如何为不同的用户和类型登录

时间:2015-01-07 08:41:51

标签: php html login system

我正在为学校做一个系统,由用户管理,老师和家长。 我有问题区分两个用户现在是管理员和父母。 我不能确保管理员将直接转到admin.php,父类型将在parent.php上 任何帮助都会很棒!提前致谢。

现在的问题是,如果用户输入错误的用户名/密码,用户的身份验证会出错,他们仍然可以进入系统。

<?php
    session_start();

    require("conection/connect.php");

    $msg="";
    if(isset($_POST['btn_log'])){
        $uname=$_POST['unametxt'];
        $pwd=$_POST['pwdtxt'];
        $type=$_POST ['type'];

        $sql=mysql_query("SELECT * FROM users_tbl
                                WHERE username='$uname' AND password='$pwd' AND type='$type'

                            ");

        $cout=mysql_num_rows($sql);
            if (isset($type))
{

    $_SESSION['Parent'] = $type;
    header("location: parent.php");
    }
else {
    $_SESSION['Admin'] = $type;
    header("location: admin.php");
    exit;

}

}
?>

2 个答案:

答案 0 :(得分:0)

首先不要使用mysql_它已被弃用。

我假设... $ type = a表示管理员,p表示oarent。

$sql=mysql_query("SELECT * FROM users_tbl WHERE username='$uname' AND password='$pwd'");
$count=mysql_num_rows($sql);

if($count>0)
{
    if ($type=='p')
    {

        $_SESSION['Parent'] = $type;
        header("location: parent.php");
    }
    elseif($type=='a') {
        $_SESSION['Admin'] = $type;
        header("location: admin.php");
        exit;
    }
}
else
{
    echo "Wrong username or password";
}

答案 1 :(得分:0)

这里有一些解决方案。你没有检查'cout'是否是&gt; 0(找到的意思)!

mysql_ driver

这是驱动程序(mysql_)的解决方案:

<?php
session_start();
require("conection/connect.php");

$msg = "";
if(isset($_POST['btn_log'])){
    if(isset($_POST['unametxt'], $_POST['pwdtxt'], $_POST['type'])) {
        $uname = mysql_real_escape_string($_POST['unametxt']);
        $pwd = mysql_real_escape_string($_POST['pwdtxt']);
        $type = mysql_real_escape_string($_POST['type']);

        $sql = mysql_query("SELECT * FROM users_tbl WHERE username = '$uname' AND password = '$pwd' AND type = '$type'");  
        $cout = mysql_num_rows($sql);

        if($cout > 0){
            $_SESSION['type'] = $type;

            if($type == "parent")
                header("location: parent.php");
            else if($type == "admin")
                header("location: admin.php");
            exit();
        }
    }
}

PDO版本

不推荐使用mysql_驱动程序,您应该使用PDO。所以我也为PDO驱动程序编写了脚本:

<?php
session_start();
require("connection/connect.php"); // PDO connection on $db variable
$db = connect();

// Function to connect an user
function login($db, $uname, $password){
    $req = $db->prepare("SELECT * FROM users_tbl WHERE username = :username AND password = :password");
    $req->bindParam("username", $uname, PDO::PARAM_STR);
    $req->bindParam("password", $password, PDO::PARAM_STR);
    $req->execute();

    $user = $req->fetch();
    if(isset($user['username'])){
        $_SESSION['user'] = $user; //store all user datas (including type !)
        return true;
    }

    return false; // fail connection
}


// logic to handle connection form
if(isset($_POST['btn_log'], $_POST['unametxt'], $_POST['pwdtxt'], $_POST['type'])){
    if(login($db, $_POST['unametxt'], $_POST['pwdtxt'])){
        if(isset($_SESSION['user']['type']) AND $_SESSION['user']['type'] == "admin")
            header("location: admin.php");
        else
            header("location: parent.php");
        exit();
    }
    else
        echo "A problem occured !";
}

connect.php(pdo)

define("SQL_USER", "root"); // user
define("SQL_HOST", "localhost"); // host
define("SQL_PASS", ""); // password
define("SQL_DBNAME", ""); //db name

function connect(){
    try {
        $pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
        $pdo_options[PDO::ATTR_DEFAULT_FETCH_MODE] = PDO::FETCH_ASSOC;
        return new PDO('mysql:host='.SQL_HOST.'; dbname='.SQL_DBNAME, SQL_USER, SQL_PASS, $pdo_options);
    }
    catch (Exception $e){
        die("Error connecting to database");
    }
}
相关问题
最新问题