[PHP]从会话变量中给出错误值的SQL表
我将用户权限存储在与用户信息相同的表中,因此有三个布尔条目,用于三个权限级别。登录后,从该用户的行中的数据插入到会话变量与下面的代码:[PHP]从会话变量中给出错误值的SQL表
private function loginWithPostData($user_name, $user_password, $user_rememberme)
{
if (empty($user_name)) {
$this->errors[] = MESSAGE_USERNAME_EMPTY;
} else if (empty($user_password)) {
$this->errors[] = MESSAGE_PASSWORD_EMPTY;
// if POST data (from login form) contains non-empty user_name and non-empty user_password
} else {
// user can login with his username or his email address.
// if user has not typed a valid email address, we try to identify him with his user_name
if (!filter_var($user_name, FILTER_VALIDATE_EMAIL)) {
// database query, getting all the info of the selected user
$result_row = $this->getUserData(trim($user_name));
// if user has typed a valid email address, we try to identify him with his user_email
} else if ($this->databaseConnection()) {
// database query, getting all the info of the selected user
$query_user = $this->db_connection->prepare('SELECT * FROM users WHERE user_email = :user_email');
$query_user->bindValue(':user_email', trim($user_name), PDO::PARAM_STR);
$query_user->execute();
// get result row (as an object)
$result_row = $query_user->fetchObject();
}
// if this user not exists
if (! isset($result_row->user_id)) {
// was MESSAGE_USER_DOES_NOT_EXIST before, but has changed to MESSAGE_LOGIN_FAILED
// to prevent potential attackers showing if the user exists
$this->errors[] = MESSAGE_LOGIN_FAILED;
} else if (($result_row->user_failed_logins >= 3) && ($result_row->user_last_failed_login > (time() - 30))) {
$this->errors[] = MESSAGE_PASSWORD_WRONG_3_TIMES;
// using PHP 5.5's password_verify() function to check if the provided passwords fits to the hash of that user's password
} else if (! password_verify($user_password, $result_row->user_password_hash)) {
// increment the failed login counter for that user
$sth = $this->db_connection->prepare('UPDATE users '
. 'SET user_failed_logins = user_failed_logins+1, user_last_failed_login = :user_last_failed_login '
. 'WHERE user_name = :user_name OR user_email = :user_name');
$sth->execute(array(':user_name' => $user_name, ':user_last_failed_login' => time()));
$this->errors[] = MESSAGE_PASSWORD_WRONG;
// has the user activated their account with the verification email
} else if ($result_row->user_active != 1) {
$this->errors[] = MESSAGE_ACCOUNT_NOT_ACTIVATED;
} else {
// write user data into PHP SESSION [a file on your server]
$_SESSION['user_id'] = $result_row->user_id;
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_logged_in'] = 1;
$_SESSION['user_first_name'] = $result_row->user_first_name;
$_SESSION['user_last_name'] = $result_row->user_last_name;
$_SESSION['user_address_line_1'] = $result_row->user_address_line_1;
$_SESSION['permission_1'] = $result_row->permission_1;
$_SESSION['permission_2'] = $result_row->permission_2;
$_SESSION['permission_3'] = $result_row->permission_3;
// declare user id, set the login status to true
$this->user_id = $result_row->user_id;
$this->user_name = $result_row->user_name;
$this->user_email = $result_row->user_email;
$this->user_is_logged_in = true;
现在,当我使用PHP来告诉我,该列有一个1,我得到不正确的数据,虽然使用所有其他数据同样的方法(第一姓名,电子邮件地址等)的作品perfectly.This是我使用的代码:我做了什么
if($_SESSION['permission_1'] = 1){
echo "ADMIN";
} else {
if($_SESSION['permission_2'] = 1){
echo "MANAGEMENT COMPANY";
} else {
if($_SESSION['permission_3'] = 1){
echo "USER";
} else {
echo "You do not currently have any permissions. Please wait for a member of the management team to verify you.";
}
}
}
导致要么没有被破坏唯一布尔值会话结束还是报告不准确?
我认为你缺少一个=
尝试这样的改变它在所有的if()
S的:
$_SESSION['permission_3'] == 1
在PHP =
如果类型是一样的赋值,==
检查它(也===
检查在比较)
另外,不需要使用3个变量/行来设置权限。使用一个可以取3个值的变量/行,例如A,M和U.相同的结果,更少的行数,更少的麻烦。 – 2014-09-11 09:13:13
好主意,我会尝试这些,谢谢! – user3805867 2014-09-11 09:41:06
看起来你正在设置permission_admin,permission_lessor等,而不是permission_1,permission_2? – Shravan 2014-09-11 08:57:49
是的,我在这里改变这些,他们都是perm_admin,出租人等在代码中,我认为id改变了他们所有,它不是.. – user3805867 2014-09-11 09:03:37
你可以更新代码以及var_dump($ _ SESSION)显示什么? – Shravan 2014-09-11 09:05:08