如何从数据库中获取php会话的用户类型
我正在构建一个网站,我想检索数据库中定义的用户类型,并将登录的用户重定向到特定页面。例如,如果用户是admin,它会将该用户重定向到administration页面,如果用户类型是X,它会将该用户重定向到用户类型X的特定页面 现在,我正在尝试一个临时解决方案,因为我在截止日期前(明天)没有足够的时间。我试图通过运行数据库和php查询从数据库中获取用户类型,如下所示:如何从数据库中获取php会话的用户类型,php,mysql,session,Php,Mysql,Session,我正在构建一个网站,我想检索数据库中定义的用户类型,并将登录的用户重定向到特定页面。例如,如果用户是admin,它会将该用户重定向到administration页面,如果用户类型是X,它会将该用户重定向到用户类型X的特定页面 现在,我正在尝试一个临时解决方案,因为我在截止日期前(明天)没有足够的时间。我试图通过运行数据库和php查询从数据库中获取用户类型,如下所示: $_SESSION['login'] = true; $_SESSION['u
$_SESSION['login'] = true;
$_SESSION['username']=$username;
$query="select user_type from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['user_type']=$user_type;
}
echo json_encode( array('result'=>1));
<?php
session_start();
include("db.php");
$con=mysqli_connect($server, $db_user, $db_pwd,$db_name) //connect to the database server
or die ("Could not connect to mysql because ".mysqli_error());
mysqli_select_db($con,$db_name) //select the database
or die ("Could not select to mysql because ".mysqli_error());
//prevent sql injection
$username=mysqli_real_escape_string($con,$_POST["username"]);
$password=mysqli_real_escape_string($con,$_POST["password"]);
//$user_type=mysqli_real_escape_string($con,$_POST["user_type"]);
//decrypt password
//check if user exist already
$query="select * from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
if (mysqli_num_rows($result)) //if exist then check for password
{
//Pickup password to compare with encrypted password
$query="select password from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
$db_field = mysqli_fetch_assoc($result);
$hashed_password=crypt($password,$db_field['password']);
$query="select * from ".$table_name." where username='$username' and password='$hashed_password'";
$result=mysqli_query($con,$query) or die('error');
if (mysqli_num_rows($result)) //if passwords match then check actvation status
{
$query="select * from ".$table_name." where username='$username' and password='$hashed_password' and activ_status in(1)";
$result=mysqli_query($con,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['login'] = true;
$_SESSION['username']=$username;
$query="select user_type from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['user_type']=$user_type;
}
echo json_encode( array('result'=>1));
}
else
{
echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_key.php?user=".$username."\">$msg_email_2</a>."));
// echo "User Account not yet activated.Check your mail for activation details.";
}
}
else
{
echo json_encode( array('result'=>$msg_pwd_error));
// echo trim("password incorrect");
}
}
else
{
echo json_encode( array('result'=>$msg_un_error));
// die("Username Doesn't exist");
die();
}
?>
我可以获取用户名和登录状态,但当我试图获取用户类型时,我在_SESSIONS数组中得到一个空结果
整个php代码如下所示:
$_SESSION['login'] = true;
$_SESSION['username']=$username;
$query="select user_type from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['user_type']=$user_type;
}
echo json_encode( array('result'=>1));
<?php
session_start();
include("db.php");
$con=mysqli_connect($server, $db_user, $db_pwd,$db_name) //connect to the database server
or die ("Could not connect to mysql because ".mysqli_error());
mysqli_select_db($con,$db_name) //select the database
or die ("Could not select to mysql because ".mysqli_error());
//prevent sql injection
$username=mysqli_real_escape_string($con,$_POST["username"]);
$password=mysqli_real_escape_string($con,$_POST["password"]);
//$user_type=mysqli_real_escape_string($con,$_POST["user_type"]);
//decrypt password
//check if user exist already
$query="select * from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
if (mysqli_num_rows($result)) //if exist then check for password
{
//Pickup password to compare with encrypted password
$query="select password from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
$db_field = mysqli_fetch_assoc($result);
$hashed_password=crypt($password,$db_field['password']);
$query="select * from ".$table_name." where username='$username' and password='$hashed_password'";
$result=mysqli_query($con,$query) or die('error');
if (mysqli_num_rows($result)) //if passwords match then check actvation status
{
$query="select * from ".$table_name." where username='$username' and password='$hashed_password' and activ_status in(1)";
$result=mysqli_query($con,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['login'] = true;
$_SESSION['username']=$username;
$query="select user_type from ".$table_name." where username='$username'";
$result=mysqli_query($con,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['user_type']=$user_type;
}
echo json_encode( array('result'=>1));
}
else
{
echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_key.php?user=".$username."\">$msg_email_2</a>."));
// echo "User Account not yet activated.Check your mail for activation details.";
}
}
else
{
echo json_encode( array('result'=>$msg_pwd_error));
// echo trim("password incorrect");
}
}
else
{
echo json_encode( array('result'=>$msg_un_error));
// die("Username Doesn't exist");
die();
}
?>
您有$\u会话['user\u type']=$user\u type
,但什么是$user\u type
?您没有在任何地方初始化它,因此在$\u会话['user\u type']
中不会存储任何内容
您必须首先从数据库获取结果,并将结果的值分配给$user\u type
变量,然后才能存储它
$row = mysqli_fetch_assoc($result);
$user_type = $row['user_type'];
哦,是的!!这是一个很大的错误!我的大脑在这么晚的时间里几乎不工作:)然而,我仍然得到一个空的结果。我已将代码更改为以下类型:1)$query=“从“$table\u name.”中选择用户类型,其中username='$username';$result=mysqli_query($con,$query)或die('error');虽然($row=mysqli\u fetch\u assoc(result)){$user\u type=$row['user\u type'];$\u SESSION['user\u type']=$user\u type;}2)我将$\u SESSION部分从while条件中移除。3) 我只在while条件中放置了$\u会话部分。它们都没有工作:/Is$user\u type
也是空的,或者只是$\u会话['user\u type']
是空的?user\u type是空的。我找到了一个变通方法。我添加了一个虚拟页面,它将从$\u会话中检索用户名,并使用mysql命令请求用户类型,并根据用户类型立即重定向页面。我不知道这东西怎么会在同一页上不起作用,而是在虚拟页上起作用。但是,只要它起作用,而且我离最后期限非常近,我现在就使用这种方法,以后再处理。然而,你的评论使我意识到我的主要错误。非常感谢你的帮助,我真的很感激!:)