我有一个问题与我的代码,我的登录工作完美,但我希望它显示注册到网站的用户列表从mysql数据库当我登录为admin@admin.com我的凭据。我的代码显示了为网站注册的用户列表,但它显示了现在登录的每个人,而不仅仅是管理员。有人能看出我错过了什么吗?谢谢你!下面的代码。
<?php
session_start();
$mysql_hostname = 'localhost';
$mysql_user = 'username';
$mysql_password = 'password';
$mysql_database = 'db_users2015';
$connect = mysql_connect($mysql_hostname, $mysql_user, $mysql_password)
or die ("Couldn't connect");
echo "<BR>Connection Successful";
//to put data into database
//select database
$db_selected= mysql_select_db($mysql_database, $connect)
or die ("Couldn't connect to the database");
//frontend and backend data processing
$email= $_POST['email'];
$password= $_POST['password'];
//to check for admin
$sql= "SELECT * FROM users WHERE email= 'admin@admin.com' and password= 'password'";
$sql_result = mysql_query($sql);
{echo
$query = mysql_query("SELECT email FROM users");
echo '<table>';
while($rowtwo = mysql_fetch_array($query)){
echo '<tr>
<td>' .$rowtwo['email'].'</td>
</tr>';
}
echo '</table>';
}
//To see if email is registered
$sql = "SELECT COUNT(*) FROM users WHERE email= '{$_POST['email']}'";
$sql_result = mysql_query($sql);
if (mysql_result($sql_result, 0)<1)
{
die("<BR>Email address not found");
}
else{
echo "Login Successful!";
}
//To check if email and password match
$result = mysql_query("SELECT * FROM users WHERE email = '$email' AND
password ='$password' LIMIT 1");
if(mysql_num_rows($result) > 0){
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$firstname = $row["firstname"];
$lastname = $row["lastname"];
echo "<BR>Welcome back, ";
echo $firstname;
echo " ";
echo $lastname;
}else{
echo 'wrong password/username combo';
}
?>
您需要创建一个实际的条件。
$result = mysql_query($sql);
if( $result->num_rows == 1 ) {
//show list
}else {
//not authorized
}
您正在查找具有admin电子邮件地址的用户记录,但您没有将其与刚刚登录的人进行比较。
我建议建立某种身份验证组。
如果登录的用户是admin组的成员那么他们会看到admin类的东西,同样地,站点用户组中的人会看到站点用户的东西,等等