php中的用户和管理员登录
在我的数据库中,有一个名为“角色”的行,该行指定是管理员还是登录用户php中的用户和管理员登录,php,sql,Php,Sql,在我的数据库中,有一个名为“角色”的行,该行指定是管理员还是登录用户 当然,管理员和用户有不同的功能。 这是我的登录过程代码 <?php include 'database_conn.php'; // make db connection ini_set("session.save_path", "../../sessionData"); session_start(); ?> <!DOCTYPE html> <html> <head>
当然,管理员和用户有不同的功能。
这是我的登录过程代码
<?php
include 'database_conn.php'; // make db connection
ini_set("session.save_path", "../../sessionData");
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>
</title>
</head>
<body>
<?php
$username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName']: null;
$passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd']: null;
$username = trim($username);
$passWD = trim($passWD);
//before we query from the database , we have to standartise
// create an empty array
if (empty($username)){
die("No username entered.");
}
if (empty($passWD)){
die("No password entered.");
}
/* Query the users database table to get the password hash for the username entered by the user in the logon form */
$sql = "SELECT password ,userID FROM t_user WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql); // prepare the sql statement
/* Bind the $username entered by the user to the prepared statement. Note the “s” part indicates the data type used – in this case a string */
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);// execute the query
/* Get the password hash from the query results for the given username and store it in the variable indicated */
mysqli_stmt_bind_result($stmt, $passWDHash,$userID);
/* Check if a record was returned by the query. If yes, then there was a username matching what was entered in the logon form and we can now test to see if the password entered in the logon form is the same as the stored (correct) one in the database. */
if (mysqli_stmt_fetch($stmt)) {
$_SESSION['uName'] = $username;
$_SESSION['uID'] = $userID;
//PASSWORD CORRECT
if (password_verify($passWD, $passWDHash)) {
$_SESSION['logged-in'] = true;
echo "<p>Welcome back " .$_SESSION['uName']."</p>\n";
echo "<p>Welcome back " .$_SESSION['uID']."</p>\n";
echo "<p>Password correct!</p>\n";
echo "<p><a href='logout.php'>Logout</a></p>";
}
else {
echo "<p>Password incorrect.</p>\n";
}
}
else {
echo "<p>Sorry we don't seem to have that username.</p>";
}
//this line should determine whether it is user or admin is login
$result = mysqli_query($conn,$sql);
if($result)
{
$row = mysqli_fetch_assoc($result);
$user_type = $row['role']; // you get user type here whether he's admin or login
if ($user_type == 'admin') {
echo " this is admin";
//header to admin page
}
elseif ($user_type == 'user') {
echo "this is user" ;
//header to user page
}
else{
echo "query failed";
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
</body>
</html>
代码不起作用,因为它应该显示登录角色。好像
无法确定角色
发生这种情况的原因是因为您有未定义的索引角色。此行应该抛出未定义索引的通知:$user\u type=$row['role']由于sql语句中未定义角色,所以未选择角色。这是您的语句:$sql=“从t_user中选择密码、userID,其中username=?”正如您所看到的,您没有在代码中的任何地方选择角色,我也不明白您在这里想要实现什么:$result=mysqli\u query($conn,$sql)
您已经准备了一条语句并执行了该语句,因此不需要运行另一个查询来确定用户的角色,这一切都可以通过一个查询完成
这就是你如何做到这一点:
<?php
ob_start();
session_start();
ini_set("session.save_path", "../../sessionData");
include 'database_conn.php'; // make db connection
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<?php
$username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName'] : null;
$passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd'] : null;
$username = trim($username);
$passWD = trim($passWD);
//before we query from the database , we have to standartise
// create an empty array
if (empty($username)) {
die("No username entered.");
}
if (empty($passWD)) {
die("No password entered.");
}
/* Query the users database table to get the password hash for the username entered by the user in the logon form */
$sql = "SELECT password ,userID,role FROM t_user WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql); // prepare the sql statement
/* Bind the $username entered by the user to the prepared statement. Note the “s” part indicates the data type used – in this case a string */
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt); // execute the query
/* Get the password hash from the query results for the given username and store it in the variable indicated */
mysqli_stmt_bind_result($stmt, $passWDHash, $userID, $user_type);
/* Check if a record was returned by the query. If yes, then there was a username matching what was entered in the logon form and we can now test to see if the password entered in the logon form is the same as the stored (correct) one in the database. */
if (mysqli_stmt_fetch($stmt)) {
$_SESSION['uName'] = $username;
$_SESSION['uID'] = $userID;
//PASSWORD CORRECT
if (password_verify($passWD, $passWDHash)) {
$_SESSION['logged-in'] = true;
echo "<p>Welcome back " . $_SESSION['uName'] . "</p>\n";
echo "<p>Welcome back " . $_SESSION['uID'] . "</p>\n";
echo "<p>Password correct!</p>\n";
echo "<p><a href='logout.php'>Logout</a></p>";
// check user role
if ($user_type == 'admin') {
echo " this is admin";
//header to admin page
} elseif ($user_type == 'user') {
echo "this is user";
//header to user page
}
} else {
echo "<p>Password incorrect.</p>\n";
}
}
else {
echo "<p>Sorry we don't seem to have that username.</p>";
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
</body>
</html>
此外,您还必须始终检查位于apache/logs/error.log
什么是代码不起作用
?请更具体地说明您的问题。因此,我们可以帮助您。它应该显示echo语句,无论它是admin还是user login如果您现在启用了错误报告,您应该会收到一条警告,角色
未定义
ini_set('display_errors', 1);
`error_reporting(E_ALL);`