PHP登录-Admin&;基于角色的用户
当以用户身份登录时,它会将我引导到index.php页面。当以管理员身份登录时,它仍然指示我进入index.php页面。我不确定实际的问题。我看过其他的帖子,但还是没有运气。请帮忙 用户表PHP登录-Admin&;基于角色的用户,php,Php,当以用户身份登录时,它会将我引导到index.php页面。当以管理员身份登录时,它仍然指示我进入index.php页面。我不确定实际的问题。我看过其他的帖子,但还是没有运气。请帮忙 用户表 //submit if(isset($_POST['login'])){ //-----variables initiated and set to empty---- $username = $_POST['username']; $password = $_POST['passw
//submit
if(isset($_POST['login'])){
//-----variables initiated and set to empty----
$username = $_POST['username'];
$password = $_POST['password'];
//----insert into database-----
$sql = 'SELECT username, password FROM users WHERE username=:username
AND password=:password';
$stmt = $db->prepare($sql);
$stmt->execute(array(':username' => $username, ':password' =>
$password));
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() == 1){
//$row = $stmt->fetch(PDO::FETCH_ASSOC);
$_SESSION['SESSION_role'] = $row['role'];
if( $_SESSION['SESSION_role'] == "admin"){
header('location: admin.php');
} else {
header('location: index.php');
}
} else {
// Display an error message if username doesn't exist
$noUserErr = 'The username or password is incorrect.';
}
}
$row['role']
未定义,因为在sql select语句中未包含字段role
。你需要把它改成
$sql = 'SELECT username, password, role FROM users WHERE username=:username
AND password=:password';
如果不这样做,您将得到一个通知:未定义的索引“role”
和$\u SESSION['SESSION\u role']
始终为false/NULL
但是:从不在数据库中存储普通密码。使用和您在查询本身中遗漏了
角色
。将SQL查询更新为-
SELECT username, password, role FROM users WHERE username=:username
AND password=:password'
就这样您没有选择
角色
字段。需要选择它从数据库中获取
$sql = 'SELECT username,
password,
role
FROM users
WHERE username = :username
AND password = :password';
$stmt = $db->prepare($sql);
$stmt->execute(array(':username' => $username, ':password' =>
$password));
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() == 1){
session_start(); // start session
$_SESSION['SESSION_role'] = $row['role'];
if($_SESSION['SESSION_role'] == "admin") {
header('location: admin.php');
} else {
header('location: index.php');
}
} else {
// Display an error message if username doesn't exist
$noUserErr = 'The username or password is incorrect.';
}
如果您不提前启动会话,还有一个建议。是否检查了$\u session['session\u role']是否在会话上设置了角色?
$row['role']
未定义,因为您的sql select语句中没有包含字段role
。您需要从中选择用户名、密码、角色…
旁白:我认为您不应该为$stmt::rowCount()而烦恼,而应该针对$row进行测试。还有人想对此发表评论吗?为什么要在数据库中以明文形式存储密码?不,不,不。如果我直接转到admin.php怎么办?没错,这是$\u SESSION['SESSION\u role']
。我监督了这个有创意的名字