这是我的login.php代码。用户登录甚至“状态”设置为“是”。如何验证用户是否被禁止,是否可以添加“暂停”,“停用”等更多状态?
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$db = mysql_select_db("DBname", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from users where password='$password' AND username='$username' AND", $connection);
$rows = mysql_num_rows($query);
if($row[‘status’]==’yes’){
header("banned.php");
} else if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
$sql = mysql_query("INSERT INTO logs (`uniqueId`, `fileAccessed`, `action`, `userIp`, `userPort`, `serverIp`, `fullPath`, `protocol`, `serverVersion`, `timestamp`) VALUES ('$username', '$filename', 'Logged In', '$usrip', '$usrport', '$servip', '$scriptpath', '$servprotocol', '$servver', '$timestamp')", $connection);
header("location: ../pages/profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
答案 0 :(得分:0)
首先不再使用mySQL,它已被弃用并且不安全。您应该考虑使用mySQLi或PDO。
你遇到的问题是因为$ row没有价值。
你错过了:
$row = mysql_fetch_assoc($result)
所以它会这样读:
$query = mysql_query("select * from users where password='$password' AND username='$username' AND", $connection);
$rows = mysql_num_rows($query);
$row = mysql_fetch_assoc($result);
if($row[‘status’]==’yes’){
header("banned.php");
}
在这里它被重写为mySQLi,使用这个版本来研究差异:
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Selecting Database
$db = mysqli_select_db($connection, "DBname");
// SQL query to fetch information of registerd users and finds user match.
$query = "select * from users where password='$password' AND username='$username'";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_assoc($result);
$rows = mysql_num_rows($query);
if($row[‘status’]==’yes’){
header("banned.php");
} else if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
$query = "INSERT INTO logs (`uniqueId`, `fileAccessed`, `action`, `userIp`, `userPort`, `serverIp`, `fullPath`, `protocol`, `serverVersion`, `timestamp`) VALUES ('$username', '$filename', 'Logged In', '$usrip', '$usrport', '$servip', '$scriptpath', '$servprotocol', '$servver', '$timestamp')";
$result = mysqli_query($connection, $query);
header("location: ../pages/profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection); // Closing Connection
}
}