我有一个标准的形式,显示用户的当前数据从MySQL数据库一旦登录(代码从互联网获得)。用户可以编辑他们的数据,然后提交到editform.php页面进行更新。
一切工作正常,除了页面不显示更新的信息。用户必须先登出并再次登录才能查看更新后的信息。刷新页面没有显示新的信息。
My form test.php
<form action="editform.php?id_user=<?= $fgmembersite->UserId() ?>" method="POST">
<input type="hidden" name="id_user" value="<?= $fgmembersite->UserId() ?>"><br>
Name:<br>
<input type="text" name="name" size="40" value="<?= $fgmembersite->UserFullName() ?>"><br><br>
Email:<br>
<input type="text" name="email" size="40" value="<?= $fgmembersite->UserEmail() ?> "><br><br>
Address:<br>
<input type="text" name="address" size="40" value="<?= $fgmembersite->UserAddress() ?> "><br><br>
<button>Submit</button>
my editform.php page
<?php
include('db.php');
mysql_query("UPDATE fgusers3 SET name = '".$_POST['name']."', email= `enter code here`'".$_POST['email']."', address= '".$_POST['address']."' WHERE `enter code here`id_user='".$_POST['id_user']."'");
header("Location: test.php");
?>
我membersite_config.php <?PHP
require_once("./include/fg_membersite.php");
$fgmembersite = new FGMembersite();
$fgmembersite->SetWebsiteName('user11.com');
$fgmembersite->SetAdminEmail('user11@user11.com');
$fgmembersite->InitDB(/*hostname*/'localhost',
/*username*/'',
/*password*/'',
/*database name*/'',
/*table name*/'fgusers3');
$fgmembersite->SetRandomKey('qSRcVS6DrTzrPvr');
?>
my fg_membersite.php page
<?PHP
require_once("class.phpmailer.php");
require_once("formvalidator.php");
class FGMembersite
{
var $admin_email;
var $from_address;
var $username;
var $pwd;
var $database;
var $tablename;
var $connection;
var $rand_key;
var $error_message;
//-----Initialization -------
function FGMembersite()
{
$this->sitename = 'YourWebsiteName.com';
$this->rand_key = '0iQx5oBk66oVZep';
}
function InitDB($host,$uname,$pwd,$database,$tablename)
{
$this->db_host = $host;
$this->username = $uname;
$this->pwd = $pwd;
$this->database = $database;
$this->tablename = $tablename;
}
function SetAdminEmail($email)
{
$this->admin_email = $email;
}
function SetWebsiteName($sitename)
{
$this->sitename = $sitename;
}
function SetRandomKey($key)
{
$this->rand_key = $key;
}
//-------Main Operations ----------------------
function RegisterUser()
{
if(!isset($_POST['submitted']))
{
return false;
}
$formvars = array();
if(!$this->ValidateRegistrationSubmission())
{
return false;
}
$this->CollectRegistrationSubmission($formvars);
if(!$this->SaveToDatabase($formvars))
{
return false;
}
if(!$this->SendUserConfirmationEmail($formvars))
{
return false;
}
$this->SendAdminIntimationEmail($formvars);
return true;
}
function ConfirmUser()
{
if(empty($_GET['code'])||strlen($_GET['code'])<=10)
{
$this->HandleError("Please provide the confirm code");
return false;
}
$user_rec = array();
if(!$this->UpdateDBRecForConfirmation($user_rec))
{
return false;
}
$this->SendUserWelcomeEmail($user_rec);
$this->SendAdminIntimationOnRegComplete($user_rec);
return true;
}
function Login()
{
if(empty($_POST['username']))
{
$this->HandleError("UserName is empty!");
return false;
}
if(empty($_POST['password']))
{
$this->HandleError("Password is empty!");
return false;
}
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if(!isset($_SESSION)){ session_start(); }
if(!$this->CheckLoginInDB($username,$password))
{
return false;
}
$_SESSION[$this->GetLoginSessionVar()] = $username;
return true;
}
function CheckLogin()
{
if(!isset($_SESSION)){ session_start(); }
$sessionvar = $this->GetLoginSessionVar();
if(empty($_SESSION[$sessionvar]))
{
return false;
}
return true;
}
function UserId()
{
return isset($_SESSION['id_of_user'])?$_SESSION['id_of_user']:'';
}
function UserFullName()
{
