1. 技术文章
  2. SQL database value to variable

SQL database value to variable

ε祈祈猫儿з 提交于 2020-01-07 07:49:21

问题


So, I am kinda new to php and mysql, but I have found a login form and adapted it to my needs as I dont have the knowledge to make one my self yet. I added a firstname and surname column into the database and the register form adds the values into the database fine.

Now I want to be able to display the firstname and surname onto a restricted page, the reason why I need this is because I want it to say: Welcome Jo Blogs. Below is the register form.

<?php

session_start();

if( isset($_SESSION['user_id']) ){
    header("Location: /");
}

require 'database.php';

$message = '';

if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['surname'])):

    // Enter the new user in the database
    $sql = "INSERT INTO users (email, password, firstname, surname) VALUES (:email, :password, :firstname, :surname)";
    $stmt = $conn->prepare($sql);

    $stmt->bindParam(':email', $_POST['email']);
    $stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
    $stmt->bindParam(':firstname', $_POST['firstname']);
    $stmt->bindParam(':surname', $_POST['surname']);

    if( $stmt->execute() ):
        $message = 'Successfully created new user';
    else:
        $message = 'Sorry there must have been an issue creating your account';
    endif;

endif;

?>

<!DOCTYPE html>
<html>
<head>
    <title>Register</title>
    <?php include '../header.php'; ?>
</head>
<body>

    <?php if(!empty($message)): ?>
        <p><?= $message ?></p>
    <?php endif; ?>

    <h1>Register</h1>
    <span>or <a href="login.php">login here</a></span>

    <form action="register.php" method="POST">

        <input type="text" placeholder="Enter your email" name="email">
        <input type="password" placeholder="and password" name="password">
        <input type="password" placeholder="confirm password" name="confirm_password">
        <input type="text" placeholder="Enter your first name" name="firstname">
        <input type="text" placeholder="Enter your surname" name="surname">
        <input type="submit">

    </form>

</body>
</html>

And below here is the login form as im not really sure what you guys need to help me :)

<?php

session_start();

if( isset($_SESSION['user_id']) ){
    header("Location: /");
}

require 'database.php';

if(!empty($_POST['email']) && !empty($_POST['password'])):

    $records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email');
    $records->bindParam(':email', $_POST['email']);
    $records->execute();
    $results = $records->fetch(PDO::FETCH_ASSOC);

    $message = '';

    if(count($results) > 0 && password_verify($_POST['password'], $results['password']) ){

        $_SESSION['user_id'] = $results['id'];
        header("Location: /");

    } else {
        $message = 'Sorry, those credentials do not match';
    }

endif;

?>

<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
    <?php include '../header.php'; ?>
</head>
<body>
    <?php if(!empty($message)): ?>
    <p><?= $message ?></p>
    <?php endif; ?>

    <h1>Login</h1>
    <span>or <a href="register.php">register here</a></span>

    <form action="login.php" method="POST">

        <input type="text" placeholder="Enter your email" name="email">
        <input type="password" placeholder="and password" name="password">
        <input type="submit">

    </form>

</body>
</html>

Also while I am here, I am currently using javascript to redirect to the homepage once you log out as i couldn't find any information on how to do it with php

Restricted.php:

<!DOCTYPE html>
<html>
<head>
    <title>Restricted Area</title>
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css">
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
    <?php
    include '../header.php';
    ?>

</head>
<body>

    <?php
    session_start();

    if(isset($_SESSION['user_id'])) { ?>
        <h1>Restriced Area</h1>

        <h2>You have sucessfully logged in with your credentials</h2>
    <?php
    } else { ?>
        <script type="text/javascript">
        window.location = "login.php";
        </script>
    <?php
    exit;
    }

    ?>


</body>
</html>

Just let me know if you guys need any more information/code.

Thanks.


回答1:


As Qirel suggested...

Restricted.php should resemble this:

<?php
session_start();
if(!isset($_SESSION['user_id'])){
    header("Location: /login.php");  // no need to query
}
require('database.php');  // assumed to declare $conn=new PDO(...);
$loggedin=$conn->prepare('SELECT firstname,surname FROM users WHERE id=?');
$loggedin->execute(array($_SESSION['user_id']));
$results=$loggedin->fetch(PDO::FETCH_ASSOC);
if(!$results || count($results)<1){
    header("Location: /login.php");  // unsuccessful query
}
?>
<!DOCTYPE html>
<html>
<head>
    <title>Restricted Area</title>
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css">
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
    <?php include '../header.php'; ?>
</head>
<body>
    <h1>Restriced Area</h1>
    <h2>You have successfully logged in with your credentials</h2>
    <?php echo "Welcome {$results['firstname']} {$results['surname']}"; ?>
</body>
</html>

Edit:

This statement borders on too serious but I would like to mention, especially to inexperienced php coders, that SESSION data can be hijacked (this is outlined in Pro PHP Security: From Application Security Principles to the Implementation of XSS Defense - Chapter 7: Preventing Session Hijacking) and so it can be suggested to never store any personal information in $_SESSION. This would most critically include credit card numbers, government issued ids, and passwords; but would also extend into less assuming data like usernames, emails, phone numbers, etc which would allow a hacker to impersonate/compromise a legitimate user.

The internet is still very much in its "Wild West" era, and nothing is 100% safe. ...and Internet Security is a rabbit hole / money pit. Every coder should devote some time to understanding known threats and preventing them, but just how far to go with this will differ from person to person.




回答2:


Maybe this??

In the first snippet after successfully adding a new user..

if( $stmt->execute() ):
    $message = 'Successfully created new user';
    $_SESSION['firstname'] = $_POST['firstname'];
    $_SESSION['surname'] = $_POST['surname'];
    # redirect to login or you could just 
    # have the logged in at this point and..
    # redirect to restricted.php..
    header("Location: /login.php");
else:
    $message = 'Sorry there must have been an issue creating your account';
endif;

Then set up restricted.php like so:

<?php
session_start();
if (!isset($_SESSION['user_id'])) {
    header("Location: /login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
    <title>Restricted Area</title>
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css">
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
    <?php include '../header.php'; ?>
</head>
<body>
<h1>Welcome <?php echo $_SESSION['firstname']; ?> <?php echo $_SESSION['surname']; ?></h1>
<h2>You have sucessfully logged in with your credentials</h2>
</body>
</html>


来源:https://stackoverflow.com/questions/42869882/sql-database-value-to-variable

标签
php
sql
session
pdo
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!