我试图创建一个成员页面,但当我以用户身份登录时我需要一个注销按钮,如果我以(X)用户的身份登录,并且我试图访问(Y)用户的配置文件,我仍然会得到注销按钮。基本上,只有当我以用户身份登录时,我才会尝试获得注销按钮,如果我想检查另一个配置文件,我想检查它,而不想在登录时在另一个概要文件页面上显示注销按钮。
PROFILE.php
<?php
session_start();
include_once 'php/classes/class.user.php';
//echo 'GET:';
//var_dump($_GET);
//echo '$_SESSION:';
//echo var_dump($_SESSION);
$user = new User();
$uid = $_GET['uid'];
if(isset($_SESSION['uid']) && $_GET['uid'] == $_SESSION['uid']){
if ($user->check_user($uid)) {
echo " " . $user->get_fullname($uid) . " ";
echo "<a href='profile.php?q=logout'>Log Out</a>";
}
}else if(isset($_SESSION['uid']) && $_GET['uid'] != $_SESSION['uid']){
echo " " . $user->get_fullname($uid) . " ";
}else if(!isset($_SESSION['uid']) && $_GET['uid'] != $_SESSION['uid']){
echo " " . $user->get_fullname($uid) . " ";
}else if($user->check_user($count_row1) > $uid){
echo "User Doesn't exist";
}
if (isset($_GET['q'])) {
$user->user_logout();
header("location: index.php");
}
?>
USERS.FUNCTIONS.php
<?php
include "db_config.php";
class User{
public $db;
public function __construct(){
$this->db = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
if(mysqli_connect_errno()) {
echo "Error: Could not connect to database.";
exit;
}
}
/*** for login process ***/
public function check_login($emailusername, $password){
$password = md5($password);
$sql2="SELECT uid from users WHERE uemail='$emailusername' or uname='$emailusername' and upass='$password'";
//checking if the username is available in the table
$result = mysqli_query($this->db,$sql2);
$user_data = mysqli_fetch_array($result);
$count_row = $result->num_rows;
if ($count_row == 1) {
// this login var will use for the session thing
session_start();
$_SESSION['login'] = true;
$_SESSION['uid'] = $user_data['uid'];
return true;
}
else{
return false;
}
}
/*** for showing the username or fullname ***/
public function get_fullname($uid){
$sql = "SELECT * FROM users WHERE uid = $uid";
$result = mysqli_query($this->db, $sql);
$user_data = mysqli_fetch_array($result);
echo $user_data['fullname'], "<br/>";
echo $user_data['uemail'], "<br/>";
echo $user_data['uid'], "<br/>";
}
public function check_user($uid){
$sql5 = "SELECT uid from users WHERE uid='$uid'";
$result1 = $this->db->query($sql5);
$count_row1 = $result1->num_rows;
return ($count_row1 ==1);
}
/*** starting the session ***/
public function get_session(){
return $_SESSION['login'];
}
public function user_logout() {
$_SESSION['login'] = FALSE;
session_destroy();
}
}
根据您的代码
if (isset($_GET['uid'])) {
// Your Code of Check user exist? I don't get it
}
else if (isset($_SESSION['uid'], $_SESSION['login'])) {
// Your Code to print Logout
}
else
echo "Session not set";
这实际上是没有意义的,您首先检查的是uid
。我猜这是用户的唯一id。如果设置了uid
,它甚至不会转到其他部分。如果我忽略了在你的其他部分,你没有检查当前用户是否是登录的同一用户,你应该这样做:
if(isset($_SESSION['user'],$_GET['uid']))
{
if($_GET['uid']==$_SESSION['uid'])
{
//Your Code to Print Logout
}
else if($user->check_user($uid))
{
//User Exist and Not Logged in User
}
else if(!$user->check_user($uid))
{
//User Doesn't Exist
}
}
您必须使用GET参数与登录用户一起检查当前配置文件。我建议您消除第一个if
条件,并使用上述条件。
编辑:如果你想打印用户是否存在,可以有多种方式,我只是编辑了一个例子,但根据多种情况可能会有所不同这只是一个想法
我认为您可以使用这个类来创建所有用户的所有配置文件页面。
对于当你访问另一个用户的档案时不要显示注销按钮,你有一些解决方案:
1) 创建一个不同的php文件来显示其他用户配置文件;2) 控制会话中注册的用户id是否与您想要显示的配置文件相同,如果不是,则不要显示按钮
当用户登录时,您在会话中存储此:
$_SESSION['uid'] = $user_data['uid'];
现在,您已经记录了CURRENT用户的ID,需要显示个人页面的用户ID。我认为在您的数据库中,用户的id是唯一的,或者是具有自动递增功能的主键。
例如,X登录并希望查看用户Y的个人页面。
在$_SESSION['uid']中,您已经存储了用户X的id。当用户点击链接查看Y的个人页面时,您必须通过查询检索用户Y的uid。
HTML页面示例
<html>
<body>
<a href="personal_page.php?var=usernameY> Y </a>
</body>
</html>
PHP页面示例
<?php
$username_Y = $_REQUEST['var'];
$query = "SELECT uid FROM table WHERE username = $username_Y";
$result = mysql_query($query) or die (mysql_error());
while ($row = mysql_fetch_array($result)) {
$user_Y_id = $row['uid'];
}
if($_SESSION['uid'] != $user_Y_id) {
//show button
} else {
// don't show button but other you want
}
?>