jjzjj

php - 尝试使用 MySQL 字段作为数据的限制

coder 2023-10-24 原文

我会尽量做到简明扼要,但非常感谢任何帮助。我的 PHP/MySQL 技能水平略高于最低水平,因此我使用 Dreamweaver CS6 来尝试启动和运行我的网站。我需要能够限制从数据库返回给创建条目的用户的数据,所以我想重新使用登录信息来跟踪输入数据的人。

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_UserLoginForm = "SELECT * FROM users";
$UserLoginForm = mysql_query($query_UserLoginForm, $DLP_RPG) or die(mysql_error());
$row_UserLoginForm = mysql_fetch_assoc($UserLoginForm);
$totalRows_UserLoginForm = mysql_num_rows($UserLoginForm);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['UserLogin'])) {
  $loginUsername=$_POST['UserLogin'];
  $password=$_POST['UserPass'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "main.php";
  $MM_redirectLoginFailed = "UserRegistration.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_DLP_RPG, $DLP_RPG);
  
  $LoginRS__query=sprintf("SELECT user_login, user_pass FROM users WHERE user_login=%s AND user_pass=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $DLP_RPG) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
	if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!doctype html>
<html>
<head>
  </head>

<body>
<div class="container">
  <div class="header"><a href="#"><img src="" alt="Insert Logo Here" name="Insert_logo" width="180" height="90" id="Insert_logo" style="background-color: #C6D580; display:block;" /></a> 
    <!-- end .header --></div>
  <div class="sidebar1">
    <ul class="nav">
      <li><a href="character_list.php">My Characters</a></li>
      <li><a href="#">Link two</a></li>
      <li><a href="#">Link three</a></li>
      <li><a href="#">Link four</a></li>
    </ul>
    <form action="<?php echo $loginFormAction; ?>" method="POST" name="UserLoginForm" id="UserLoginForm">
      <table width="200" border="1">
        <tr>
          <td>Username:</td>
        </tr>
        <tr>
          <td><label for="UserLogin"></label>
          <input name="UserLogin" type="text" id="UserLogin" size="28"></td>
        </tr>
        <tr>
          <td>Password:</td>
        </tr>
        <tr>
          <td><span id="sprypassword1">
            <label for="UserPass"></label>
            <input name="UserPass" type="password" id="UserPass" size="28">
          <span class="passwordRequiredMsg">A value is required.</span></span></td>
        </tr>
        <tr>
          <td><input type="submit" name="UserLoginSubmit" id="UserLoginSubmit" value="Submit"></td>
        </tr>
      </table><input name="user_status" type="hidden" value="">
    </form>
    <p>&nbsp;</p>
    <p><a href="UserRegistration.php">Register</a></p>
    <!-- end .sidebar1 --></div>
  <div class="content">
    <h1>Please login to proceed</h1>
    <p>This is a testing site only, no guarantees of security so watch yourself</p>
    <!-- end .content --></div>
  <div class="footer">
    <p>This .footer contains the declaration position:relative; to give Internet Explorer 6 hasLayout for the .footer and cause it to clear correctly. If you're not required to support IE6, you may remove it.</p>
    <!-- end .footer --></div>
  <!-- end .container --></div>
</body>
</html>
<?php
mysql_free_result($UserLoginForm);
?>

所以上面就是登录信息了。数据库是 rpg_test,表是用户,我要查找的相关字段是 user_id 和 user_login。如您所料,user_id 是一个整数主键,user_login 是字母数字用户名。该页面使用它来登录其他页面,并且似乎保留了一个包含有效用户名的变量。

这是已经登录的用户页面之一的示例:

<?php require_once('Connections/DLP_RPG.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "0";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_UserLoginForm = "SELECT * FROM users";
$UserLoginForm = mysql_query($query_UserLoginForm, $DLP_RPG) or die(mysql_error());
$row_UserLoginForm = mysql_fetch_assoc($UserLoginForm);
$totalRows_UserLoginForm = mysql_num_rows($UserLoginForm);

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_PlaySystem = "SELECT play_systems.play_system FROM play_systems";
$PlaySystem = mysql_query($query_PlaySystem, $DLP_RPG) or die(mysql_error());
$row_PlaySystem = mysql_fetch_assoc($PlaySystem);
$totalRows_PlaySystem = mysql_num_rows($PlaySystem);

