如何在php中检查权限并将用户发送到正确的页面?
Halo各位,我有一个问题,当用户登录并将用户发送到他们假设所在的页面时,如何检查权限。但我就是做不到。有人能帮忙吗如何在php中检查权限并将用户发送到正确的页面?,php,mysql,Php,Mysql,Halo各位,我有一个问题,当用户登录并将用户发送到他们假设所在的页面时,如何检查权限。但我就是做不到。有人能帮忙吗 <?php $host="localhost"; // Host name $username="root"; // Mysql username $password="123456789"; // Mysql password $db_name="hospital_db"; // Database name $tbl_name="members"; // Table n
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="123456789"; // Mysql password
$db_name="hospital_db"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$permissionssql="SELECT permissions FROM $tbl_name WHERE permissions";
$permissionssqlresult=mysql_query($permissionssql);
if(permissions==admin){
header("location:admin.php");
if(permissions==employees){
header("location:employees.php");
if(permissions==employees){
header("location:otherstaff.php");
}
}
}
}
else{
echo "Wrong username or password!";
}
?>
permissions==employees
也许这应该是$permissions==employees'
?$permissionssqlresult更有可能是OP您的用户是否可以从表中拥有多个权限值?此外,还要研究密码加密和比这更好的登录方法,还有一些改进,members
表上有permissions
列吗?如果是这样的话,就真的不需要第二个查询了(这很可能不是你想要的)。此外,如果您打开了错误报告,我相信您会看到各种各样的警告/通知。