PHP多登录排名

时间:2013-12-11 13:33:51

标签: php mysql

所以我有我编码的网站,在我的login.php中,这是源代码:

<?php
    include "out_config.php";
    session_start();

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    if(!$username) {
        header("Location: ../index?errormsg=nousername");
    }
    if(!$password) {
        header("Location: ../index?errormsg=nopassword");
    }       

    $sql = "SELECT * FROM users WHERE username='$username' and password='$password'";

    if($rankcheck == "Administrator" || $rankcheck == "Client") {
        $check = 1;
    }
    else {
        $check = 0;
    }

    if($_SERVER['REQUEST_METHOD'] == 'POST') {
        $result = mysql_query($sql);
        $count = mysql_num_rows($result);
            if($count==1 && $check == 1) {
                $_SESSION['username'] = $username;
                header("Location: ../home");
            }
            else {
                header("location: ../index?errormsg=invalidlogin");
            }
    }
?>
第一:我知道MySQL已被折旧,但我想使用MySQL,因为我的主机支持MySQL而不是MySQLi / PDO。

第二:你可以看到我的$ rankcheck不起作用。我的等级检查行包含在out_config.php中,其来源是:

<?php 
<Removed Details>
$connect = mysql_connect($host, $username, $password);
$selectdb = mysql_select_db($db);

$IP = getenv('REMOTE_ADDR');

$sql2 = mysql_query("SELECT `rank` FROM `users` where username='$user'");
if(isset($_SESSION['username'])) {
$user = $_SESSION['username'];
$rankcheck = mysql_result($sql2,0);
}
?>

所以你可以看到,它看起来很好。 :P

现在,问题是我试图只允许那些被排名为“管理员”和“客户”的人访问这个区域,因此它不起作用。我的数据库结构是:

http://i.stack.imgur.com/AAzr9.png

它不授予用户和等待用户组成员的访问权限。但它甚至没有让管理员和客户。 (我确信还没有密码加密)。

如果你能帮助我,那将非常有帮助!

1 个答案:

答案 0 :(得分:0)

当你包括你的&#34; out_config.php&#34; $ username和$ password未设置

改为:

<?php
    session_start();

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);

    include "out_config.php";

    if(!$username) {
        header("Location: ../index?errormsg=nousername");
    }
    if(!$password) {
        header("Location: ../index?errormsg=nopassword");
    }       

    $sql = "SELECT * FROM users WHERE username='$username' and password='$password'";

    if($rankcheck == "Administrator" || $rankcheck == "Client") {
        $check = 1;
    }
    else {
        $check = 0;
    }

    if($_SERVER['REQUEST_METHOD'] == 'POST') {
        $result = mysql_query($sql);
        $count = mysql_num_rows($result);
            if($count==1 && $check == 1) {
                $_SESSION['username'] = $username;
                header("Location: ../home");
            }
            else {
                header("location: ../index?errormsg=invalidlogin");
            }
    }
?>
相关问题
最新问题