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_characters = "SELECT * FROM characters WHERE characters.character_owner";
$characters = mysql_query($query_characters, $DLP_RPG) or die(mysql_error());
$row_characters = mysql_fetch_assoc($characters);
$totalRows_characters = mysql_num_rows($characters);
?>
<!doctype html>
<html>
<head>
  </head>

<body>

<div class="container">
  <div class="header"><a href="#"><img src="" alt="Insert Logo Here" name="Insert_logo" width="180" height="90" id="Insert_logo" style="background-color: #C6D580; display:block;" /></a> 
    <!-- end .header --></div>
  <div class="sidebar1">
    <ul class="nav">
    
      <li><a href="#">My Characters</a></li>
      <li><a href="new_character1.php">New Character</a></li>
      <li><a href="#">Link three</a></li>
      <li><a href="#">Link four</a></li>
    </ul>
    <p><a href="<?php echo $logoutAction ?>">Logout</a></p><br> I should come up with a way to show this only if you're logged in<br>

    <!-- end .sidebar1 --></div>
  <div class="content">
    <h1>List of characters</h1>
    <p>This page should list all of your characters, and just your characters.</p>
    <p>Edit and delete buttons should be included.</p>
    <p>&nbsp;</p>
    <table border="1">
      <tr>
        <td>Name:</td>
        <td>Type:</td>
        <td>System:</td>
        <td>Owner:</td>
      </tr>
      <?php do { ?>
        <tr>
          <td><?php echo $row_characters['character_name1']; ?></td>
          <td><?php echo $row_characters['character_occupation']; ?></td>
          <td><?php echo $row_characters['play_system']; ?></td>
          <td><?php echo $row_characters['character_owner']; ?></td>
        </tr>
        <?php } while ($row_characters = mysql_fetch_assoc($characters)); ?>
    </table>
<!-- end .content --></div>
  </body>
</html>
<?php
mysql_free_result($UserLoginForm);

mysql_free_result($PlaySystem);

mysql_free_result($characters);
?>

我想要做的是在显示字符的 html 表中有“所有者”字段,将只显示创建它们的人所拥有的字符。理想情况下,我会将 user_id 字段限制为等于登录跟踪用于访问页面的任何内容。我猜它是某种持久变量,我希望在更新表时可以调用它并将其作为数据插入。

有这样的变数吗?我一直看到 $UserName 和其他东西,但也许我在兜圈子。任何帮助将不胜感激。

编辑:根据我在网站上找到的内容,我需要使用 session 变量。

我对其中一个页面执行了 print_r($SESSION),它给出了:

Array ( [PrevUrl] =>/rpg/character_list.php [MM_Username] => joecook [MM_UserGroup] => )

MM-Username 的登录名适合我的 user_login 字段,但下表显示该表使用的字段是 user_id。我以 user_id=2 登录,我只想查看与我相关的条目。

    <table border="1">
      <tr>
        <td>Name:</td>
        <td>Type:</td>
        <td>System:</td>
        <td>Owner:</td>
      </tr>
              <tr>
          <td>Fuzz Duck</td>
          <td>1</td>
          <td>Palladium Megaverse</td>
          <td>1</td>
        </tr>
                <tr>
          <td>another heresy test for owner</td>
          <td>17</td>
          <td>Heresy Game Engine</td>
          <td>2</td>
        </tr>
                <tr>
          <td>Another Heresy test</td>
          <td>17</td>
          <td>Heresy Game Engine</td>
          <td>2</td>
        </tr>
            </table>

如果有帮助,这是用数据填充上表的以前的表单:

