但也许查询覆盖它。

我跑的查询是phpMyAdmin,它仍然做同样的事情,肯定与我的SQL查询有关,我该如何修复我的查询,以便它检索到正确的user_uid

Array 
(
    [user_uid] => 3 // should be 6, 3 is the user_uid of the first row in database, seems to just fetch first row :/ 
    [user_status] => 1 
    [user_login] => PhpLover 
    [user_pass] => 5e79a29e6292e7690a6bf56484140114f1374933081d499b8cc5034685950a16668868cd0886d93f9bc634a5649a6037022a5ef62e9b5d13cda24619bbdf610b;507a7ea891f609.84619944 
    [user_email] => [email protected] 
    [user_registered] => 2012-10-14 09:58:16 
    [user_display_name] => 
    [user_failed_logins] => 0 
    [id] => 3 // not sure where this is coming from but should be 6 like user_uid 
    [user_role] => subscriber 
    [user_gender] => 
    [user_url] => 
    [user_msn] => 
    [user_aim] => 
    [user_yim] => 
    [user_twitter] => 
    [user_facebook] => 
)

这里是我的登录脚本,没有必要表现出来,因为我已经缩小的问题记在我的SQL查询,但认为在情况下,它可以帮助人们进一步了解发生了什么事我会张贴。

<?php 
// ob_start() 
ob_start(); 

// Include config.php 
require_once("".$_SERVER['DOCUMENT_ROOT']."/de-admin/config.php"); 

// if user is logged in redirect them to control panel 
// an already logged in user cannot login whilst already logged in! 
alreadyloggedin(); 

// top.inc.php 
require_once($top_inc); 
?> 

<!-- Meta start --> 
<title><?php echo SITE_NAME; ?> - Member Login</title> 
<meta name="description" content="<?php echo SITE_NAME; ?> - Member Login, Sign in" /> 
<meta name="keywords" content="sign up, member, login, signin, account, membership, <?php echo SITE_NAME; ?>" /> 
<!-- Meta end --> 

<?php 
// sidebar.inc.php 
require_once($sidebar_inc); 

// main.inc.php 
require_once($main_inc); 
?> 

<?php 

    if(isset($_POST['username_email'], $_POST['password'], $_POST[BOT_TEST], $_POST['token'])){ 

     // check if form token is valid 
     IsValidFormTokenHash(); 

     // initialize form errors array 
     $error = array(); 

     // fetch form data 
     $username_email = trim($_POST['username_email']); 
     $password  = trim($_POST['password']); 
     $bottest  = $_POST[BOT_TEST]; 

     // validate form data 
     if(empty($username_email)){ 
      $error[] = 'Please enter your username or email address'; 
     } 
     if(empty($password)){ 
      $error[] = 'Please enter your password'; 
     } 
     if(!empty($bottest)){ 
      $error[] = 'Spambot detected, if your human please try again'; 
     } 
     if(!empty($username_email) && !empty($password)){ 
      try{ 

       // connect to database 
       $dbh = sql_con(); 

       // prepare query 
       $stmt = $dbh->prepare(" 
          SELECT 
           * 
          FROM 
           users, users_roles, users_profiles 
          WHERE 
           users.user_login = :username 
          OR 
           users.user_email = :email 
          AND 
           users.user_uid = users_roles.user_uid 
          AND 
           users.user_uid = users_profiles.user_uid 
          LIMIT 1"); 

       // execute query 
       $stmt->execute(array(':username' => $username_email, ':email' => $username_email)); 

       if ($stmt->rowCount() > 0) { 

        $result = $stmt->fetch(PDO::FETCH_ASSOC); 
        echo '<pre>'; 
        print_r($result); 
        echo '</pre>'; 
        $user_db_pass = $result['user_pass']; 

        if(!ValidatePassword($password, $user_db_pass)){ 
         $error[] = 'Invalid Login Details'; 
        } else { 

         $user_status = $result['user_status']; 

         if($user_status == USER_STATUS_VERIFY){ 
          $error[] = 'You must verify your account before you can log in'; 
         }elseif($user_status == USER_STATUS_SUSPENDED){ 
          $error[] = 'This account has been suspended'; 
         }elseif($user_status == USER_STATUS_SPAM){ 
          $error[] = 'This account has been marked as potentially spam'; 
         } else { 

          // user valid 

          // fetch user details and assign there details to there sessions 
          $_SESSION['user_uid']   = $result['user_uid']; 
          $_SESSION['user_status']  = $result['user_status']; 
          $_SESSION['user_login']  = $result['user_login']; 
          $_SESSION['user_email']  = $result['user_email']; 
          $_SESSION['user_registered'] = $result['user_registered']; 
          $_SESSION['user_display_name'] = $result['user_display_name']; 
          $_SESSION['user_role']   = $result['user_role']; 
          $_SESSION['user_gender']  = $result['user_gender']; 
          $_SESSION['user_url']   = $result['user_url']; 
          $_SESSION['user_msn']   = $result['user_msn']; 
          $_SESSION['user_aim']   = $result['user_aim']; 
          $_SESSION['user_yim']   = $result['user_yim']; 
          $_SESSION['user_twitter']  = $result['user_twitter']; 
          $_SESSION['user_facebook']  = $result['user_facebook']; 

