doujia7094 2018-04-09 14:04
浏览 41
已采纳

SQL / PHP如何在用户配置文件页面上显示唯一的用户信息

I have a PHP page which should display the currently logged in users information like firstname, lastname, etc. The only problem I am having on the page is that it only displays the first user account within the database which happens to be the admin account on any user account I am logged in with on my website which is false as the information on there should be unique for each user.

DATABASE INFO:

PRIMARY KEY: user_id

Database connection code(init.inc.php):

<?php

session_start();

@mysql_connect('localhost', 'root', '');
mysql_select_db('loginsystem');

$path = dirname(__FILE__);

include("user.inc.php");

$_SESSION['uid'] = 1;

?>

My backend code (user.inc.php):

function fetch_users(){
    $result = @mysql_query('SELECT `user_id` AS `id`, `user_uid` AS `username` FROM users');

    $users = array();

    while (($row = mysql_fetch_assoc($result)) !== false){
        $users[] = $row;
    }
    return $users;
}

//fetches profile info for the given user
function fetch_user_info($uid){
    $uid = (int)$uid;

    $sql = "SELECT `user_uid` AS `username`, `user_first` AS `firstname`, `user_last` AS `lastname`, `user_email` AS `email` FROM `users` WHERE `user_id` = {$uid}";

    $result = mysql_query($sql);

    return mysql_fetch_assoc($result);
}
//Updates the current users profile.
function set_profile_info($username, $firstname, $lastname, $email){
    $firstname   = mysql_real_escape_string($firstname);
    $lastname    = mysql_real_escape_string($lastname);
    $email       = mysql_real_escape_string(htmlentities($email));

    $sql = "SELECT `user_first` AS `firstname`, `user_last` AS `lastname`, `user_email` AS `email` FROM `users` WHERE `user_id` = {$uid}";

    mysql_query($sql);
}

Frontend code (edit_profile.php):

<?php

include('init.inc.php');

if (isset($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'])){
    $errors = array();

    if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
        $errors[] = 'The email address you entered is not valid.';
    }
    if(preg_match('#^[a-zA-Z ]+$#i', $_POST['firstname']) === 0){
        $errors[] = 'Your first name must only contain a-z characters only.';
    }
    if(preg_match('#^[a-zA-Z ]+$#i', $_POST['lastname']) === 0){
        $errors[] = 'Your last name must only contain a-z characters only.';
    }

    if (empty($errors)){
        set_profile_info($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
    }
    $user_info = array(
        'username'   => htmlentities($_POST['username']),
        'firstname'  => htmlentities($_POST['firstname']),
        'lastname'   => htmlentities($_POST['lastname']),
        'email'      => htmlentities($_POST['email'])
    );
}else{
    $user_info = fetch_user_info($_SESSION['uid']);
}
?>

<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns=""http://www.w3.org/1999/xhtml>
  <head>
  <title>Edit Your Profile</title>
  <style type="text/css">

    form div {color: white; font-weight: bold; float: left; clear: both; margin: 0px 0px 4px 0px; }
    label {font: 19px/1.5 Arial, Helvetica,sans-serif; color: white; font-weight: bold; float:left; clear:both; margin: 0px 0px 4px 0px; }
    input[type="text"], textarea {font: 16px/1.5 Arial, Helvetica,sans-serif; margin-left: 10px; float:left; width: 400px; }
    input[type="submit"] {
    width: 300px;
    -webkit-transition: all .1s;
    background: #333;
    line-height: 50px;
    font-weight: bold;
    color: #e3e3e3;
    border-radius: 6px;
    box-shadow: 0px 0px 2px rgba(0,0,0,.5), 1px 1px 5px rgba(0,0,0,.3);
    cursor: pointer;
    font-weight: bold;
    font: 17px/1.5 Arial, Helvetica,sans-serif;
    float: left;
    position: absolute;
    top: 39%;
    }
    input[type="submit"]:hover {
    background: #e3e3e3;
    color: #333;
    }
  </style>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <link rel="stylesheet" href="./css/style.css">
  </head>
  <body>
        <section id="showcase1">



    <div>
        <?php

        if(isset($errors) === false){
            echo 'Click update to edit your profile';
        }else if(empty($errors)) {
            echo 'Your profile has been updated.';
        }else{
            echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
        }

        ?>
    </div>
    <form action="" method="post">
        <div>
            <label for="username">Username: <?php echo $user_info['username'] ?></label>
        </div>
        <div>
            <label for="firstname">First name:</label>
            <input type="text" name="firstname" id="firstname" value="<?php echo $user_info['firstname'] ?>" />
        </div>
        <div>
            <label for="lastname">Last name:</label>
            <input type="text" name="lastname" id="lastname" value="<?php echo $user_info['lastname'] ?>" />
        </div>
        <div>
            <label for="email">Email:    </label>
            <input type="text" name="email" id="email" value="<?php echo $user_info['email'] ?>" />
        </div>
        <!--<div>
            <label for="password">Password:</label>
            <input type="text" name="password" id="password" value="" />
        </div> -->
        <div>
            <input type="submit" value="Update" />
        </div>
    </form>
   </section>
  </body> 
</html>

UPDATES: login.inc.php code:

<?php

session_start();

if (isset($_POST['submit'])) {

    include 'dbh.inc.php';

    $uid = mysqli_real_escape_string($conn, $_POST['uid']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //Error handlers
    //Check if inputs are empty
    if (empty($uid) || empty($pwd)) {
        header("Location: ../index.php?login=empty");
        exit();
    } else {
        $sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
        $result = mysqli_query($conn, $sql);
        $resultCheck = mysqli_num_rows($result);
        if ($resultCheck < 1) {
            header("Location: ../index.php?login=error");
            exit();
        } else {
            if ($row = mysqli_fetch_assoc($result)) {
                //De-hashing the password
                $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
                if ($hashedPwdCheck == false) {
                    header("Location: ../index.php?login=error");
                    exit();
                } elseif ($hashedPwdCheck == true) {
                    //log in the user here
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_first'] = $row['user_first'];
                    $_SESSION['u_last'] = $row['user_last'];
                    $_SESSION['u_email'] = $row['user_email'];
                    $_SESSION['u_uid'] = $row['user_uid'];

                    header("Location: ../homepage.php");
                    exit();
                }
            }
        }
    }

} else {
    header("Location: ../index.php?login=error");
    exit();
}

The database file the login.inc.php uses:

<?php

$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "loginsystem";

$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
  • 写回答

1条回答 默认 最新

  • dswmmvrg40957 2018-04-09 14:23
    关注

    mysql_* functions are deprecated. try to use at least mysqli_*

    In your script $_SESSION['uid'] = 1; is hard coded into your init.inc.php file. Your need to assign the $_SESSION['uid'] dynamically. In the case of user login, (after user verification) try to grab that user uid according to your code it seems like user_id. Then assign it to your $_SESSION['uid']. It something like 

    $_SESSION['uid'] = $raw['user_id'];

    So now you can use $_SESSION['uid'] to fetch user details to edit em. If you post your login auth php file, may be I can help you more.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测