基本上,我尝试使此代码在不同的php页面中导航。提verify_user.php
$con = mysqli_connect("localhost", "root", "****", "myDB");
if (!$con){
die("Connection to database failed: " . mysqli_connect_error());
}
$uname=$_POST['u_name'];
$pass=$_POST['pass'];
$qry = mysqli_query($con, "SELECT * FROM login WHERE user='$uname'");
if(!$qry){
die("Query Failed: ". mysql_error());
} else {
$row = mysqli_fetch_array($qry);
if($_POST['u_name'] == $row["user"] && $_POST['pass'] == $row["password"]) {
if ($_POST['u_name'] = "admin") {
session_start();
$_SESSION['name'] = $_POST['u_name'];
header("Location:admin_panel.php");
} else {
session_start();
$_SESSION['name']=$_POST['u_name'];
header("Location:main.php");
}
} else {
header("Location:main.php?id=Worng ID / Password!");
}
}
?>
从这段代码中我们可以看到,如果用户是管理员,它应该转到admin_panel.php。如果用户不是管理员,则应转到main.php。进一步解释;这是我的admin_panel.php
<?php
session_start();
if(isset($_SESSION['name'])){
if(!$_SESSION['name']=='admin'){
?>
<!-- HTMML CODE -->
<?php
}
else
header("Location:index.php?id=Only for admin.");
}
else
{
header("Location:index.php?id=Only for admin.");
}
?>
但它不起作用...
更改
if ($_POST['u_name'] = "admin") {
自
if ($_POST['u_name'] == "admin") {
改变
if(!$_SESSION['name']=='admin'){
自
if($_SESSION['name']=='admin'){
事实上你可以改变
<?php
session_start();
if(isset($_SESSION['name'])){
if(!$_SESSION['name']=='admin'){
?>
<!-- HTMML CODE -->
<?php
}
else
header("Location:index.php?id=Only for admin.");
}
else
{
header("Location:index.php?id=Only for admin.");
}
?>
自
<?php
session_start();
if(isset($_SESSION['name']) && $_SESSION['name'] == 'admin'){
?>
<!-- HTMML CODE -->
<?php
}
else
{
header("Location:index.php?id=Only for admin.");
}
?>
另外,这真的不是很好
header("Location:index.php?id=Only for admin.");
网址中不应有空格
顺便说一句,这段代码很容易受到SQL注入的影响。