如何检测用户是管理员还是客户?下面显示的代码有一个if else语句被认为是错误的,因为我不知道它的代码是什么,请你帮助我吗?我想查看$confirmation变量。如果它包含1,则用户将转到管理页面。如果没有,则转到客户页面。我该怎么做?顺便说一句if是管理员,然后第一个是if else语句中的客户。
PHP代码:
<?php
session_start();
include("dbcon.php");
$username = $_POST['username'];
$password = $_POST['password'];
$qry="SELECT * FROM admininfo WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
if($result) {
if(mysql_num_rows($result) == 1) {
session_regenerate_id();
$user = mysql_fetch_assoc($result);
//$_SESSION['fname'] = $user['fname'];
//$_SESSION['lname'] = $user['lname'];
//$_SESSION['username'] = $user['username'];
//$_SESSION['password'] = $user['password'];
$_SESSION['confirmation'] = $user['confirmation'];
session_write_close();
header("Location:menu.php");
exit();
}else {
header("Location:menu1.php");
exit();
}
}else {
die("Query failed");
}
?>
答案 0 :(得分:0)
您可以为 admininfo 表添加另一个字段,并在此处声明用户是否为admin。例如, admininfo 中有 status 字段,您的查询就像这样(这只是一个示例):
$yourconnection=mysqli_connect("YourHost","YourUsername","YourPassword","NameOfYourDatabase");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
$username = mysqli_real_escape_string($yourconnection,$_POST['username']); /* prevents a bit of SQL injection */
$password = mysqli_real_escape_string($yourconnection,$_POST['password']); /* prevents a bit of SQL injection */
$qry=mysqli_query($yourconnection,"SELECT * FROM admininfo WHERE username='$username' AND password='$password' AND status='customer'");
$qryadmin=mysqli_query($yourconnection,"SELECT * FROM admininfo WHERE username='$username' AND password='$password' AND status='administrator'");
if(mysqli_num_rows($qry)==1){
header("LOCATION:CustomerPage.php");
}
else if(mysqli_num_rows($qryadmin)==1){
header("LOCATION:AdminUserPage.php");
}
else {
echo "Error! No user found.";
}
尝试使用MySQLi而不是其前身MySQL。