真的可以在这方面使用一些帮助。我在从指定为会话变量的数据库中获取值并使用checklogin.php脚本中的条件语句时遇到问题。
以下是名为checklogin.php的脚本的代码。这是您的基本的vanilla脚本,它从基本的vanilla登录表单接收用户名和密码,并将其与数据库进行比较,以确保它是准确的,然后通过分配用户名会话变量登录用户,然后从数据库中检索用户的角色并将其分配给会话变量。然后根据用户角色循环通过条件语句,以便将审批者或管理员重定向到显示所有办公室文件计划以供审阅的表单,并将具有用户角色的人员定向到仅显示由该创建的Office文件计划的表单。用户。
所以我的问题是只有用户名被分配给会话变量。我的代码出了问题,导致用户角色没有被分配给会话变量。我有其他脚本从后端数据库中获取值并将它们分配给会话变量就好了。所以我绝对难以理解为什么它不在这里工作。因为我的条件语句依赖于用户名和用户角色,所以它无法正确解析。条件语句正在解析,以便所有不论角色的用户都被定向到ApproverPlanSelect.php脚本。
接下来,我知道mysql_query已被弃用,但我的组织使用的是早期版本,但它仍在运行。所以我要恭敬地请求人们专注于帮助我调试会话变量和条件语句问题,而不是留下一句话“驱逐”关于弃用语句的评论。
我真的非常感谢任何建议。我已经坚持了几个星期了,它已经踢了我的屁股。
<?php
/*checklogin.php....this script receives the username and password from a basic form*/
session_start();
ob_start();
$host='localhost'; /*host name*/
$username='bigbear1';/*fake username*/
$password='fakepw123';/*fake password*/
$db_name='TheDatabase';/*fake database name*/
$tbl_name='members';/*common table name for users*/
/*Connect to server and select database*/
mysql_connect($host,$username,$password) or die("Cannot connect");
mysql_select_db($db_name)or die("Cannot select DB");
/*Define $current_user_name and $mypassword*/
$current_user_name=$_POST['current_user_name'];
$mypassword=$_POST['mypassword'];
/*SQL Injection countermeasures*/
$current_user_name = stripslashes($current_user_name);
$mypassword = stripslashes($mypassword);
$current_user_name = mysql_real_escape_string($current_user_name);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "SELECT * FROM $tbl_name WHERE username='$current_user_name' AND password='$mypassword'";
$result = mysql_query($sql);
/*next count the number of rows generated by the previous query*/
$count=mysql_num_rows($result);
/*if the username and password are correct at least one table row will be counted*/
if ($count >= 1)
{
/*this runs a query and determines the user's role (Approver, Administrator, User) and assigns that role to $current_user_role*/
$query1="SELECT * FROM members WHERE username = '$current_user_name'";
$result1 = mysql_query($query1);
while ($row = mysql_fetch_array($result1));
{
$current_user_role = $row1['role'];
}
/*If the the role is "User", that role is assigned to a session variable and the user is redirected to the NonApproverPlanSelect form where the user can see only the file he/she created*/
if ($current_user_role=='User')
{
$_SESSION['current_user_name'] = $current_user_name;
$_SESSION['current_user_role'] = $current_user_role;
header("location:NonApproverPlanSelect.php");
}
/*If the role is not "User" (i.e. Approver or Administrator), the role is assigned to a session variable and the user is redirected to the ApproverPlanSelect form that displays ALL office file plans regardless who created them.*/
else
{
$_SESSION['current_user_name'] = $current_user_name;
$_SESSION['current_user_role'] = $current_user_role;
header("location:ApproverPlanSelect.php");
}
}
else
{
header(location:bad_login.php");
}
ob_end_flush();
?>
这是NonApproverPlanSelect.php和ApproverPlanSelect.php脚本顶部的session_start()语句。用户名正在正确显示,但用户角色不是。
<?php
session_start();
if(!isset($_SESSION['current_user_name'])) {
header('Location:view.php');
}
echo "Welcome " . $_SESSION['current_user_name'] . ".<br>";
echo "You are logged in as " . $_SESSION['current_user_role'] . ".<br>";
echo 'href="logout.php"><span>Logout</span</a><li>';
?>
答案 0 :(得分:0)
好的....我想出来并发布这个以防万一它可以帮助别人。我只需要通过mysql_fetch_array将查询结果传递给变量,即$ row = mysql_fetch_array(result1),然后将数据库中的列名分配给$ row ['role'],而不是使用while语句。希望这有助于未来LOL的一些可怜的灵魂