【发布时间】:2022-06-15 21:09:47
【问题描述】:
嗨,我在 mysql 方面很弱,所以你是我最后的希望。我在一个现成的简单登录脚本上写了一个网站,但我想扩展它的功能。
所以我在 mysql 数据库中添加了一个 GOAL 列,我正在尝试添加用户在 php 网站中更改此值的功能。
我尝试修改现有的代码 profile.php,它允许您更新基本信息(如姓名、性别、电子邮件、密码),以编辑目标值,但它不起作用。
profile.php 文件如下所示:
<?php
define(TITLE, "Selfy / profil");
ob_start();
include 'includes/header.php';
include 'includes/nav.php';
if(!isset($_SESSION['userId']))
{
header("Location: index.php");
exit();
}
?>
<?php
$userName = '';
$email = '';
if(isset($_GET['error']))
{
if($_GET['error'] == 'emptyemail')
{
echo '<p class="warning">Naleźy wprowadzić adres e-mail</p>';
$email = $_GET['mail'];
}
else if ($_GET['error'] == 'invalidmail')
{
echo '<p class="closed">Wprowadź poprawny adres e-mail</p>';
}
else if ($_GET['error'] == 'emptyoldpwd')
{
echo '<p class="warning">Aby zmienić hasło, należy wprowadzić poprzednie</p>';
}
else if ($_GET['error'] == 'emptynewpwd')
{
echo '<p class="closed">Wprowadź nowe hasło</p>';
}
else if ($_GET['error'] == 'emptyreppwd')
{
echo '<p class="closed">Potwierdź nowe hasło</p>';
}
else if ($_GET['error'] == 'wrongpwd')
{
echo '<p class="closed">To nie jest twoje obecne hasło! Użyj obecnego</p>';
}
else if ($_GET['error'] == 'samepwd')
{
echo '<p class="closed">Nowe hasło nie może być takie samo jak poprzednie</p>';
}
else if ($_GET['error'] == 'passwordcheck')
{
echo '<p class="closed">*Confirmation password is not the same as the new password</p>';
}
}
else if (isset($_GET['edit']) == 'success')
{
echo '<p class="success">Profil został zaktualizowany <button type="button" class="close-alert">×</button></p>';
}
?>
<form action="includes/profileUpdate.inc.php" method='post' id="contact-form" enctype="multipart/form-data">
<div class="header"><h2>Informacje podstawowe</h2></div>
<div class="userphoto">
<img class="profilephoto" id="userDp" src=<?php echo "./uploads/".$_SESSION['userImg']; ?>>
</br>
Zmień zdjęcie profilowe</br>
<input type="file" name='dp' value=<?php echo $_SESSION['userImg']; ?>>
</div>
<input type="text" id="f-name" name="f-name" placeholder="Imię" value=<?php echo $_SESSION['f_name']; ?>>
<input type="text" id="l-name" name="l-name" placeholder="Nazwisko" value=<?php echo $_SESSION['l_name']; ?>>
<label class="container" for="gender-m"><i class="fa-solid fa-person fa-2xl"></i>
<input type="radio" name="gender" value="m" id="gender-m"
<?php if ($_SESSION['gender'] == 'm'){ ?>
checked="checked"
<?php } ?>>
<span class="checkmark"></span>
</label>
<label class="container" for="gender-f"><i class="fa-solid fa-person-dress fa-2xl"></i>
<input type="radio" name="gender" value="f" id="gender-f"
<?php if ($_SESSION['gender'] == 'f'){ ?>
checked="checked"
<?php } ?>>
<span class="checkmark"></span>
</label>
<div class="header"><h2>Informacje dodatkowe</h2></div>
<label for="headline">Nagłówek</label>
<input type="text" id="headline" name="headline" placeholder="Podaj nagłówek" value='<?php echo $_SESSION['headline']; ?>'><br>
<label for="bio">Coś o tobie</label>
<textarea id="bio" name="bio" maxlength="5000" placeholder="Co chcesz powiedzieć innym, o sobie?"><?php echo $_SESSION['bio']; ?></textarea>
<div class="header"><h2>Dane logowania</h2></div>
<label>Nazwa użytkownika</label>
<input type="text" id="userUid" name="userUid" placeholder="<?php echo strtoupper($_SESSION['userUid']) ?>" disabled></br>
<label for="email">Adres e-mail</label>
<input type="email" id="email" name="email" placeholder="email" value=<?php echo $_SESSION['emailUsers']; ?>><br>
<label>Hasło</label>
<input type="password" id="old-pwd" name="old-pwd" placeholder="Obecne hasło">
<input type="password" id="pwd" name="pwd" placeholder="Nowe hasło">
