php - 知道登录用户的用户标识
问题描述
各位早上好,我有个问题。我创建了一个登录页面并将其与另一个页面连接起来。该页面就像一个发送好友请求系统。我希望发件人能够查看他们自己的个人资料,但不能向他们自己的 ID 发送好友请求。如何隐藏登录用户的详细信息?如何获取登录用户的ID?我希望有人能帮助我。非常感谢。
登录页面:
<?php
session_start();
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username =$mysqli->real_escape_string($_POST['username']);
$pass = md5($_POST['pass']);
$sql="SELECT * id FROM users WHERE username='$username' AND pass='$pass' LIMIT 1;";
$result = mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0)
$row = mysqli_fetch_array($result);{
$_SESSION['loggedIn'] = true;
$_SESSION['uid'] = $result['id'];
$result['id']= trim($row["id"]);
header ("Location:Home.php");
exit;
}
}
?>
主页:
<?php
session_start();
$_SESSION['uid'];
$db = new PDO('mysql:host=127.0.0.1;dbname=accounts','root','');
require 'class/friends.php';
$query = $db->prepare("SELECT * FROM users");
$query->execute();
if($query->rowCount()>0)
{
while($fetch = $query->fetch(PDO::FETCH_ASSOC)) {
$id = $fetch['id'];
$username = $fetch['username'];
$profile = $fetch['profile'];
$email = $fetch['email'];
?>
<form method="post"><table>
<tr class="border_bottom">
<td height="230">
<img src='<?php echo $profile;?>'width="200" height="200"/>
</td>
<td><td></td></td>
<td><?php echo $username;?><br />
<?php echo $email;?>
</td>
<?php
if($id != $_SESSION['uid']) {
if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereRequestPending')== 1){
?>
<td><button class="request_pending" disabled>Request Pending</button></td>
<?php
} else {
if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereFriendShip')== 0) {
?>
<td><button class='friendBtn_add' data-uid='<?php echo $id;?>' data-type='addfriend'>Ad as friend</button></td>
<td> <button class="request_pending hidden" disabled>Request Pending</button></td>
<?php
}else{
?>
<td> <button class='friendBtn unfriend' data-uid='<?php echo $id;?>' data-type="unfriend">Unfriend</button></td>
<td> <button class='friendBtn_add hidden' data-uid=<?php echo $id;?> data-type='addfriend'>Ad as friend</button></td>
<td> <button class="request_pending hidden" disabled>Request Pending</button></td>
</td >
</tr>
</table>
</form>
<?php
}
}
}else{
}
?>
</div>
</div>
<?php
}
}
?>
</div>
</table>
解决方案
Your login file seems a little big jumbled, but I will try to decipher your errors. From Progrock, the MySQLi query is wrong. You want it to look like: SELECT * FROM users WHERE username='$username' AND pass='$pass' LIMIT 1
RiggsFolly helped me notice a little error with a if statement as well. It should look like this:
if(mysqli_num_rows($result)>0) {
$row = mysqli_fetch_array($result);
$_SESSION['loggedIn'] = true;
$_SESSION['uid'] = $row['id'];
$result['id']= trim($row["id"]);
header ("Location:Home.php");
exit;
}
You had the curly bracket in the wrong column and you used the $result
variable instead of the $row
variable.
Apart from that, I would strongly recommend RiggsFolly's advice, as your code is very susceptible to lots of attacks and is not written very securely.
推荐阅读
- android - 如何在第二台设备上恢复购买(INAPP 和 SUBS)
- templates - 在 Ansible 模板中保留 YAML 列表结构
- android-studio - 当我按下运行按钮时,Android Studio 显示错误
- angular - 打印对话框后角度弹性布局停止工作
- r - 使用 R 的逻辑运算符(和或运算符)
- java - 在 for 循环运行时做事
- javascript - 使用 Chrome 扩展读取 WEB 页面变量?
- tensorflow - PyCharm中的TensorFlow值错误:无法找到可以处理输入的数据适配器
- sapui5 - 使用 npm 安装 OpenUI5 工具失败
- rust-cargo - 注意:/usr/bin/ld: 找不到 -lpq Rust