Php 如何根据用户的状态和角色登录用户
我正在创建一个登录页面,用户和管理员将在其中登录 在管理员将其激活之前,用户的角色为user,状态为pending。 我有不同的文件显示为用户和管理员,在用户,有2个文件。1用于活动用户,另一个用于挂起用户 我创建了if语句并尝试了switch语句。但我在XAMPP“解析错误:语法错误,C:\XAMPP\htdocs\MakerLab\server.php中文件的意外结尾,第109行”上遇到了一个错误 这是我的server.phpPhp 如何根据用户的状态和角色登录用户,php,mysql,login,Php,Mysql,Login,我正在创建一个登录页面,用户和管理员将在其中登录 在管理员将其激活之前,用户的角色为user,状态为pending。 我有不同的文件显示为用户和管理员,在用户,有2个文件。1用于活动用户,另一个用于挂起用户 我创建了if语句并尝试了switch语句。但我在XAMPP“解析错误:语法错误,C:\XAMPP\htdocs\MakerLab\server.php中文件的意外结尾,第109行”上遇到了一个错误 这是我的server.php 下次您可以使用类似于IDE的PHPStorm来帮助缩进和格式时
下次您可以使用类似于IDE的PHPStorm来帮助缩进和格式时,文件末尾(在?>标记之前)缺少2个括号
<?php
// variable declaration
$email = "";
$status = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'makerlab');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$fname = mysqli_real_escape_string($db, $_POST['fname']);
$lname = mysqli_real_escape_string($db, $_POST['lname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$lewisID = mysqli_real_escape_string($db, $_POST['lewisID']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
//if (empty($email)) { array_push($errors, "Lewis Email is required"); }
//if (empty($password_1)) { array_push($errors, "Password is required"); }
//if ($password_1 != $password_2) {
// array_push($errors, "The two passwords do not match");
//}
$user_check_query = "SELECT * FROM users WHERE lewisID='$lewisID' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['lewisID'] === $lewisID) {
array_push($errors, "lewisID already exists");
}
if ($user['email'] === $email) {
array_push($errors, "lewisID already exists");
}
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (lewisID,
fname,
lname,
email,
password)
VALUES('$lewisID',
'$fname',
'$lname',
'$email',
'$password')";
mysqli_query($db, $query);
$_SESSION['fname'] = $fname;
$_SESSION['email'] = $email;
header('location: pend.php');
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($email)) {
array_push($errors, "Lewis Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$email'
AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$row = mysqli_fetch_assoc($results);
$status = $row['status'];
$role = $row['role'];
if ($status == "Pending") {
header('location: pend.php');
} else if ($status == "Active" || $role == "user") {
header('location: AccountMain.php');
} else if ($status == "Active" || $role == "admin") {
header('location: admain.php');
}
} else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
下次您可以使用类似于IDE的PHPStorm来帮助缩进和格式时,文件末尾(在?>标记之前)缺少2个括号
<?php
// variable declaration
$email = "";
$status = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'makerlab');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$fname = mysqli_real_escape_string($db, $_POST['fname']);
$lname = mysqli_real_escape_string($db, $_POST['lname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$lewisID = mysqli_real_escape_string($db, $_POST['lewisID']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
//if (empty($email)) { array_push($errors, "Lewis Email is required"); }
//if (empty($password_1)) { array_push($errors, "Password is required"); }
//if ($password_1 != $password_2) {
// array_push($errors, "The two passwords do not match");
//}
$user_check_query = "SELECT * FROM users WHERE lewisID='$lewisID' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['lewisID'] === $lewisID) {
array_push($errors, "lewisID already exists");
}
if ($user['email'] === $email) {
array_push($errors, "lewisID already exists");
}
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (lewisID,
fname,
lname,
email,
password)
VALUES('$lewisID',
'$fname',
'$lname',
'$email',
'$password')";
mysqli_query($db, $query);
$_SESSION['fname'] = $fname;
$_SESSION['email'] = $email;
header('location: pend.php');
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($email)) {
array_push($errors, "Lewis Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$email'
AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$row = mysqli_fetch_assoc($results);
$status = $row['status'];
$role = $row['role'];
if ($status == "Pending") {
header('location: pend.php');
} else if ($status == "Active" || $role == "user") {
header('location: AccountMain.php');
} else if ($status == "Active" || $role == "admin") {
header('location: admain.php');
}
} else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
请注意您易受攻击,并应使用以防止此情况发生。除此之外,md5()
是(即使有盐),不应用于密码存储。相反,你应该考虑和谢谢。我下一步会做的。我需要if语句方面的帮助您的错误似乎也是由于缺少一个}
(对于if(count($errors)==0)
);使用适当的缩进可以更容易地确认这一点。一些用于编写代码的程序,例如,如果单击{它将向您显示它认为匹配的}的位置。我正在使用记事本+,它确实显示了所有匹配项,但我添加了2个括号,需要,但现在抱怨第89-92-94行的角色未定义。请注意,您很容易受到攻击,应该使用它来防止出现这种情况。除此之外,md5()
是(即使有盐),不应用于密码存储。相反,你应该考虑和谢谢。我下一步会做的。我需要if语句方面的帮助您的错误似乎也是由于缺少一个}
(对于if(count($errors)==0)
);使用适当的缩进可以更容易地确认这一点。一些用于编写代码的程序,例如,如果单击{它将向您显示它认为匹配的}的位置。我使用的是记事本+,它确实显示了所有匹配项,但我添加了两个括号,需要花费时间,但现在抱怨第89-92行的角色未定义,谢谢,@Elminson De Oleo Baez。我添加了他们,它带来了网站,但现在我无法登录。我尝试与一个活跃的和挂起的用户,它没有做任何事情。请让我回到登录页面问题是您的登录用户部分在注册用户中,我将编辑我的答案,然后您可以再次测试。您现在可以使用新代码@Zaheemhasantanks进行测试。我试过了,但现在它抱怨角色变量没有定义。我的数据库名称“role”中有一列您的问题是您正在访问变量$role
,该变量未定义$row['role']=$role因此您必须将其转换为$role=$row['role']谢谢,@Elminson De Oleo Baez。我添加了他们,它带来了网站,但现在我无法登录。我尝试与一个活跃的和挂起的用户,它没有做任何事情。请让我回到登录页面问题是您的登录用户部分在注册用户中,我将编辑我的答案,然后您可以再次测试。您现在可以使用新代码@Zaheemhasantanks进行测试。我试过了,但现在它抱怨角色变量没有定义。我的数据库名称“role”中有一列您的问题是您正在访问变量$role
,该变量未定义$row['role']=$role因此您必须将其转换为$role=$row['role']