dongyulan6251 2013-03-21 16:28
浏览 15

如何使用php显示用户在下一页上输入的用户名

I have on my home page two input boxes one for the user name and one for the password. I have a php file which will check my database to check these credentials and either allow or deny acces. When the user gains access i want to display on my screen, Logged in as:...."the user name entered on home page to login"....

here is my code which checks my database to allow or deny access.

<?php

$host="localhost"; // Host name 
$username="********"; // Mysql username 
$password="********"; // Mysql password 
$db_name="db?K1012904"; // Database name 
$tbl_name="AdminUser"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password"; 
}
?>

Here is where the user will enter credentials 

 <form name="form1" class="navbar-form pull-right" method="post" action="checklogin.php">
          <input name="myusername"  type="text"  id="myusername" placeholder="Email">
          <input name="mypassword" id="mypassword" class="span2" type="text" placeholder="Password">
          <button type="submit" name="submit"class="btn">Sign in</button>
        </form>

and here is where i am trying to display the username

        <p class="navbar-text pull-right">
    Logged in as: <?php echo $myusername ?> </p>

my problem is that i cant seem to display the username entered by the user, any ideas on how i can get this working?

  • 写回答

5条回答 默认 最新

  • duanjian3920 2013-03-21 16:33
    关注

    You have usernames stored in the database, just store a user_id in the session:

    $_SESSION['user_id'] = // whatever the logged in user's id ends up being.

    Then, on any subsequent pages, pull that user_id, and run a select on the database to find other client information. The database should be your canonical source of user data, not the $_SESSION, apart from an "is-logged-in" database id identifier, otherwise it leads to problems down the line.

    As an aside, you want to be looking into stored procedures and PDO bound queries to secure your life, because mysql_query is old-school & deprecated. Similarly, stripslashes() is a bad sign. Oh, and you're using plaintext passwords.

    So, overall, ask yourself whether you really want to write your own login security system and revisit all the standard problems that everyone has with security when they do so? Instead, look into an open source authentication project's solution to this repeatedly solved problem. Here is a search for php authentication on github with 867 results to start with instead of rolling your own, which is not recommended for the security-inexperienced.

    See also: http://pear.php.net/packages.php?catpid=1 Pear Auth classes https://github.com/Kausheel/Authentication Github Auth Repository to crib from

    评论

报告相同问题?

悬赏问题

  • ¥15 微信会员卡接入微信支付商户号收款
  • ¥15 如何获取烟草零售终端数据
  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?