我有这个php登录脚本,它包含三个用户(Root、Secretary和Accountant),效果非常好。
但正如你所看到的,每个账户都有自己的php标签,允许特定用户登录,我的目标是只使用一个php标签
<?php ....?>
对于这两个帐户,示例(登录必须检查用户名或密码是否正确,他/她将被引导到同一登录页面,消息将是"插入正确的用户名或密码",并用红色文本颜色显示),此外,我想介绍PHP登录会话,这样,如果用户没有登录,他/她的登录页面(index.PHP),我想避免用户试图绕过系统。
请提供任何帮助,我只是php 的新手
这是代码
<?php
// Connect to server and select databse.
$link=mysql_connect("localhost","root", "mcl")or die("cannot connect");
mysql_select_db("mcl",$link)or die("cannot select DB");
$sql="SELECT * FROM admin WHERE fname=('$_POST[fname]') and
password=('$_POST[password]')";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count>0){
// Register $myusername, $mypassword and redirect to file "login_success.php"
header("location:dashboard.php");
}
?>
<?php
$fname="fname";
$link=mysql_connect("localhost","root", "mcl")or die("cannot connect");
mysql_select_db("mcl",$link)or die("cannot select DB");
$sql="SELECT * FROM acco_untant WHERE fname=('$_POST[fname]') and
password=('$_POST[password]')";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count>0){
//Register $myusername, $mypassword and redirect to file "login_success.php"
header("location:dash_accou.htm");
}
else {
echo "Invalid username or password <a href=index.php><input name=Click here to reload
type=button
disabled value= <<<Reload>";
}
?>
<?php
// Connect to server and select databse.
$link=mysql_connect("localhost","root", "mcl")or die("cannot connect");
mysql_select_db("mcl",$link)or die("cannot select DB");
$sql="SELECT * FROM secretary WHERE fname=('$_POST[fname]') and
password=('$_POST[password]')";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count>0){
// Register $myusername, $mypassword and redirect to file "login_success.php"
header("location:dash_secretary.htm");
}
?>
如果我理解正确的话,你可以根据用户登录名($_POST['name'])更改交换机中的位置。
<?php
session_start();
// Connect to server and select databse.
$link=mysql_connect("localhost","root", "mcl")or die("cannot connect");
mysql_select_db("mcl",$link)or die("cannot select DB");
$sql="SELECT * FROM admin WHERE fname=('$_POST[fname]') and
password=('$_POST[password]')";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count>0){
$_SESSION['username'] = $_POST['fname'];
switch($_POST['fname']) {
case 'Root': header("Location: dashboard.php"); break;
case 'Accountant': header("Location: dash_accou.htm"); break;
case 'Secretary': header("Location: dash_secretary.htm"); break;
}
exit;
}
else {
echo "Invalid username or password";
}
?>
但我也建议你另外三件事。
要在srcripts内部执行服务器端会话身份验证检查。现在我可以"登录"到您的只需在浏览器url字符串中键入dash_secretary.htm
或dashboard.php
。但是,如果你在dashboard.php中检查会话用户名是否存在和用户名,它会将未经授权的用户重定向回登录页面:
session_start();
if(!isset($_SESSION['username']) || $_SESSION['username'] != 'Root') {
header('Location: index.php');
exit;
}
在SQL查询中传递原始POST数据,以防止SQL注入。
对用户密码进行散列。
您应该使用PDO或mysqli,这上面已经有很多posst了。
此外,您应该将所有用户放在同一个表中,并使用一个字段来标识用户的类型,或者使用具有其权限的表。
如果你想继续你要走的路,你可以使用UNION并添加一个user_type,如下所示:
$query = "SELECT *,'admin' as 'user_type', FROM admin WHERE fname=('$_POST[fname]')
and password=('$_POST[password]')
UNION
SELECT *,'acco_untant' as 'user_type', FROM acco_untant WHERE fname=('$_POST[fname]') and
password=('$_POST[password]'
UNION
SELECT *,'secretary' as 'user_type', FROM secretary WHERE fname=('$_POST[fname]') and
password=('$_POST[password]')")
";