<input type="password" id="pwd-repeat" name="pwd-repeat" placeholder="Powtórz nowe hasło">
<input type="submit" class="button next" name="update-profile" value="Aktualizuj">
</form>
<?php include 'includes/footer.php'; ?>用户应该能够通过设置他的“目标”来选择多个值,这些值在数据库中定义为 1、2、3、4、5、6。
问题在于,只要用户不注销,它就只能在记录的会话期间工作。 mysql中的值是不变的,所以我认为问题出在goal.inc.php中。
这就是 includes/profileUpdate.inc.php 的样子:
<?php
session_start();
if (isset($_POST['update-profile']))
{
require 'dbh.inc.php';
$email = $_POST['email'];
$f_name = $_POST['f-name'];
$l_name = $_POST['l-name'];
$oldPassword = $_POST['old-pwd'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
$gender = $_POST['gender'];
$headline = $_POST['headline'];
$bio = $_POST['bio'];
if (empty($email))
{
header("Location: ../profile.php?error=emptyemail");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
header("Location: ../profile.php?error=invalidmail");
exit();
}
else
{
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql))
{
header("Location: ../profile.php?error=sqlerror");
exit();
}
else
{
mysqli_stmt_bind_param($stmt, "s", $_SESSION['userUid']);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if($row = mysqli_fetch_assoc($result))
{
$pwdChange = false;
if( (!empty($password) || !empty($passwordRepeat)) && empty($oldPassword))
{
header("Location: ../profile.php?error=emptyoldpwd");
exit();
}
if( empty($password) && empty($passwordRepeat) && !empty($oldPassword))
{
header("Location: ../profile.php?error=emptynewpwd");
exit();
}
if (!empty($password) && empty($passwordRepeat) && !empty($oldPassword))
{
header("Location: ../profile.php?error=emptyreppwd");
exit();
}
if (empty($password) && !empty($passwordRepeat) && !empty($oldPassword))
{
header("Location: ../profile.php?error=emptynewpwd");
exit();
}
if (!empty($password) && !empty($passwordRepeat) && !empty($oldPassword))
{
$pwdCheck = password_verify($oldPassword, $row['pwdUsers']);
if ($pwdCheck == false)
{
header("Location: ../profile.php?error=wrongpwd");
exit();
}
if ($oldPassword == $password)
{
header("Location: ../profile.php?error=samepwd");
exit();
}
if ($password !== $passwordRepeat)
{
header("Location: ../profile.php?error=passwordcheck&mail=".$email);
exit();
}
$pwdChange = true;
}
$FileNameNew = $_SESSION['userImg'];
require 'upload.inc.php';
$sql = "UPDATE users "
. "SET f_name=?, "
. "l_name=?, "
. "emailUsers=?, "
. "gender=?, "
. "headline=?, "
. "bio=?, "
. "userImg=? ";
if ($pwdChange)
{
$sql .= ", pwdUsers=? "
. "WHERE uidUsers=?;";
}
else
{
$sql .= "WHERE uidUsers=?;";
}
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql))
{
header("Location: ../profile.php?error=sqlerror");
exit();
}
else
{
if ($pwdChange)
{
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sssssssss", $f_name, $l_name, $email,
$gender, $headline, $bio,
$FileNameNew, $hashedPwd, $_SESSION['userUid']);
}
else
{
mysqli_stmt_bind_param($stmt, "ssssssss", $f_name, $l_name, $email,
$gender, $headline, $bio,
$FileNameNew, $_SESSION['userUid']);
}
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$_SESSION['emailUsers'] = $email;
$_SESSION['f_name'] = $f_name;
$_SESSION['l_name'] = $l_name;
$_SESSION['gender'] = $gender;
$_SESSION['headline'] = $headline;
$_SESSION['bio'] = $bio;
$_SESSION['userImg'] = $FileNameNew;
header("Location: ../profile.php?edit=success");
exit();
}
}
else
{
header("Location: ../profile.php?error=sqlerror");
exit();
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else
{
header("Location: ../profile.php");
exit();
}所以我的问题是,php 代码应该如何工作并允许更改 GOAL 值。
【问题讨论】:
-
“问题是它只在登录会话期间有效,只要用户不会注销” - 为什么要允许未登录的用户更改他们的个人资料数据?一开始这没什么意义。