我正在尝试制作管理员和登录页面

时间:2013-12-04 05:03:32

标签: php mysql

这是我的数据库:-seureurer table:-members 

username   password   status
admin      admin        1
user       user         0

这是我的checklogin.php 

<html>
<body>
    <table>
        <?php
            ob_start();
            $host="localhost"; // Host name
            $username="root"; // Mysql username
            $password="password"; // Mysql password
            $db_name="lecturer"; // Database name
            $tbl_name="members"; // Table name

            // Connect to server and select databse.
            mysql_connect("$host", "$username", "$password")or die("cannot connect");
            mysql_select_db("$db_name")or die("cannot select DB");

            // Define $myusername and $mypassword
            $myusername=$_POST['myusername'];
            $mypassword=$_POST['mypassword'];

            // To protect MySQL injection (more detail about MySQL injection)
            $myusername = stripslashes($myusername);
            $mypassword = stripslashes($mypassword);
            $myusername = mysql_real_escape_string($myusername);
            $mypassword = mysql_real_escape_string($mypassword);

            $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' and status='1'";
            $result=mysql_query($sql);

            // Mysql_num_row is counting table row
            $count=mysql_num_rows($result);

            // If result matched $myusername and $mypassword, table row must be 1 row
            if($count==1) {

                // Register $myusername, $mypassword and redirect to file "login_success.php"
                $_session["myusername"] = "myusername";
                $_session["mypassword"] = "mypassword";
                $info = mysql_fetch_array($result);

                if($info['status'] == 1) {
                    header("location:webpage.php");
                } else
                    header("location:lecturer.php");
            } else {
                echo "Wrong Username or Password";
            }
            ob_end_flush();
        ?>

        <th><a href="main_login.php?pressed=back">Back</a></th>
    </table>
</body>
</html>

我正在尝试的是系统检查时 如果将导致webpage.php为admin,则状态为“1” 如果状态为“0”,则将导致lecturer.php用户

但是当我输入admin和user时,它会一直输入webpage.php

问题是,当我进入用户时,它仍然导致webpage.php我希望它将其重定向到lecturer.php

任何人都可以陈述我所犯的错误 非常感谢你

3 个答案:

答案 0 :(得分:1)

尝试这个....从你的查询中删除和status ='1',只有在从查询中获取结果时才传递带有用户名和密码的参数,然后检查状态是登录用户是ADMIN还是用户然后继续。

<html>
<body>
<table>
<?php

ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="password"; // Mysql password
$db_name="lecturer"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_session["myusername"] = "myusername";
$_session["mypassword"] = "mypassword";
$info = mysql_fetch_array($result);
if($info['status'] === 1){
    header("location:webpage.php");
}
else
    header("location:lecturer.php");
}
else {
echo "Wrong Username or Password";

}

ob_end_flush();
?>

<th><a href="main_login.php?pressed=back">Back</a></th>
        </table>
    </body>
</html>

答案 1 :(得分:0)

您正在查询查询中的状态为status = 1。然后它总是返回status = 1的结果。所以你将被重定向到webpage.php。

在查询中删除条件状态=“1”。

答案 2 :(得分:0)

如果您想根据您的状态执行操作,请删除查询status=1中的检查,并在您知道只有一行可以获取时使用限制1。当表中没有大量记录时,它会缩短你的处理时间。

所以使用下面的代码

<?php

ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="password"; // Mysql password
$db_name="lecturer"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' LIMIT 1 ";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_session["myusername"] = "myusername";
$_session["mypassword"] = "mypassword";
$info = mysql_fetch_array($result);
if($info['status'] == 1){
    header("location:webpage.php");
    exit;
}
else
    header("location:lecturer.php");
    exit;
}
else {
echo "Wrong Username or Password";

}

ob_end_flush();
?>

<html>
    <body>
        <table>
<th><a href="main_login.php?pressed=back">Back</a></th>
        </table>
    </body>
</html>

请记住:如果您使用标题'loacation'转移到另一个页面,则用户退出。打电话给这个。

相关问题
最新问题