<?php session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$conn = mysqli_connect('localhost', 'smithrwg_user', 'password', 'smithrwg_database');
$_SESSION['username'] = mysqli_real_escape_string($conn, $_SESSION['username']);
$query = "SELECT password, salt
FROM tbl_mem
WHERE username = '" . $_SESSION['username'] . "';";
$result = mysqli_query($conn, $query);
if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again.
{
header('Location: index.php');
echo "not found";
session_destroy();
}
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $_SESSION['password']) );
if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
{
header('Location: login.html');
}else {
// Redirect to home page after successful login.
header('Location: index.php');
$_SESSION['priv'] = $row['priv'];
}
?>
我正在尝试将 $_SESSION['priv'] = 设置为 MySQL 数据库表"tbl_mem"priv 中的行,但目前它没有将其设置为任何东西,我真的不明白如何让它做到这一点。
$row没有定义,你可能打算写$userData。但这仍然不起作用 - 您还需要编辑查询。
$query = "SELECT password, salt, priv FROM...";
//...
$_SESSION['priv'] = $userData['priv'];
header('Location: index.php');
它应该放在header()前面,以确保确实分配了值