return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:'';
}
function UserEmail()
{
return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:'';
}
function UserAddress()
{
return isset($_SESSION['address_of_user'])?$_SESSION['address_of_user']:'';
}
function LogOut()
{
session_start();
$sessionvar = $this->GetLoginSessionVar();
$_SESSION[$sessionvar]=NULL;
unset($_SESSION[$sessionvar]);
}
function EmailResetPasswordLink()
{
if(empty($_POST['email']))
{
$this->HandleError("Email is empty!");
return false;
}
$user_rec = array();
if(false === $this->GetUserFromEmail($_POST['email'], $user_rec))
{
return false;
}
if(false === $this->SendResetPasswordLink($user_rec))
{
return false;
}
return true;
}
function ResetPassword()
{
if(empty($_GET['email']))
{
$this->HandleError("Email is empty!");
return false;
}
if(empty($_GET['code']))
{
$this->HandleError("reset code is empty!");
return false;
}
$email = trim($_GET['email']);
$code = trim($_GET['code']);
if($this->GetResetPasswordCode($email) != $code)
{
$this->HandleError("Bad reset code!");
return false;
}
$user_rec = array();
if(!$this->GetUserFromEmail($email,$user_rec))
{
return false;
}
$new_password = $this->ResetUserPasswordInDB($user_rec);
if(false === $new_password || empty($new_password))
{
$this->HandleError("Error updating new password");
return false;
}
if(false == $this->SendNewPassword($user_rec,$new_password))
{
$this->HandleError("Error sending new password");
return false;
}
return true;
}
function ChangePassword()
{
if(!$this->CheckLogin())
{
$this->HandleError("Not logged in!");
return false;
}
if(empty($_POST['oldpwd']))
{
$this->HandleError("Old password is empty!");
return false;
}
if(empty($_POST['newpwd']))
{
$this->HandleError("New password is empty!");
return false;
}
$user_rec = array();
if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec))
{
return false;
}
$pwd = trim($_POST['oldpwd']);
if($user_rec['password'] != md5($pwd))
{
$this->HandleError("The old password does not match!");
return false;
}
$newpwd = trim($_POST['newpwd']);
if(!$this->ChangePasswordInDB($user_rec, $newpwd))
{
return false;
}
return true;
}
//-------Public Helper functions -------------
function GetSelfScript()
{
return htmlentities($_SERVER['PHP_SELF']);
}
function SafeDisplay($value_name)
{
if(empty($_POST[$value_name]))
{
return'';
}
return htmlentities($_POST[$value_name]);
}
function RedirectToURL($url)
{
header("Location: $url");
exit;
}
function GetSpamTrapInputName()
{
return 'sp'.md5('KHGdnbvsgst'.$this->rand_key);
}
function GetErrorMessage()
{
if(empty($this->error_message))
{
return '';
}
$errormsg = nl2br(htmlentities($this->error_message));
return $errormsg;
}
//-------Private Helper functions-----------
function HandleError($err)
{
$this->error_message .= $err."'r'n";
}
function HandleDBError($err)
{
$this->HandleError($err."'r'n mysqlerror:".mysql_error());
}
function GetFromAddress()
{
if(!empty($this->from_address))
{
return $this->from_address;
}
$host = $_SERVER['SERVER_NAME'];
$from ="nobody@$host";
return $from;
}
function GetLoginSessionVar()
{
$retvar = md5($this->rand_key);
$retvar = 'usr_'.substr($retvar,0,10);
return $retvar;
}
function CheckLoginInDB($username,$password)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
$username = $this->SanitizeForSQL($username);
$pwdmd5 = md5($password);
$qry = "Select id_user, name, email, address from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'";
$result = mysql_query($qry,$this->connection);
if(!$result || mysql_num_rows($result) <= 0)
{
$this->HandleError("Error logging in. The username or password does not match");
