首先,很抱歉标题问题措辞不当。我正在编写一个小程序,其中login()函数在被调用时,从数据库中获取"用户名"answers"用户级别"。如果条目有效,则会将用户带到注销页面。它所做的只是欢迎用户并提示他们注销。然而,当我使用以下代码时,它不会显示用户信息:
logoutForm.inc.html…
<!DOCTYPE HTML>
<html>
<head>
<title>Welcome</title>
<link rel="icon" type="image/png" href="http://upload.wikimedia.org/wikipedia/commons/a/ac/Farm-Fresh_key.png">
<meta charset="utf-8">
</head>
<body>
<div id = "wrapper">
<div id="masthead">
<h2>Welcome, <?php echo $userName; ?>!</h2>
<h3>Your current user level is <?php echo $userLevel; ?></h3>
<form action method="post" name="logoutForm">
<p>
<input type="submit" name="logout" value="Log Out" />
</p>
</form>
</div>
</div>
</body>
</html>
functions.php…
<?php
function login($userName)
{
if (empty($userName)){
echo '<h2>You forgot to enter something</h2>
<meta http-equiv="refresh" content="2; url=login.php" />';
}
else
{
$conn = new PDO("mysql:host=localhost:3307;dbname=users", "root", "");
$result = $conn->prepare("SELECT * FROM user_list WHERE email = :username");
$result->bindParam(':username', $userName);
$result->execute();
$row = $result->fetch(PDO::FETCH_ASSOC);
if($row > 0) {
if ($row['userLevel'] == 'A')
{
$userLevel = 'Admin';
}
elseif ($row['userLevel'] == 'M')
{
$userLevel = 'Member';
}
header("Location: includes/logoutForm.inc.html");
}
else
{
echo '<h2>That entry is INVALID</h2>
<meta http-equiv="refresh" content="2; url=login.php" />';
}
}
}
function logout($userName)
{
session_start();
echo '<title>Logout</title>
<link rel="icon" type="image/png" href="http://upload.wikimedia.org/wikipedia/commons/a/ac/Farm-Fresh_key.png">
<meta charset="utf-8">';
$_SESSION['username'] = array();
session_destroy();
$name = session_name(); $expire = strtotime('-1 year'); $params = session_get_cookie_params(); $path = $params['path']; $domain = $params['domain']; $secure = $params['secure']; $httponly = $params['httponly'];
setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
die('<h3>You have successfully logged out</h3>
<meta http-equiv="refresh" content="2; url=login.php" />');
}
更不用说logout()函数完全搞砸了。一次解决一个问题。谢谢你的寻找,如果可以的话请帮忙。
如果您希望登录持续存在,您需要将信息存储在会话中(如果您需要会话比浏览会话持续更长的时间,则会话可以存储在数据库中):
if($row > 0) {
// start the session, you might want to do that at the top of your script
session_start();
if ($row['userLevel'] == 'A')
{
$_SESSION['userLevel'] = 'Admin';
}
elseif ($row['userLevel'] == 'M')
{
$_SESSION['userLevel'] = 'Member';
}
现在,您可以在登录页面中启动会话,并检查是否设置了变量以及确切的用户权限。
注意:不要像注释中提到的那样使用查询字符串来传递这些变量。这将允许任何人通过更改查询字符串来假装使用他们想要的权限登录。会话存储在服务器端,因此访问者无法对其进行操作。