我已设法为用户创建登录但是现在尝试实施管理员登录任何帮助都会受到赞赏,到目前为止我有:
$query = "
SELECT
id,
username,
password,
salt,
email,
firstname,
admin
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
$ex->getMessage().
die("Failed to run query: " . $ex->getMessage());
}
$login_ok = false;
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['password'] .
$row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password .
$row['salt']);
}
if($check_password === $row['password'])
{
$login_ok = true;
}
}
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
$_SESSION['admin'] = $admin;
header("Location: private.php");
die("Redirecting to: private.php");
}
$admin = $row["admin"]==1;
if($admin){
header("Location: memberlist.php");
}
if(!$admin){
header("Location: private.php");
}
else
{
// Tell the user they failed
print("Login Failed.");
在我的数据库中,我将admin字段设置为boolean defualt值为1。
答案 0 :(得分:0)
我使用默认值admin更改了字段类型并添加了if语句,现在我有一个管理员用户和一个普通用户,并且页面根据用户级别重定向。
if($_SESSION['user']['type'] == 'admin') { header("location:
memberlist.php"); }
else
header("Location: private.php");
die("Redirecting to: private.php");
}