  <div class="content">
    <h1>Starting a new character</h1>
    <p>The first thing to do when starting a new character is to select the play system from a drop down list</p>
    <form action="<?php echo $editFormAction; ?>" method="POST" name="PlaySystemForm" id="PlaySystemForm">
      <table width="500" border="1">
        <tr>
          <th width="129" scope="row">System:</th>
          <td width="355"><label for="play_system2"></label>
            <select name="play_system" id="play_system2">
              <?php
do {  
?>
              <option value="<?php echo $row_PlaySystem['play_system']?>"><?php echo $row_PlaySystem['play_system']?></option>
              <?php
} while ($row_PlaySystem = mysql_fetch_assoc($PlaySystem));
  $rows = mysql_num_rows($PlaySystem);
  if($rows > 0) {
      mysql_data_seek($PlaySystem, 0);
	  $row_PlaySystem = mysql_fetch_assoc($PlaySystem);
  }
?>
          </select></td>
        </tr>
        <tr>
          <th scope="row">Name:</th>
          <td><span id="sprytextfield1">
          <label for="character_name"></label>
          <input name="character_name" type="text" id="character_name" size="25" maxlength="128">
          <span class="textfieldRequiredMsg">A value is required.</span><span class="textfieldMinCharsMsg">Minimum number of characters not met.</span><span class="textfieldMaxCharsMsg">Exceeded maximum number of characters.</span></span></td>
        </tr>
        <tr>
          <th scope="row">Type:</th>
          <td><label for="character_type1"></label>
            <select name="character_type1" id="character_type1">
              <?php
do {  
?>
              <option value="<?php echo $row_character_type['character_type1_id']?>"<?php if (!(strcmp($row_character_type['character_type1_id'], $row_PlaySystem['play_system']))) {echo "selected=\"selected\"";} ?>><?php echo $row_character_type['character_type1']?></option>
              <?php
} while ($row_character_type = mysql_fetch_assoc($character_type));
  $rows = mysql_num_rows($character_type);
  if($rows > 0) {
      mysql_data_seek($character_type, 0);
	  $row_character_type = mysql_fetch_assoc($character_type);
  }
?>
          </select></td>
        </tr>
      </table>
      <input name="CharacterOwner" type="hidden" id="CharacterOwner" value="<?php echo $row_UserLoginForm['user_id']; ?>">
      <p>
        <input type="submit" name="NewCharacterSubmit" id="NewCharacterSubmit" value="Create character">
      </p>
      <input type="hidden" name="MM_insert" value="PlaySystemForm">
    </form>

最佳答案

您需要在查询中添加一个条件,即。 

WHERE characters.character_owner = users.user_id

由于您只存储了 user_login/($_SESSION['MM_Username']) 而不是 user_id,您需要使用子查询获取 user_id。尝试改变 -

$query_characters = "SELECT * FROM characters WHERE characters.character_owner";


$query_characters = "SELECT * FROM characters WHERE characters.character_owner = 
    (SELECT user_id FROM users WHERE user_login = '{$_SESSION['MM_Username']}')";

用户登录

关于php - 尝试使用 MySQL 字段作为数据的限制,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30430953/

MySQLphp34gtltauthenticationdreamweaverrestrictions

有关php - 尝试使用 MySQL 字段作为数据的限制的更多相关文章

  1. ruby - 如何使用 Nokogiri 的 xpath 和 at_xpath 方法 - 2

    我正在学习如何使用Nokogiri,根据这段代码我遇到了一些问题:require'rubygems'require'mechanize'post_agent=WWW::Mechanize.newpost_page=post_agent.get('http://www.vbulletin.org/forum/showthread.php?t=230708')puts"\nabsolutepathwithtbodygivesnil"putspost_page.parser.xpath('/html/body/div/div/div/div/div/table/tbody/tr/td/div

  2. ruby - 使用 RubyZip 生成 ZIP 文件时设置压缩级别 - 2

    我有一个Ruby程序,它使用rubyzip压缩XML文件的目录树。gem。我的问题是文件开始变得很重,我想提高压缩级别,因为压缩时间不是问题。我在rubyzipdocumentation中找不到一种为创建的ZIP文件指定压缩级别的方法。有人知道如何更改此设置吗?是否有另一个允许指定压缩级别的Ruby库? 最佳答案 这是我通过查看ruby​​zip内部创建的代码。level=Zlib::BEST_COMPRESSIONZip::ZipOutputStream.open(zip_file)do|zip|Dir.glob("**/*")d

  3. ruby - 为什么我可以在 Ruby 中使用 Object#send 访问私有(private)/ protected 方法? - 2

    类classAprivatedeffooputs:fooendpublicdefbarputs:barendprivatedefzimputs:zimendprotecteddefdibputs:dibendendA的实例a=A.new测试a.foorescueputs:faila.barrescueputs:faila.zimrescueputs:faila.dibrescueputs:faila.gazrescueputs:fail测试输出failbarfailfailfail.发送测试[:foo,:bar,:zim,:dib,:gaz].each{|m|a.send(m)resc

