在会话的每个页面上回显用户名的最佳方法? [英] Best way to echo a username on every page with sessions?

问题描述

我已经知道如何制作一个有效的注册表单和一个登录表单.我还有一个测验，当用户登录时将分数发布到数据库.现在我想弄清楚如何捕获已登录用户的用户名并使其在我网站的其他页面上可用.

从讨论来看@How do I echo username in使用 PHP 的个人资料页面? 看起来我应该在每个部分的第一页中编写一个简单的数据库查询.但是有没有更有效的方法?

举例来说，我的注册和登录表单位于 mysite/admin，而我的测试位于 mysite/test.

这是我登录页面的代码:

<?php if( !isset( $_SESSION['user_id'] ) ): ?><h2>在此登录</h2><form action="/admin/login/login-submit.php" method="post"><字段集><label for="username">用户名</label><input type="text" id="username" name="username" value="" maxlength="20"/><br><label for="password">密码</label><input type="text" id="password" name="password" value="" maxlength="20"/><br><input type="submit" value="→登录"/></fieldset></表单>

这是来自 login-submit.php 的代码:

if(isset( $_SESSION['user_id'] )){$message = '用户已经登录';}/*** 检查用户名和密码是否都已提交 ***/if(!isset( $_POST['用户名'])){$message = '请输入有效的用户名和密码';}/*** 检查用户名是否只有字母数字字符 ***/elseif (ctype_alnum($_POST['username']) != true){/*** 如果没有匹配 ***/$message = "用户名必须是字母数字";}/*** 检查密码是否只有字母数字字符 ***/elseif (ctype_alnum($_POST['password']) != true){/*** 如果没有匹配 ***/$message = "密码必须是字母数字";}别的{/*** 如果我们在这里数据是有效的，我们可以将其插入数据库 ***/$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);/*** 现在我们可以加密密码了 ***/$password = sha1( $password );//$phpro_password = sha1( $phpro_password );//数据库连接尝试{$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);/*** $message = 一条消息说我们已连接 ***//*** 将错误模式设置为异常 ***/$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);/*** 准备选择语句 ***/$stmt = $dbh->prepare("SELECT user_id, username, password FROM g1_membersWHERE username = :username AND password = :password");/***绑定参数***/$stmt->bindParam(':username', $username, PDO::PARAM_STR);$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);/* 执行准备好的语句 ***/$stmt->execute();/*** 检查结果 ***/$user_id = $stmt->fetchColumn();/*** 如果没有结果，则失败船 ***/如果($user_id == 假){$message = '登录失败';}/***如果我们有结果，一切都很好***/别的{/*** 设置会话 user_id 变量 ***/$_SESSION['user_id'] = $user_id;/*** 告诉用户我们已登录 ***/$message = '您现在已登录';}}捕获(异常 $e){/*** 如果我们在这里，数据库有问题 ***/$message = '我们无法处理您的请求.请稍后再试.';}}

我添加了这个简单的查询，它在 $Username 中捕获用户的用户名:

$stm = $pdo->prepare("选择用户名FROM g1_membersWHERE user_id = :user_id");$stm->执行(数组('user_id'=>$user_id));while ($row = $stm-> fetch()){$用户名 = $row['用户名'];}

所以我需要在每个部分添加相同的查询 - 例如mysite/topics、mysite/people 等 - 或者有更好的方法吗?

解决方案

运行此代码时:

 $_SESSION['user_id'] = $user_id;

您可以添加用户名作为附加会话变量，例如:

 $_SESSION['username'] = $username;

已在您的代码中设置.

I've figured out how to make a working registration form and a login form. I also have a quiz that publishes scores to a database when a user is logged in. Now I'm trying to figure out how to capture the username of a user who's logged in and make it available on other pages of my site.

Judging from the discussion @ How do I echo username in profile page with PHP? it looks like I should just write a simple database query in the first page of every section. But is there a more efficient way?

To illustrate, my registration and login forms are located at mysite/admin, while my tests are at mysite/test.

Here's the code from my login page:

<?php if( !isset( $_SESSION['user_id'] ) ): ?>
<h2>Login Here</h2>
<form action="/admin/login/login-submit.php" method="post">
<fieldset>
<label for="username">Username</label>
<input type="text" id="username" name="username" value="" maxlength="20" />
<br>
<label for="password">Password</label>
<input type="text" id="password" name="password" value="" maxlength="20" />
<br>
<input type="submit" value="→ Login" />
</fieldset>
</form>

And here's the code from login-submit.php:

if(isset( $_SESSION['user_id'] ))
{
 $message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['username']))
{
 $message = 'Please enter a valid username and password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
 /*** if there is no match ***/
 $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
    /*** if there is no match ***/
    $message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into    database ***/
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

/*** now we can encrypt the password ***/
$password = sha1( $password );
// $phpro_password = sha1( $phpro_password );

// DATABASE CONNECTION

try
{
    $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname",   $mysql_username, $mysql_password);
    /*** $message = a message saying we have connected ***/

    /*** set the error mode to excptions ***/
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    /*** prepare the select statement ***/
    $stmt = $dbh->prepare("SELECT user_id, username, password FROM     g1_members 
                WHERE username = :username AND password = :password");
    /*** bind the parameters ***/
    $stmt->bindParam(':username', $username, PDO::PARAM_STR);
    $stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);

    /*** execute the prepared statement ***/
    $stmt->execute();

    /*** check for a result ***/
    $user_id = $stmt->fetchColumn();

    /*** if we have no result then fail boat ***/
    if($user_id == false)
    {
            $message = 'Login Failed';
    }
    /*** if we do have a result, all is well ***/
    else
    {
            /*** set the session user_id variable ***/
            $_SESSION['user_id'] = $user_id;

            /*** tell the user we are logged in ***/
            $message = 'You are now logged in';
    }


}
catch(Exception $e)
{
    /*** if we are here, something has gone wrong with the database     ***/
    $message = 'We are unable to process your request. Please try again  later.';
 }
}

I added this simple query, which captures a user's username in $Username:

$stm = $pdo->prepare("SELECT username
 FROM g1_members
 WHERE user_id = :user_id");
 $stm->execute(array(
 'user_id'=>$user_id
));

 while ($row = $stm->fetch())
{
 $Username = $row['username'];
}

So do I need to add the same query in every section - e.g. mysite/topics, mysite/people, etc. - or is there a better way of doing it?

解决方案

When you run this code:

 $_SESSION['user_id'] = $user_id;

You can add the user name as an additional session variable, like:

 $_SESSION['username'] = $username;

Which is already set in your code.

这篇关于在会话的每个页面上回显用户名的最佳方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！