Php 多用户登录未验证密码和会话
遵循我的代码,允许我按文件夹登录,但不验证我的密码和会话 没有开关盒,如果其他条件有效,则只有两个角色有效Php 多用户登录未验证密码和会话,php,mysql,Php,Mysql,遵循我的代码,允许我按文件夹登录,但不验证我的密码和会话 没有开关盒,如果其他条件有效,则只有两个角色有效 我需要一个多重角色 ob_start(); require_once 'dbconnect.php'; $userName = ''; $passError = ''; $error = false; if (isset($_POST['btn-login'])) { $userName = trim($_POST['userName']); $userName = str
我需要一个多重角色
ob_start();
require_once 'dbconnect.php';
$userName = '';
$passError = '';
$error = false;
if (isset($_POST['btn-login'])) {
$userName = trim($_POST['userName']);
$userName = strip_tags($userName);
$userName = htmlspecialchars($userName);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
if (empty($userName)) {
$error = true;
$userNameError = "Please enter your User Name.";
}
if (empty($pass)) {
$error = true;
$passError = "Please enter your password.";
}
if (!$error) {
$password = hash('sha256', $pass);
$res = mysqli_query($conn, "SELECT userId, userName, userPass, role FROM users1 WHERE userName='$userName'");
$row = mysqli_fetch_array($res);
$count = mysqli_num_rows($res);
var_dump($count);
$count == 1 && $row['userPass'] == $password && $row['role'] == 'multirole';
$multirole = $row['role'];
$row['userPass'] == ($password);
switch ($multirole) {
case "admin":
$_SESSION['user'] = $row['userName'];
$_SESSION['role'] = 'admin';
header('Location: admin/home.php');
break;
case "user":
$_SESSION['user'] = $row['userName'];
$_SESSION['role'] = 'user';
header('Location: user/home.php');
break;
default:
echo "No User Found ! Please Contact Admin";
}
}
}
你有什么建议吗?好的,你的脚本格式很差 我想你的问题就在这一部分: $count==1&&$row['userPass']==password&&$row['role']==multirole' $row['role']=='multirole';//这不可能是真的 我尝试重新编写您的脚本(使用+-您的逻辑,这也不太正确!):
不工作编码中缺少的somting可能是usname和password对象不正确set@BillyBarret有可能,找到问题的最好方法是开始一部分一部分地测试代码!这意味着只需测试您的数据是否使用if和else发布,并针对每种情况回显消息!所以你会发现问题所在!
ob_start();
require_once 'dbconnect.php';
if( isset($_POST['btn-login']) )
{
$username = $_POST['userName'];
$pass = $_POST['pass'];
if(empty($userName))
{
$error = true;
$userNameError = "Please enter your User Name.";
}
elseif(empty($pass))
{
$error = true;
$userNameError = "Please enter your password.";
}
else
{
$password = hash('sha256', $pass);
$res = $db -> prepare ("SELECT * FROM users1 WHERE userName = :userName");
$res -> execute (array (":userName" => $userName));
$count = $res -> rowCount();
if($count == 1)
{
$rows = $res -> fetchAll (PDO::FETCH_ASSOC);
foreach ($rows as $row)
{
$db_password= $row['userPass'];
$multirole = $row["role"];
}
if($password == $db_password)
{
switch ($multirole)
{
case "admin":
$_SESSION['user'] = $row['userName'];
$_SESSION['role'] = 'admin';
header('Location: admin/home.php');
break;
case "user":
$_SESSION['user'] = $row['userName'];
$_SESSION['role'] = 'user';
header('Location: user/home.php');
break;
default:
echo "No User Found ! Please Contact Admin";
}
}
}
}
}