return false;
}
$row = mysql_fetch_assoc($result);
$_SESSION['id_of_user'] = $row['id_user'];
$_SESSION['name_of_user'] = $row['name'];
$_SESSION['email_of_user'] = $row['email'];
$_SESSION['address_of_user'] = $row['address'];
return true;
}
function UpdateDBRecForConfirmation(&$user_rec)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
$confirmcode = $this->SanitizeForSQL($_GET['code']);
$result = mysql_query("Select name, email from $this->tablename where confirmcode='$confirmcode'",$this->connection);
if(!$result || mysql_num_rows($result) <= 0)
{
$this->HandleError("Wrong confirm code.");
return false;
}
$row = mysql_fetch_assoc($result);
$user_rec['name'] = $row['name'];
$user_rec['email']= $row['email'];
$qry = "Update $this->tablename Set confirmcode='y' Where confirmcode='$confirmcode'";
if(!mysql_query( $qry ,$this->connection))
{
$this->HandleDBError("Error inserting data to the table'nquery:$qry");
return false;
}
return true;
}
function ResetUserPasswordInDB($user_rec)
{
$new_password = substr(md5(uniqid()),0,10);
if(false == $this->ChangePasswordInDB($user_rec,$new_password))
{
return false;
}
return $new_password;
}
function ChangePasswordInDB($user_rec, $newpwd)
{
$newpwd = $this->SanitizeForSQL($newpwd);
$qry = "Update $this->tablename Set password='".md5($newpwd)."' Where id_user=".$user_rec['id_user']."";
if(!mysql_query( $qry ,$this->connection))
{
$this->HandleDBError("Error updating the password 'nquery:$qry");
return false;
}
return true;
}
function GetUserFromEmail($email,&$user_rec)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
$email = $this->SanitizeForSQL($email);
$result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection);
if(!$result || mysql_num_rows($result) <= 0)
{
$this->HandleError("There is no user with email: $email");
return false;
}
$user_rec = mysql_fetch_assoc($result);
return true;
}
function SendUserWelcomeEmail(&$user_rec)
{
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($user_rec['email'],$user_rec['name']);
$mailer->Subject = "Welcome to ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$mailer->Body ="Hello ".$user_rec['name']."'r'n'r'n".
"Welcome! Your registration with ".$this->sitename." is completed.'r'n".
"'r'n".
"Regards,'r'n".
"Webmaster'r'n".
$this->sitename;
if(!$mailer->Send())
{
$this->HandleError("Failed sending user welcome email.");
return false;
}
return true;
}
function SendAdminIntimationOnRegComplete(&$user_rec)
{
if(empty($this->admin_email))
{
return false;
}
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($this->admin_email);
$mailer->Subject = "Registration Completed: ".$user_rec['name'];
$mailer->From = $this->GetFromAddress();
$mailer->Body ="A new user registered at ".$this->sitename."'r'n".
"Name: ".$user_rec['name']."'r'n".
"Email address: ".$user_rec['email']."'r'n";
if(!$mailer->Send())
{
return false;
}
return true;
}
function GetResetPasswordCode($email)
{
return substr(md5($email.$this->sitename.$this->rand_key),0,10);
}
function SendResetPasswordLink($user_rec)
{
$email = $user_rec['email'];
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($email,$user_rec['name']);
$mailer->Subject = "Your reset password request at ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$link = $this->GetAbsoluteURLFolder().
'/resetpwd.php?email='.
urlencode($email).'&code='.
urlencode($this->GetResetPasswordCode($email));
$mailer->Body ="Hello ".$user_rec['name']."'r'n'r'n".
"There was a request to reset your password at ".$this->sitename."'r'n".
"Please click the link below to complete the request: 'r'n".$link."'r'n".
"Regards,'r'n".
"Webmaster'r'n".