          // unset (destroy) form token 
          UnsetFormToken(); 

          // On successful login get URI user was on 
          // so we can redirect them back to URI they was on 
          /*if(isset($_SESSION['redirect_to'])){ 
           // if session redirect_to is found this means 
           // they tried to access a membersarea() 
           // so we get the URI and redirect to the 
           // secure page they tried accessing before logged in 
           $redirect_to = $_SESSION['redirect_to']; 
           // unset the session var 
           unset($_SESSION['redirect_to']); 
           // redirect 
           header("Location: ".SITE_URL."$redirect_to"); 
           exit(); 
          } else { 
           header("Location: /member/control-panel"); 
           exit(); 
          }*/ 

          // now logged in redirect to control panel 
          //header("Location: /member/control-panel"); 
          exit; 
         } 
        } 

       } else { 
        $error[] = 'Incorrect login details'; 
       } 

       // close database connection 
       $dbh = null; 

      } 
      catch (PDOException $e){ 
       ExceptionErrorHandler($e); 
       require_once($footer_inc); 
       exit; 
      } 
     } 

     // If errors found display errors 
     if(!empty($error)){ 
      $SiteErrorMessages = ''; 
      foreach($error as $msg){ 
       $SiteErrorMessages .= "$msg <br />"; 
      } 
     } 
    } 


    // display error messages 
    if(isset($SiteErrorMessages)){ 
     SiteErrorMessages(); 
    } 

    // the below values is to replace placeholders in tpl 
    $TemplateReplacementValues = array(
     'SITE_NAME'   => SITE_NAME, 
     'FORM_TOKEN_HASH' => GenerateFormTokenHash(), 
     'BOT_TEST'   => BotTest() 
    ); 

    // signup.tpl template location 
    $tpl = DOCUMENT_ROOT.'inc/tpl/login.tpl'; 

    // load signup template 
    PageContentTemplate($tpl, $TemplateReplacementValues); 

?> 

<?php 
// footer.inc.php 
require_once($footer_inc); 

// ob_end-flush 
ob_end_flush(); 
?>

来源

2012-10-18 PHPLOVER

+0

因为您的查询返回多行并且因为您限制显示1行...它总是选择'3'。你还没有加入3个表 – WatsMyName

回答

3

改写这个:

FROM users, users_profiles, users_roles

这样:

FROM users 
INNER JOIN users_profiles USING (user_uid) 
INNER JOIN users_roles USING (user_uid)

...否则你的查询会产生一个CROSS JOIN(至少可以说这是非常低效的)。

此时应更换INNER与LEFT OUTER JOIN JOIN这里如果一些users记录可能没有相应的users_profilesusers_roles(这些用户的相应的列值将在返回的行集设置为NULL)的记录。

来源

2012-10-18 09:55:23 raina77ow

+0

嗨,当用户注册和数据输入到用户表中的用户配置文件和用户角色行在users_profiles和users_roles表中创建,所以据我了解INNER JOIN会好吗?感谢phplover – PHPLOVER

0 
$stmt = $dbh->prepare(" 
    SELECT 
     * 
    FROM 
     users, users_roles, users_profiles 
    WHERE 
     (user_login = :username OR user_email = :email) 
     AND users.user_uid = users_roles.user_uid 
     AND users.user_uid = users_profiles.user_uid 

    LIMIT 1");

来源

2012-10-18 09:56:08

0

尝试

SELECT users.*,users_roles.*,users_profiles.* FROM users 
LEFT OUTER JOIN user_roles ON users.user_uid=users_roles.user_uid 
LEFT OUTER JOIN users_profiles ON users.user_uid = users_profiles.user_uid 
WHERE users.user_login = :username OR users.user_email = :email LIMIT 1

来源

2012-10-18 09:58:59 WatsMyName

0

您正在尝试加入2页以上的表,这是它是如何工作的小提琴里面:

SELECT * 
FROM users 
INNER JOIN users_roles ON users.user_uid=users_roles.user_uid 
INNER JOIN users_profiles ON users.user_uid = users_profiles.user_uid 
WHERE (users.user_uid=6) AND (users.user_login='phplover')

来源

2012-10-18 10:08:45 oliverbachmann

0

使用此查询

“SELECT * FROM用户,因为您在u.user_uid = us.user_uid上留下了加入users_roles的用户名留下的加入users_profiles u.user_uid = up.user_uid 其中u.user_login =:用户名或u.user_email =:电子邮件LIMIT 1“

来源

2012-10-18 10:10:07

相关问题

 相关问题