Php 具有两种不同条件的登录表单
我有一个登录页面。主分支的管理员A和其他管理员B、C以及分支B、C和D的管理员A。管理员A可以登录到所有分支,而管理员B、C和D只能登录到自己的分支。但现在我能做的是所有管理员只能登录到自己的分支。我如何才能做到这一点,使管理员A也可以登录到分支机构B,C和D 这是我的密码Php 具有两种不同条件的登录表单,php,login,Php,Login,我有一个登录页面。主分支的管理员A和其他管理员B、C以及分支B、C和D的管理员A。管理员A可以登录到所有分支,而管理员B、C和D只能登录到自己的分支。但现在我能做的是所有管理员只能登录到自己的分支。我如何才能做到这一点,使管理员A也可以登录到分支机构B,C和D 这是我的密码 if($_POST['username'] && $_POST['password'] && $_POST['txtbranch']) { $username = $_POST['use
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch']) {
$username = $_POST['username'];
$password = $_POST['password'];
$txtbranch = $_POST['txtbranch'];
$hash_pass = $password;
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username, Password and Branch.';
}
}
- 在数据库的登录表中添加类型字段
- 然后在添加所有admin之后,设置类型,比如admin A=1,B,C,D=2
- 现在在登录页面中设置条件
我会为用户权限添加一个表
┌──────┬──────┐
│userid│branch│
├──────┼──────┤
│ 1 │ A │
│ 1 │ B │
│ 1 │ C │
│ 1 │ D │
│ 2 │ B │
│ 2 │ C │
│ 2 │ D │
└──────┴──────┘
然后可以发出如下所示的SQL语句
SELECT *
FROM users, userrights
WHERE users.userid=userrights.userid
AND users.username=@username
AND users.password=@hashed_pass
LIMIT 1
此SQL查询从联接的表users
和userrights
中选择所有列(最好显式选择列!select userid、username、pin、branchid FROM…
)(为了清晰起见,重命名了这些表)。后者拥有用户对表的权限。作为原始查询进行过滤和限制,和我使用SQL参数防止注入略有不同
有了这个问题,你就可以保持沉默
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
[...]
用role替换branch_id,以便于理解其他人。 您必须在数据库命名中插入一个标志作为角色。 如果角色为1-您的案例中的角色(A-主要分支) 如果角色是2-在您的案例中(B、C、D-其他分支) 假设您的数据库结构如下
id | username | password | role |
---------------------------------
1 | A | 123 | 1
---------------------------------
2 | B | 1111 | 2
---------------------------------
3 | C | 2323 | 2
---------------------------------
4 | D | 1782 | 2
我不喜欢在数据库中存储纯文本密码,这只是一个示例。
您的代码如下所示:
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch'])
{
$username = $_POST['username'];
$password = $_POST['password'];
$txtbranch = $_POST['txtbranch'];
$hash_pass = $password;
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$role = $row['role'];
if($role == 1)
{
//that is A then set the session and redirect to A dashboard
}
else if($role ==2)
{
//that is B,C and D then set the session and redirect to there respective dashbaord
}
else
{
//whatever action you want
}
}
else
{
$error = 'Incorrect Username, Password and Branch.';
}
}
我已经解决了我的问题,这是我的最终代码
if($_POST['SUBMIT']=='Sign In')
{
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch'])
{
$username = $_POST['username'];
$password = $_POST['password'];
$txtbranch = $_POST['txtbranch'];
$query_callbranch=mysqli_query("SELECT * FROM sysfile WHERE USERNAME='$username' ")or die(mysqli_error());
while($rowcallbranch=mysqli_fetch_array($query_callbranch))
{
$pin = $rowcallbranch['pin'];
if($pin == '9' && $username == 'admin')
{
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$password."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username dan Password.';
}
}
if($pin == '0')
{
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username, Password and Branch.';
}
}
}
}
}
管理员A
是用户名吗?你对SQL注入开放,应该有散列密码。你真的散列了吗?更改变量名不是散列..这听起来可能会让你泄气。请使用准备好的语句,并在继续之前了解如何散列您的密码:,并显示验证登录kode。我的意思是如果($_SESSION['userid']==false){我会先试试这个。
if($_POST['SUBMIT']=='Sign In')
{
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch'])
{
$username = $_POST['username'];
$password = $_POST['password'];
$txtbranch = $_POST['txtbranch'];
$query_callbranch=mysqli_query("SELECT * FROM sysfile WHERE USERNAME='$username' ")or die(mysqli_error());
while($rowcallbranch=mysqli_fetch_array($query_callbranch))
{
$pin = $rowcallbranch['pin'];
if($pin == '9' && $username == 'admin')
{
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$password."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username dan Password.';
}
}
if($pin == '0')
{
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username, Password and Branch.';
}
}
}
}