drti52047 2014-12-07 15:29
浏览 17
已采纳

在所有页面中保持登录会话

I'm beginner on PHP. I coded a basic number guess script. Now I want to implement user register and login features. I'm following this tutorial.

I have base.php make database connection:

<?php
session_start();

$dbhost = "localhost"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "users"; // the name of the database that you are going to use for this project
$dbuser = "xxx"; // the username that you created, or were given, to access your database
$dbpass = "xxx"; // the password that you created, or were given, to access your database

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>

I call this file in login.php user can login in here or go to register form. After he logged in, play game button appers.

<?php include "base.php"; ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
     ?>

     <h1>Member Area</h1>
     <p>Thanks for logging in! You are <code><?=$_SESSION['Username']?></code> and your email address is <code><?=$_SESSION['EmailAddress']?></code>.</p>

 <form name = "mysecondform" action  = "level1.php" method = "POST">
        <input type="hidden" name="seconddata" value="1">
        <br> <input type= "submit" value = "Start calculator game"><br>
<p> Click <a href="logout.php">here</a> to logout</p>

     <?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));

    $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

    if(mysql_num_rows($checklogin) == 1)
    {
        $row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];

        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['LoggedIn'] = 1;

        echo "<h1>Success</h1>";
        echo "<form name = \"mysecondform\" action  = \"level1.php\" method = \"POST\">";
        echo " <input type=\"hidden\" name=\"seconddata\" value=\"1\">";
        echo "<br> <input type= \"submit\" value = \"Start calculator game\">";

    }
    else
    {
        echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>";
    }
}
else
{
    //some codes about registration
}
?>

</div>
</body>
</html>

So, level1.php checks if the value is correct (well I should do this with user login session but i can't do it yet)

<?php
if ($_POST["seconddata"] == "1"){

echo "<html><head><title>Calculator Game From 1998</title></head><body>";
echo "<h1>Please Guess The Answer-Level1</h1>";
echo "<form name = \"myfirstform\" action  = \"formprocess.php\" method = \"POST\">";
echo "Enter Integer Between 1-3<br>";
echo "<input type = \"text\" name = \"firstdata\">";
echo "<br> <input type= \"submit\" value = \"submit\">";
echo "</form>";
echo "</body></html>";
}
else
echo "Please <a href='login.php'>login</a>"
?>

It sends user input to formprocess.php file in order to check if the answer is correct. If it's correct, player can go to second level.

<?php include "base.php"; ?>
<?php
/*
session_start();
if (!isset($_SESSION['wins']) || !isset($_SESSION['losses'])) {
    $_SESSION['wins'] = 0;
    $_SESSION['losses'] = 0;
}
*/
$random = rand(1, 3);

echo "<html><head><title>Answer-Level1</title></head><body>";
if ($_POST["firstdata"] == $random){
$_SESSION['wins']++; 
mysql_query("UPDATE users SET win= win + 1 WHERE Username = '".$username."'");
 echo "<h1><font color=\"green\">Congrulations!</h1></font><br>";
echo "<img src='http://icons.iconarchive.com/icons/custom-icon-design/flatastic-2/512/success-icon.png' width='100' height='100'></img>";
 echo "<h2>Answer was: </h2>";

  echo $random;
echo "<br>";
//echo "<p>You've won {$_SESSION['wins']} games and lost {$_SESSION['losses']}.</p>";
echo "<br>";  
echo "<form name = \"mysecondform\" action  = \"level2.php\" method = \"POST\">";
echo " <input type=\"hidden\" name=\"seconddata\" value=\"1\">";
echo "<br> <input type= \"submit\" value = \"Go to Level2\">";
$win++;
}
else{
$_SESSION['losses']++;
mysql_query("UPDATE users SET lost= lost + 1 WHERE Username = '".$username."'");
echo "<h1><font color=\"red\">Nope wrong answer</h1></font><br>";
echo "<img src='http://www.clker.com/cliparts/D/Y/s/v/C/m/wrong-hi.png' width='100' height='100'></img>";
 echo "<h2>Answer was: </h2>";
  echo $random;
echo "<br>";
//echo "<p>You've won {$_SESSION['wins']} games and lost {$_SESSION['losses']}.</p>";
echo "<br>";  
echo "<a href=\"level1.php\">try again</a>";

}  
echo "</body></html>";
?>

(I commented out session codes. It's old version, I have to keep win,lost track on database) Well the problem is 

mysql_query("UPDATE users SET win= win + 1 WHERE Username = '".$username."'");

this query doesn't change the value. I changed .$username. with specific username it works. So how can I keep login session on this page (on every pages)

Sorry for long post.

  • 写回答

1条回答 默认 最新

  • dsfg3241 2014-12-07 16:06
    关注

    You are using an undefined variable - $username. What you should use is: $_SESSION['username']

    Replace

    mysql_query("UPDATE users SET win= win + 1 WHERE Username = '".$username."'");

    With 

    mysql_query("UPDATE users SET win= win + 1 WHERE Username = '".mysql_escape_string($_SESSION['username'])."'");

    mysql_escape_string is used to escape any character that conflicts with the mysql syntax and is used for security reasons. Read more about it here: PHP: mysql_escape_string - Manual

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#python#的问题,请各位专家解答!
  • ¥15 对于这个问题的解释说明
  • ¥200 询问:python实现大地主题正反算的程序设计,有偿
  • ¥15 smptlib使用465端口发送邮件失败
  • ¥200 总是报错,能帮助用python实现程序实现高斯正反算吗?有偿
  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败
  • ¥20 java在应用程序里获取不到扬声器设备