Of course! The $cuserlogin variable is a fundamental and very important object in the Dedecms (DedeCMS) content management system. It represents the currently logged-in user on the front-end of the website.
Here’s a detailed breakdown of what it is, how it works, and how to use it.
What is $cuserlogin?
In simple terms, $cuserlogin is a PHP object that holds all the information about the user who is currently logged into your website. It acts as a session-based user object.
- Type: It's an instance of the
DedeUserclass (or a similar user class, depending on the version). - Scope: It is available globally on the front-end of your site after a user has logged in. You can typically access it directly in your PHP templates (
.htmfiles) without needing toglobal $cuserlogin;. - Purpose: To provide a convenient way to check user status and display personalized content.
When is $cuserlogin Created and Populated?
The $cuserlogin object is created and populated during the login process.
- A user visits your login page (e.g.,
member/index.php). - They enter their username and password.
- The login script (
member/index_do.php) validates the credentials against thedede_membertable in the database. - If the credentials are correct, the script creates a
DedeUserobject, populates it with the user's data (likeID,uname,email,scores, etc.), and stores this object in the PHP$_SESSIONvariable. - On subsequent page loads, Dedecms checks the session. If a valid user session exists, it reconstructs the
$cuserloginobject from the session data, making the user's information available throughout the site.
How to Use $cuserlogin in Your Templates
The most common use for $cuserlogin is in your template files (.htm) to create dynamic, user-specific content.
Basic Example: Displaying the User's Username
You can directly access the properties of the $cuserlogin object. The most common property is uname (the user's login name).
{dede:php}
// This is a safe way to check if the user is logged in before trying to use the object
if(isset($cuserlogin) && is_object($cuserlogin))
{
echo "Welcome, " . $cuserlogin->uname . "!";
}
else
{
echo "You are not logged in. <a href='/member/index.php'>Login</a>";
}
{/dede:php}
A more common and simpler way in Dede templates is to use the built-in global tag:
{dede:global name='cuserlogin'/}
However, this usually outputs the object's string representation, which isn't very useful. The {dede:php} block above is the most reliable method.
Example: Showing Different Content for Logged-in vs. Logged-out Users
This is a very powerful feature for creating member-only areas or personalized greetings.
<div class="user-greeting">
{dede:php}
if (isset($cuserlogin) && is_object($cuserlogin)) {
// Content for logged-in users
echo "<p>Hello, " . $cuserlogin->uname . "! Your user ID is: " . $cuserlogin->ID . "</p>";
echo "<a href='/member/index.php'>Edit Profile</a> | ";
echo "<a href='/member/logout.php'>Logout</a>";
} else {
// Content for guests
echo "<p>Welcome, Guest! Please <a href='/member/index.php'>log in</a> to access your dashboard.</p>";
}
{/dede:php}
</div>
Common Properties of the $cuserlogin Object
Here are the most useful properties you can access from the $cuserlogin object:
| Property | Description | Example Usage |
|---|---|---|
$cuserlogin->ID |
The unique numeric ID of the user in the dede_member table. |
echo "User ID: " . $cuserlogin->ID; |
$cuserlogin->uname |
The username the user logged in with. | echo "Welcome, " . $cuserlogin->uname; |
$cuserlogin->email |
The user's registered email address. | echo "Your email is: " . $cuserlogin->email; |
$cuserlogin->scores |
The user's current points/score. | echo "You have " . $cuserlogin->scores . " points."; |
$cuserlogin->money |
The user's current account balance (if using the payment system). | echo "Balance: $" . $cuserlogin->money; |
$cuserlogin->mtype |
The user's member type (e.g., '个人', '企业'). | echo "Member Type: " . $cuserlogin->mtype; |
$cuserlogin->sex |
The user's gender (e.g., '男', '女', '保密'). | echo "Gender: " . $cuserlogin->sex; |
$cuserlogin->spacesta |
The user's space status (often relates to their homepage). | echo "Space Status: " . $cuserlogin->spacesta; |
Important Security Consideration
The $cuserlogin object is populated from the session. You should never trust data from a session without proper validation, especially if you are using it in database queries to prevent SQL injection.
Bad Practice (Vulnerable to SQL Injection):
// DANGEROUS - Do not do this! $user_id = $cuserlogin->ID; $query = "SELECT * FROM dede_archives WHERE mid = $user_id";
Good Practice (Use Dedecms's built-in functions):
Dedecms provides a safe function GetNums() to get a count of items for a specific user.
// SAFE - Use the built-in Dede function
// This will safely count articles belonging to the logged-in user
$article_count = GetNums("dede_archives", "mid='{$cuserlogin->ID}'");
echo "You have written " . $article_count . " articles.";
Summary
| Feature | Description |
|---|---|
| What it is | A PHP object representing the logged-in user. |
| How it works | Populated from session data after a successful login. |
| Key Use Case | Displaying personalized content and checking user status in templates. |
| Common Properties | ID, uname, email, scores, money. |
| Access Method | Primarily within {dede:php}...{/dede:php} blocks in your .htm templates. |
| Security | Always use Dedecms's built-in functions for database queries involving user session data. |
