PHP中的多级登录

时间:2015-02-17 07:33:31

标签: php mysql login multi-level

我正在尝试开发一个支持多级登录目的的PHP系统。我想在我的PHPMyAdmin中使用enum,用于不同级别的用户。 这是登录脚本:

<?php
session_start(); // Starting Session

$error=''; // Variable To Store Error Message
$empty='';
$no_acc='';
if (isset($_POST['submit'])) 
{   
if (empty($_POST['username']) || empty($_POST['password'])) {
$empty = "Username or Password cannot be empty.";

}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
$type='';

// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");


// Selecting Database
$db = mysql_select_db("swmlibrary", $connection);

// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query(" SELECT `id` FROM `users` WHERE `username` = '".$username."' AND  `password` = '".$password."' ");
$rows = mysql_num_rows($query);

$data = mysql_fetch_array($query);
$type = $data['type'];  
$user = $data['username'];      
if ($rows == 1) 
{
$_SESSION['username'] = $data['username'];
    if($type=='Super User')
        {   
             $_SESSION['login_user'] = $username;
             echo "<script>location.assign('./rootSU/super_user.php')     </script> ";

            //header("location: ./rootSU/super_user.php");
        }
    elseif ($type=='Administrator')
        {
            $_SESSION['login_user']=$username; // Initializing Session
            echo "<script>location.assign('./admini/admin.php')</script> ";
            //header("location: ./admini/admin.php");   
        }
    elseif ($type=='User')
        {

            $_SESSION['login_user']=$username; // Initializing Session
            echo "<script>location.assign('./user/home.php')</script> ";

            //header("location: ./user/home.php"); 
        }
    else
    {
        $no_acc = 'It seems as if you do not have an account. Click <a href="sign_form.php">here</a> to sign up.';  
    }

}
else 
{
$error = "Incorrect Username or Password. Please try again.";
}
mysql_close($connection); // Closing Connection
}  
}           

?>

它没有提取用户类型,显示没有帐户的错误,将我重定向到sign_form.php页面。我在这里失踪了什么?

1 个答案:

答案 0 :(得分:0)

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query(" SELECT `id` FROM `users` WHERE `username` = '".$username."' AND  `password` = '".$password."' ");

你没有声明并且没有关于你想要的用户类型的查询。

相关问题
最新问题