该脚本检查用户尝试登录的用户类型。如果数据正确,则用户将被重定向到该类用户的特殊主页。
脚本:
session_start();
// Making a connection with the database.
$mysqli=new MySQLi("localhost", "user", "password", "dbname");
$role="";
// Declaring the username and password input.
$username=filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password=filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
// If role from members where username and password from inputs exicts in database bind parameters.
// If given parameters not excists in database die
if($query=$mysqli->prepare("SELECT `role`, `firstname`, `lastname`, `id` FROM members WHERE username=? AND password=?")) {
$query->bind_param("ss", $username, $password);
$query->execute();
$query->bind_result($role, $first, $last, $id);
$query->fetch();
} else {
echo "Errors in the Query. ".$mysqli->error;
die();
}
// If $role is filled make session for username to check if logged in and session role for redirect page.
// If $role and $username is not filled invalid password, username combination.
if($role!="") {
$_SESSION['ingelogt'] = $username;
$_SESSION['user_role'] = $role;
$_SESSION["firstname"] = $first;
$_SESSION["lastname"] = $last;
$_SESSION["id"] = $id;
$location="$role.php";
header("location: $location");
} else {
echo "Invalid password, username combination";
echo "<br/><a href='loginHTML.html'>Click to go back</a>";
}
现在我想知道如何对密码进行散列是一种好方法,因为只是常规的密码输入是不安全的。如果您在此脚本中看到任何其他改进,请随时告诉我,我只是一个初学者。