  4. ruby-on-rails - 使用 Ruby on Rails 进行自动化测试 - 最佳实践 - 2

    很好奇,就使用ruby​​onrails自动化单元测试而言,你们正在做什么?您是否创建了一个脚本来在cron中运行rake作业并将结果邮寄给您?git中的预提交Hook?只是手动调用?我完全理解测试,但想知道在错误发生之前捕获错误的最佳实践是什么。让我们理所当然地认为测试本身是完美无缺的,并且可以正常工作。下一步是什么以确保他们在正确的时间将可能有害的结果传达给您? 最佳答案 不确定您到底想听什么,但是有几个级别的自动代码库控制:在处理某项功能时,您可以使用类似autotest的内容获得关于哪些有效,哪些无效的即时反馈。要确保您的提

  5. ruby - 在 Ruby 中使用匿名模块 - 2

    假设我做了一个模块如下:m=Module.newdoclassCendend三个问题:除了对m的引用之外,还有什么方法可以访问C和m中的其他内容?我可以在创建匿名模块后为其命名吗(就像我输入“module...”一样)?如何在使用完匿名模块后将其删除,使其定义的常量不再存在? 最佳答案 三个答案:是的,使用ObjectSpace.此代码使c引用你的类(class)C不引用m:c=nilObjectSpace.each_object{|obj|c=objif(Class===objandobj.name=~/::C$/)}当然这取决于

  6. ruby - 使用 ruby​​ 和 savon 的 SOAP 服务 - 2

    我正在尝试使用ruby​​和Savon来使用网络服务。测试服务为http://www.webservicex.net/WS/WSDetails.aspx?WSID=9&CATID=2require'rubygems'require'savon'client=Savon::Client.new"http://www.webservicex.net/stockquote.asmx?WSDL"client.get_quotedo|soap|soap.body={:symbol=>"AAPL"}end返回SOAP异常。检查soap信封,在我看来soap请求没有正确的命名空间。任何人都可以建议我

  7. python - 如何使用 Ruby 或 Python 创建一系列高音调和低音调的蜂鸣声? - 2

    关闭。这个问题是opinion-based.它目前不接受答案。想要改进这个问题?更新问题,以便editingthispost可以用事实和引用来回答它.关闭4年前。Improvethisquestion我想在固定时间创建一系列低音和高音调的哔哔声。例如:在150毫秒时发出高音调的蜂鸣声在151毫秒时发出低音调的蜂鸣声200毫秒时发出低音调的蜂鸣声250毫秒的高音调蜂鸣声有没有办法在Ruby或Python中做到这一点?我真的不在乎输出编码是什么(.wav、.mp3、.ogg等等),但我确实想创建一个输出文件。

  8. ruby-on-rails - 'compass watch' 是如何工作的/它是如何与 rails 一起使用的 - 2

    我在我的项目目录中完成了compasscreate.和compassinitrails。几个问题:我已将我的.sass文件放在public/stylesheets中。这是放置它们的正确位置吗?当我运行compasswatch时,它不会自动编译这些.sass文件。我必须手动指定文件:compasswatchpublic/stylesheets/myfile.sass等。如何让它自动运行?文件ie.css、print.css和screen.css已放在stylesheets/compiled。如何在编译后不让它们重新出现的情况下删除它们?我自己编译的.sass文件编译成compiled/t

  9. ruby - ECONNRESET (Whois::ConnectionError) - 尝试在 Ruby 中查询 Whois 时出错 - 2

    我正在用Ruby编写一个简单的程序来检查域列表是否被占用。基本上它循环遍历列表,并使用以下函数进行检查。require'rubygems'require'whois'defcheck_domain(domain)c=Whois::Client.newc.query("google.com").available?end程序不断出错(即使我在google.com中进行硬编码),并打印以下消息。鉴于该程序非常简单,我已经没有什么想法了-有什么建议吗?/Library/Ruby/Gems/1.8/gems/whois-2.0.2/lib/whois/server/adapters/base.

  10. ruby - 使用 ruby​​ 将 HTML 转换为纯文本并维护结构/格式 - 2

    我想将html转换为纯文本。不过,我不想只删除标签,我想智能地保留尽可能多的格式。为插入换行符标签,检测段落并格式化它们等。输入非常简单,通常是格式良好的html(不是整个文档,只是一堆内容,通常没有anchor或图像)。我可以将几个正则表达式放在一起,让我达到80%,但我认为可能有一些现有的解决方案更智能。 最佳答案 首先,不要尝试为此使用正则表达式。很有可能你会想出一个脆弱/脆弱的解决方案,它会随着HTML的变化而崩溃,或者很难管理和维护。您可以使用Nokogiri快速解析HTML并提取文本:require'nokogiri'h

随机推荐