$this->sitename;
if(!$mailer->Send())
{
return false;
}
return true;
}
function SendNewPassword($user_rec, $new_password)
{
$email = $user_rec['email'];
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($email,$user_rec['name']);
$mailer->Subject = "Your new password for ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$mailer->Body ="Hello ".$user_rec['name']."'r'n'r'n".
"Your password is reset successfully. ".
"Here is your updated login:'r'n".
"username:".$user_rec['username']."'r'n".
"password:$new_password'r'n".
"'r'n".
"Login here: ".$this->GetAbsoluteURLFolder()."/login.php'r'n".
"'r'n".
"Regards,'r'n".
"Webmaster'r'n".
$this->sitename;
if(!$mailer->Send())
{
return false;
}
return true;
}
function ValidateRegistrationSubmission()
{
//This is a hidden input field. Humans won't fill this field.
if(!empty($_POST[$this->GetSpamTrapInputName()]) )
{
//The proper error is not given intentionally
$this->HandleError("Automated submission prevention: case 2 failed");
return false;
}
$validator = new FormValidator();
$validator->addValidation("name","req","Please fill in Name");
$validator->addValidation("email","email","The input for Email should be a valid email value");
$validator->addValidation("email","req","Please fill in Email");
$validator->addValidation("username","req","Please fill in UserName");
$validator->addValidation("password","req","Please fill in Password");
if(!$validator->ValidateForm())
{
$error='';
$error_hash = $validator->GetErrors();
foreach($error_hash as $inpname => $inp_err)
{
$error .= $inpname.':'.$inp_err."'n";
}
$this->HandleError($error);
return false;
}
return true;
}
function CollectRegistrationSubmission(&$formvars)
{
$formvars['name'] = $this->Sanitize($_POST['name']);
$formvars['email'] = $this->Sanitize($_POST['email']);
$formvars['username'] = $this->Sanitize($_POST['username']);
$formvars['password'] = $this->Sanitize($_POST['password']);
}
function SendUserConfirmationEmail(&$formvars)
{
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($formvars['email'],$formvars['name']);
$mailer->Subject = "Your registration with ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$confirmcode = $formvars['confirmcode'];
$confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode;
$mailer->Body ="Hello ".$formvars['name']."'r'n'r'n".
"Thanks for your registration with ".$this->sitename."'r'n".
"Please click the link below to confirm your registration.'r'n".
"$confirm_url'r'n".
"'r'n".
"Regards,'r'n".
"Webmaster'r'n".
$this->sitename;
if(!$mailer->Send())
{
$this->HandleError("Failed sending registration confirmation email.");
return false;
}
return true;
}
function GetAbsoluteURLFolder()
{
$scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
$urldir ='';
$pos = strrpos($_SERVER['REQUEST_URI'],'/');
if(false !==$pos)
{
$urldir = substr($_SERVER['REQUEST_URI'],0,$pos);
}
$scriptFolder .= $_SERVER['HTTP_HOST'].$urldir;
return $scriptFolder;
}
function SendAdminIntimationEmail(&$formvars)
{
if(empty($this->admin_email))
{
return false;
}
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($this->admin_email);
$mailer->Subject = "New registration: ".$formvars['name'];
$mailer->From = $this->GetFromAddress();
$mailer->Body ="A new user registered at ".$this->sitename."'r'n".
"Name: ".$formvars['name']."'r'n".
"Email address: ".$formvars['email']."'r'n".
