我需要一个关于实现jQuery文件上传所需用户登录的最简单方法的建议。在网站主页上,用户使用电子邮件和密码登录。然后,我们在整个站点范围内使用$_SESSION[email]来允许或禁止访问页面,这取决于用户是否登录
到目前为止,这在所有PHP页面上都运行良好,下面是正在使用的代码示例:
<?php
// at the top most of the page
session_start();
// Checking user login credentials
if(!isset($_SESSION['email'])){
// Alerting the user they must be logged in
echo "<script>alert('You must be logged in to access this page.')</script>";
// Sending the non-logged in user back to the home page
echo "<script>window.open('../index.php','_self')</script>";
}
// If the user is logged in let them see the page
else { ?>
// added to the very last line of the page
<?php } ?>
登录表格如下,以防您需要查看:
<form method="post" action="#">
<table width="90%" border="0" align="center" bgcolor="white">
<tr>
<td bgcolor="ffffff" colspan="2" align="center"><h2>User Login</h2></td>
</tr>
<tr>
<td align="right">Email:</td>
<td><input type="text" name="email" id="email"></td>
</tr>
<tr>
<td align="right">Password:</td>
<td><input type="password" name="password" id="password"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="button" name="login" id="login" value="Login"></td>
</tr>
<tr>
<td colspan="2" align="center"><h3 style="margin-top:7px;"><a href="nonadmin_user_forgot_password.php" target="_blank" title="Reset Your Lost Password">Forgot Password?</a></h3></td>
</tr>
<tr>
<td bgcolor="#ffffff" colspan="2" align="center"><div style="padding-top:5px;"><span style="font-size:20px;">Don't have an account?<br /><a href="/includes/register-user.php" title="Register with us!" target="_self">Sign Up</a> is <em>quick</em> and <em>easy</em>!</span></div></td>
</table>
</form>
这是登录PHP文件:
<?php
session_start();
// Connecting to the database and making the Bcrypt functions available
include("admin/includes/connect.php");
include ("lib/password.php");
// Let's get the mail and password from the Login Form
$email=$_POST['email1'];
$password= ($_POST['password1']);
// Let's see if the entered email is in the database and if it is retrieve the password
$result = mysqli_query($conn, "SELECT * FROM nonadmin_user_login WHERE email='$email'");
// Create variables for the database result, password and email
$data = mysqli_fetch_array($result);
$bcrypt_pass = $data['nonadmin_user_pass'];
$email_match = $data['email'];
// If the email and password match up
if (password_verify ($password, $bcrypt_pass) == 1 AND $email == $email_match) {
// Start a session bound to the email
$_SESSION['email']=$email;
// Alert the user of a successful login
echo "Successfully Logged in.";
// Make a variable for the date and time
$mysqltime = date ("Y-m-d H:i:s");
// Update the database to show the time of the user's last successful login
mysqli_query($conn, "UPDATE nonadmin_user_login SET last_login='$mysqltime' WHERE email ='".$email."' ") or die(mysqli_error($conn));
}
// Alert the user of a failed login
else{
echo "Email or Password is wrong please try again.";
}
?>
这是登录JS:
<script>
// Let's get this party started
$(document).ready(function(){
// Binding this to the login form submit button
$("#login").click(function(){
// Setting variables and binding them to the login form fields
var email = $("#email").val();
var password = $("#password").val();
// Checking if the email or password is empty
if( email =='' || password ==''){
$('input[type="text"],input[type="password"]');
$('input[type="text"],input[type="password"]');
// Alerting the user of empty email and/or password
alert("Please fill all fields.");
// If the fields are not empty
}else {
// Posting the entered email and password to log-me-in.php
$.post("log-me-in.php",{ email1: email, password1:password},
// Function to event handle incorrect email or password
function(data) {
// If the email is invalid
if(data=='Invalid Email.......') {
$('input[type="text"]');
$('input[type="password"]');
// Alert the user of invalid entry
alert(data);
// If email and/or password don't match the database query
}else if(data=='Email or Password is wrong please try again.'){
$('input[type="text"],input[type="password"]');
// Alert the user of invalid entry
alert(data);
// If nothing went wrong so far it's time to login and alert user of login success
} else if(data=='Successfully Logged in.'){
// Let's refresh the window so the sidebar signin block can swap to the logged in block
window.location=window.location;
$("form")[0].reset();
$('input[type="text"],input[type="password"]');
alert(data);
} else{
alert(data);
}
});
}
});
});</script>
我试过几种方法,但都失败了。我尝试使用jQuery File Upload index.html顶部所有其他页面上使用的标准代码(最上面的代码示例框),但这是不可行的。
我还尝试将这个标准代码(最上面的代码示例框)添加到jQuery File Upload UploadHandler.php中,其中@session开始行的代码是…
protected function get_user_id() { //
@session_start();
return session_id();
}
但它又一次不起作用。现在的情况是,地球上的任何人都可以打开jQuery File Upload页面并开始加载文件,这是不好的。我的想法是,如果用户没有登录,我可能需要放弃不显示整个页面,只让页面显示。。。然后如果点击上传文件按钮,如果他们没有登录,上传失败?
如果你有一个建议如何基于登录阻止整个页面,请告诉我。如果你有关于如何阻止基于登录的文件上传的建议,请告诉我。如果你对任何事情有任何建议,请告诉我我洗耳恭听,并提前感谢你能提供的任何帮助!
为什么不检查
if(isset($_SESSION['email']))
如果是,则执行文件上载脚本,如果不是,则不运行脚本并返回错误
if(!isset($_SESSION['email']))
{ actual upload script }
else
{ echo "I dont think so hombre" }