drap5081683 2016-02-01 09:44
浏览 30

无法从MySQL(php)获取数据(重新编辑)

I have realized why i can't actually access userdata (after i am logged) old way to find the username is $_SESSION['username']; (assuming there is a row as 'username' in MySQL database)

So as i have a test account as "good25" (reason to choose numbers was to see if Alphanumeric inputs works fine.. its just checkup by me.. nevermind)

Problem : assuming, i have rows in a table as 'username' and all of his information.. such as 'password', 'email', 'joindate', 'type' ...

On net i found out how to snatch out username from Session <?php session_start(); $_SESSION('username'); ?>

successful!!

i had an idea to check if session is actually registering or no?? after a log on start.php i used this code if(isset($_SESSION['username'])) { print_r($_SESSION['username']); }

the result was "1" (while i logged in using this username "good25") any suggestions?

index.php (lets say, index.php just holds registration + Login form + registration script.. in login form, action='condb.php')

<?php 
require 'condb.php';

if (isset($_POST['btn-signup']))
{
    //FetchInputs
    $usern = mysqli_real_escape_string($connection,$_POST['username']);
    $email = mysqli_real_escape_string($connection,$_POST['email']);
    $password = mysqli_real_escape_string($connection,$_POST['password']);
    $repassword = mysqli_real_escape_string($connection,$_POST['repassword']);

    $usern = trim($usern);
    $email = trim($email);
    $password = trim($password);
    $repassword = trim($repassword);

    //SearchUser
    $searchusr = "SELECT username FROM $user_table WHERE username='$usern'";
    $usersearched = mysqli_query($connection, $searchusr);
    $countuser = mysqli_num_rows($usersearched);
    //SearchEmail
    $searcheml = "SELECT email FROM $user_table WHERE email='$email'";
    $emlsearched = mysqli_query($connection, $searcheml);
    $counteml = mysqli_num_rows($emlsearched);

    //RegisteringUser
    if ($countuser == 0)
    {
        if ($counteml == 0)
        {
            $ctime = time();
            $cday = date("Y-m-d",$ctime);
            $aCode = uniqid();
            $adduser = "INSERT INTO $user_table(username, email, password, realname, activationcode, verified, joindate, type, points) VALUES ('$usern','$email','$password','$name','$aCode','n','$cday','Free',$signPoints)";
            if (mysqli_query($connection, $adduser))
            {
                ?><script>alert('You have been registered');</script><?php
            }
            else {
                ?><script>alert('Couldnt Register, please contact Admin<br><?mysqli_error($connection);?>');</script><?php
            }
        } else {
            ?><script>alert('Email already exists!');</script><?php
        }
    } else {
        ?><script>alert('Username already exists!');</script><?php
    }
}
?>

condb.php

    $connection = mysqli_connect($db_server, $db_user, $db_pass);
mysqli_select_db($connection, $db_name);
if(!$connection) {
    die ("Connection Failed: " . mysqli_connect_error);
}

if (isset($_POST['btn-login']))
{
    $uname = mysqli_real_escape_string($connection,$_POST['uname']);
    $upass = mysqli_real_escape_string($connection,$_POST['upass']);

    //FindUser
    $finduser = "SELECT * FROM $user_table WHERE username='$uname' AND password='$upass'";
    $findinguser = mysqli_query($connection,$finduser);

    $founduser = mysqli_num_rows($findinguser);
    //ConfirmPassword
    if ($founduser > 0)
    {
        session_start();
        $_SESSION['username'] = $username;
        $_SESSION['username'] = true;
        if ($findinguser != false)
        {
            while ($fetchD = mysqli_fetch_array($findinguser, MYSQLI_ASSOC))
            {
                $fetchD['username'] = $usernn;
                $fetchD['email'] = $email;
                $fetchD['userid'] = $uid;
                $fetchD['realname'] = $rlnm;
                $fetchD['points'] = $pts;
                $fetchD['type'] = $membertype ;
            }
            header("Location: start.php");
        } else {
            echo mysqli_error();
        }
    } else {
        header("Location: index.php");
        ?><script>alert('Wrong details, please fill in correct password and email');</script><?php
    }
}

I am not asking you to build a script.. just little help please? (Thank you so so so so so much, as i am a self-learner, you don't have to say everything.. just a clue is enough for me)

  • 写回答

3条回答 默认 最新

  • dpruwm6206 2016-02-01 10:00
    关注

    may be you can try this code

    <?php
    require_once 'require.inc.php';
    //session_start();

    if (isset($_POST['btn-login']))
    {
        $uname = mysqli_real_escape_string($_POST['uname']);
        $upass = mysqli_real_escape_string($_POST['upass']);

        $search = mysqli_query($connection, "SELECT username, userid, password from $user_table WHERE username='$uname' AND password='$upass'");
        $match = mysqli_fetch_assoc($search);
        if ($match == 1 and $match['password'] == md5($upass))
        {
            $_SESSION['username'] = $match['userid'];
        } else {
            ?>
            <script>alert('Password or E-mail is wrong. If you havent registered, Please Register');</script>
            <?php
        }
    }
    if (isset($_SESSION['username']) or isset($match['userid'])){
    header("Location:start.php");
    }
    if (isset($_POST['btn-signup']))
    {
        $name = mysqli_real_escape_string($_POST['name']);
        $usern = mysqli_real_escape_string($_POST['username']);
        $email = mysqli_real_escape_string($_POST['email']);
        $password = mysqli_real_escape_string($_POST['password']);
        $repassword = mysqli_real_escape_string($_POST['repassword']);

        $name = trim($name);
        $usern = trim($usern);
        $email = trim($email);
        $password = trim($password);
        $repassword = trim($repassword);

        $query = "SELECT email FROM $user_table WHERE email='$email'";
        $result = mysqli_query($connection, $query);
        $count = mysqli_num_rows($result);

        $querytwo = "SELECT username FROM $user_table WHERE username='$usern'";
        $resulttwo = mysqli_query($connection, $querytwo);
        $counttwo = mysqli_num_rows($resulttwo);


        if ($count == 0 AND $counttwo == 0) 
        {
            if ($password == $repassword) {
                if (mysqli_query($connection, "INSERT INTO $user_table(username, email, password, realname) VALUES ('$usern','$email','$password','$name')"))
                {
                    ?>
                    <script> alert ('Successfully registered'); </script>
                    <?php
                }
            }else {
                ?>
                <script> alert ('The Password you entered, doesnt match.. Please fill in the same password'); </script>
                <?php
            }
        }
        else {
            ?>
            <script> alert('Username or E-mail already exist'); </script>
            <?php
        }
    }
?>

    and this is for require.inc.php

    <?php
    global $username;
    //require 'dconn.php';
    session_start();

    $_SESSION["username"] = $username;

    $connection = mysqli_connect("localhost","root","", "test") or die(mysqli_error());


    // Check Login
    if (isset($_SESSION['username']) and isset ($match['userid']))
    {
    $Selection = "SELECT * FROM $user_table WHERE username='$username'";
    $selectQuery = mysqli_query($connection, $Selection);

        if ($selectQuery != false)
        {
            while ($fetchD = mysqli_fetch_assoc($selectQuery))
            {
                $usernn = $fetchD['username'];
                $email = $fetchD['email'];
                $uid = $fetchD['userid'];
            }
        } else {
            echo mysqli_error();
        }

    }
?>
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。