"UserName: ".$formvars['username'];
if(!$mailer->Send())
{
return false;
}
return true;
}
function SaveToDatabase(&$formvars)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
if(!$this->Ensuretable())
{
return false;
}
if(!$this->IsFieldUnique($formvars,'email'))
{
$this->HandleError("This email is already registered");
return false;
}
if(!$this->IsFieldUnique($formvars,'username'))
{
$this->HandleError("This UserName is already used. Please try another username");
return false;
}
if(!$this->InsertIntoDB($formvars))
{
$this->HandleError("Inserting to Database failed!");
return false;
}
return true;
}
function IsFieldUnique($formvars,$fieldname)
{
$field_val = $this->SanitizeForSQL($formvars[$fieldname]);
$qry = "select username from $this->tablename where $fieldname='".$field_val."'";
$result = mysql_query($qry,$this->connection);
if($result && mysql_num_rows($result) > 0)
{
return false;
}
return true;
}
function DBLogin()
{
$this->connection = mysql_connect($this->db_host,$this->username,$this->pwd);
if(!$this->connection)
{
$this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct");
return false;
}
if(!mysql_select_db($this->database, $this->connection))
{
$this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct');
return false;
}
if(!mysql_query("SET NAMES 'UTF8'",$this->connection))
{
$this->HandleDBError('Error setting utf8 encoding');
return false;
}
return true;
}
function Ensuretable()
{
$result = mysql_query("SHOW COLUMNS FROM $this->tablename");
if(!$result || mysql_num_rows($result) <= 0)
{
return $this->CreateTable();
}
return true;
}
function CreateTable()
{
$qry = "Create Table $this->tablename (".
"id_user INT NOT NULL AUTO_INCREMENT ,".
"name VARCHAR( 128 ) NOT NULL ,".
"email VARCHAR( 64 ) NOT NULL ,".
"phone_number VARCHAR( 16 ) NOT NULL ,".
"username VARCHAR( 16 ) NOT NULL ,".
"password VARCHAR( 32 ) NOT NULL ,".
"confirmcode VARCHAR(32) ,".
"PRIMARY KEY ( id_user )".
")";
if(!mysql_query($qry,$this->connection))
{
$this->HandleDBError("Error creating the table 'nquery was'n $qry");
return false;
}
return true;
}
function InsertIntoDB(&$formvars)
{
$confirmcode = $this->MakeConfirmationMd5($formvars['email']);
$formvars['confirmcode'] = $confirmcode;
$insert_query = 'insert into '.$this->tablename.'(
name,
email,
username,
password,
confirmcode
)
values
(
"' . $this->SanitizeForSQL($formvars['name']) . '",
"' . $this->SanitizeForSQL($formvars['email']) . '",
"' . $this->SanitizeForSQL($formvars['username']) . '",
"' . md5($formvars['password']) . '",
"' . $confirmcode . '"
)';
if(!mysql_query( $insert_query ,$this->connection))
{
$this->HandleDBError("Error inserting data to the table'nquery:$insert_query");
return false;
}
return true;
}
function MakeConfirmationMd5($email)
{
$randno1 = rand();
$randno2 = rand();
return md5($email.$this->rand_key.$randno1.''.$randno2);
}
function SanitizeForSQL($str)
{
if( function_exists( "mysql_real_escape_string" ) )
{
$ret_str = mysql_real_escape_string( $str );
}
else
{
$ret_str = addslashes( $str );
}
return $ret_str;
}
function Sanitize($str,$remove_nl=true)
{
$str = $this->StripSlashes($str);
if($remove_nl)
{
$injections = array('/('n+)/i',
'/('r+)/i',
'/('t+)/i',
'/(%0A+)/i',
'/(%0D+)/i',
'/(%08+)/i',
'/(%09+)/i'
);
$str = preg_replace($injections,'',$str);
}
return $str;
}
function StripSlashes($str)
{
if(get_magic_quotes_gpc())
{
$str = stripslashes($str);
}
return $str;
}
}div ?>
editform.php显示登录期间存储到会话中的信息,因此即使在更新表之后,会话也将具有旧值
修改函数UserAddress()中的代码,从数据库而不是从会话中获取地址。并在更新查询表(fgusers3)
我总算弄明白了。对于那些有类似问题的人,我想我会和你们分享。在我的editform.php中,我成功地更新了数据库,但我没有更新会话。由于我是从会话而不是数据库中检索值,更新的信息没有显示,因此我需要使用$_SESSION['name_of_user'] = $_POST['name']更新会话;对于name以及我正在检索的所有其他值。——