时间戳

首页 > 解决方案 > 知道登录用户的用户标识

php - 知道登录用户的用户标识

问题描述

各位早上好,我有个问题。我创建了一个登录页面并将其与另一个页面连接起来。该页面就像一个发送好友请求系统。我希望发件人能够查看他们自己的个人资料,但不能向他们自己的 ID 发送好​​友请求。如何隐藏登录用户的详细信息?如何获取登录用户的ID?我希望有人能帮助我。非常感谢。

登录页面:

<?php
session_start(); 
$mysqli=new MySQLi('127.0.0.1','root','','accounts');

if(isset($_POST['login'])) {
    $username =$mysqli->real_escape_string($_POST['username']);
    $pass = md5($_POST['pass']);
    $sql="SELECT * id FROM users WHERE username='$username' AND pass='$pass' LIMIT 1;";
    $result = mysqli_query($mysqli,$sql);

    if(mysqli_num_rows($result)>0)
        $row = mysqli_fetch_array($result);{

        $_SESSION['loggedIn'] = true;
        $_SESSION['uid'] = $result['id'];
        $result['id']= trim($row["id"]);
        header ("Location:Home.php");
        exit;
    }
}
?>

主页:

<?php

session_start();
$_SESSION['uid'];
$db = new PDO('mysql:host=127.0.0.1;dbname=accounts','root','');
require 'class/friends.php';

$query = $db->prepare("SELECT * FROM users");
$query->execute();
if($query->rowCount()>0)
{
    while($fetch = $query->fetch(PDO::FETCH_ASSOC)) {
        $id = $fetch['id'];
        $username = $fetch['username'];
        $profile = $fetch['profile'];
        $email = $fetch['email'];
?>

    <form method="post"><table>
        <tr class="border_bottom">

            <td height="230">
                <img src='<?php echo $profile;?>'width="200" height="200"/>&nbsp;
            </td>
            <td><td></td></td>
            <td><?php echo $username;?><br />
                <?php echo $email;?>
            </td>
<?php 
    if($id != $_SESSION['uid']) {
        if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereRequestPending')== 1){
?>
                <td><button class="request_pending" disabled>Request Pending</button></td>
<?php
    } else {
        if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereFriendShip')== 0) {
?>
                <td><button class='friendBtn_add' data-uid='<?php echo $id;?>' data-type='addfriend'>Ad as friend</button></td>
                <td> <button class="request_pending hidden" disabled>Request Pending</button></td>
<?php
        }else{
?>
                <td> <button class='friendBtn unfriend' data-uid='<?php echo $id;?>' data-type="unfriend">Unfriend</button></td>
                <td> <button class='friendBtn_add hidden' data-uid=<?php echo $id;?> data-type='addfriend'>Ad as friend</button></td>
                <td>   <button class="request_pending hidden" disabled>Request Pending</button></td>
               </td >
            </tr>
        </table>
    </form>
<?php
        }
    }

}else{

}
?>
         </div>
        </div>
        <?php
    }
}
?>
</div>
</table>

标签: phphtmlmysqlmysqli

解决方案

Your login file seems a little big jumbled, but I will try to decipher your errors. From Progrock, the MySQLi query is wrong. You want it to look like: SELECT * FROM users WHERE username='$username' AND pass='$pass' LIMIT 1 RiggsFolly helped me notice a little error with a if statement as well. It should look like this:

if(mysqli_num_rows($result)>0) {
    $row = mysqli_fetch_array($result);

    $_SESSION['loggedIn'] = true;
    $_SESSION['uid'] = $row['id'];
    $result['id']= trim($row["id"]);
    header ("Location:Home.php");
    exit;
}

You had the curly bracket in the wrong column and you used the $result variable instead of the $row variable.

Apart from that, I would strongly recommend RiggsFolly's advice, as your code is very susceptible to lots of attacks and is not written very securely.

推荐阅读