我对这段代码的问题是,决定转到哪个页面的 IF 语句似乎默认为 index.php。我已经在MySQL中创建了一个登录表,并且有用户名/密码列,还有另一列带有布尔值,该值说明用户是否为管理员。
session_start(); // Starting Session
$error = ''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $username and $password
$username = $_POST['username'];
$password = $_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect(" ", " ", " ", " ");
// Selecting Database
$db = mysql_select_db(" ", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = "SELECT * FROM login WHERE username='$username' and password='$password'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$count = mysql_num_rows($result);
$auth = $row['admin'];
if ($count == 1) {
if ($auth['admin'] == 1) {
session_start();
$_SESSION['admin'] = $auth;
$_SESSION['username'] = $username;
header("location: member.php");
} elseif ($auth['admin'] == 0) {
session_start();
$_SESSION['admin'] = $auth;
header("location:index.php");
}
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
由于您已经在此处提取了admin值:
$auth=$row['admin'];
您不必在此处提取它:
if($auth['admin']==1){
或在这里:
elseif($auth['admin']==0){
这个简单的更改应该可以解决您的问题:
if($auth==1) {
...
} elseif($auth==0) {
...
在您的原始代码中,$auth['admin']不存在,因为它本身只是一个整数$auth因此它将通过$auth['admin'] == 0测试,因为它是"falsy"。
此外,看起来您可能遇到$auth完全未定义的情况,在这种情况下,您应该对第二个条件使用"严格比较",因此您正在寻找实际的零,而不仅仅是任何虚假的东西:
} elseif($auth===0) {
我重新编写了您的登录脚本。试试这个。 我想你会发现这对你的工作会更好。
if(isset($_POST['username'])) {
$username = stripslashes($_POST['username']);
$username = strip_tags($username);
$username = mysql_real_escape_string($username);
$password = $_POST['password'];
//$password = md5($password);
$db_host = "host"; $db_username = "username"; $db_pass = "password"; $db_name = "db_name"; mysql_connect("$db_host","$db_username","$db_pass"); mysql_select_db("$db_name"); // connect to your database only if username is set
$sql = mysql_query("SELECT * FROM login WHERE username='$username' and password='$password'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){ // if the user exists run while loop below
session_start(); // start session here (only once)
while($row = mysql_fetch_array($sql)){ // fetch the users admin from query
$auth = $row['admin'];
$_SESSION['admin'] = $auth; // set admin session variable
$_SESSION['username'] = $username; // set username session variable
if($auth == 1){
header("location: member.php"); // if user auth is 1, send to member
}else if($auth == 0){
header("location: index.php"); // if user auth is 0, send to index
}
exit();
}
} else {
header('Location: login.php'); // if user doesnt exist, reload login page.
}
mysql_close();
}
我建议使用 md5 哈希密码。
当有人在您的站点注册时,您可以在 db 条目之前使用此行$password = md5($password);将密码转换为 md5 哈希
关于上述$auth,这假设您在数据库中的条目是 0 或 1。 如果你以这种方式控制它,我建议在sql数据库中使用枚举。 将类型设置为"枚举",将类型设置为"0"、"1"
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect(" ", " ", " ", " ");
// Selecting Database
$db = mysql_select_db(" ", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = "SELECT * FROM login WHERE username='$username' and password='$password'";
$result=mysql_query($query) or die(mysql_error());
$row= mysql_fetch_array($result);
$count=mysql_num_rows($result);
$auth= (int)$row['admin'];
if($count){
if($auth == 1){
$_SESSION['admin']= $auth;
$_SESSION['username']= $username;
header("location: member.php");
exit;
}elseif($auth == 0){
$_SESSION['admin']= $auth;
header("location:index.php");
exit;
}
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>
尝试
header("Location: index.php");
exit;
header("Location: member.php");
exit;
注意大写字母 L 和exit;
也分别尝试if($auth == "1")和elseif($auth == "0")。
如果您重视登录页面的安全性,请使用 PDO 或 mysqli 而不是 mysql 。由于易受 SQL 注入的影响,它已被弃用且不安全。
此外,在处理密码的存储和验证时,利用 PhP 的password_hash和password_verify。与md5()相比,它更安全。如果您想要使用示例,请告诉我。