Question

Goodmorning ma＆＃39; am / sir，我在一个表单中遇到问题，我想登录两个用户，我可以作为管理员登录但是如果我要让学生登录就会出错，这是正确的以一种形式登录两种类型的用户？

session_start();

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
} 

if(isset($_POST['Submit'])){

    $username= test_input($_POST['Username']);
    $password= test_input($_POST['Password']);
    $IDNumber = test_input($_POST['IDNumber']);

    if ($username&&$password){
        $con=mysqli_connect("localhost","root","","enrollmentsystem");
        $query=mysqli_query($con,"SELECT * FROM admin WHERE Username='$username'");
        $numrows=mysqli_num_rows($query);

        if($numrows !=0){
            while ($row=mysqli_fetch_assoc($query)){
                $dbusername=$row['Username'];
                $dbpassword=$row['Password'];
            }
            if($username==$dbusername&&$password==$dbpassword){
                $_SESSION['Username']=$dbusername;
                header("Location: SecondForm.php");
                exit;
            }else{
                header("Location: IncorrectPassword.html");
            }
        }else{
            header("Location: IncorrectUsername.html");
        }

        mysqli_close($con);
    }elseif($IDNumber&&$password){
        $con=mysqli_connect("localhost","root","","enrollmentsystem");
        $query=mysqli_query($con,"SELECT * FROM studentpersonalinformation WHERE IDNumber=$IDNumber");
        $numrows=mysqli_num_rows($query);

        if($numrows !=0){
            while ($row=mysqli_fetch_assoc($query)){
                $dbidnumber=$row['IDNumber'];
                $dbpassword=$row['Password'];
            }

            if($IDNumber==$dbidnumber&&$password==$dbpassword){
                $_SESSION['IDNumber']=$dbidnumber;
                header("Location: LoginAndView.php");
                exit;
            }else{
                header("Location: IncorrectPassword.html");
            }
        }else{
            header("Location: IncorrectUsername.html");
        }
        mysqli_close($con);
    }
}

Answer 1

尝试将脚本分解为可重复使用的部分，如下所示：

<强> /functions/myfunctions.php

<?php
function sanitize($data = false)
    {
        return htmlspecialchars(stripslashes(trim($data)));
    } 
// Create a simle query function
function fetchUser($con,$sql)
    {
        $query      =   mysqli_query($con,$sql);

        if(mysqli_num_rows($query) == 1) {
            $row    =   mysqli_fetch_assoc($query);
            return  $row['Password'];
        }

        return false;
    }
// Simple query for admin user
function is_admin($con,$username)
    {
        return fetchUser($con,"SELECT * FROM `admin` WHERE `Username` = '{$username}'");
    }
// Simple query for student user
function is_student($con,$username)
    {
        return fetchUser($con,"SELECT * FROM `studentpersonalinformation` WHERE `IDNumber` = {$username}");
    }
// Simple algorithme to return a user role and db password
function get_user_role($con,$settings = false)
    {
        $isAdmin    =   false;
        $isStudent  =   false;
        $username   =   (!empty($settings['username']))? $settings['username'] : false;
        $idNumber   =   (!empty($settings['idnumber']))? $settings['idnumber'] : false;

        if(!empty($username))
            $isAdmin    =   is_admin($con, $username);
        else
            $isStudent  =   is_student($con, $idNumber);

        if($isAdmin) {
            $user['role']       =   'a';
            $user['password']   =   $isAdmin;
        }
        elseif($isStudent) {
            $user['role']       =   's';
            $user['password']   =   $isStudent;
        }
        else {
            $user['role']       =   false;
            $user['password']   =   false;
        }

        return (object) $user;
    }

login.php（或任何命名的页面）

<?php
session_start();
if(isset($_POST['Submit'])) {
        // Include the functions above
        include_once(__DIR__."/functions/myfunctions.php");
        // Preset for redirect
        $header     =   'IncorrectPassword.html';
        // Sanitize credentials
        $username   =   (!empty($_POST['Username']))? sanitize($_POST['Username']) : false;
        $password   =   (!empty($_POST['Password']))? sanitize($_POST['Password']) : false;
        $IDNumber   =   (!empty($_POST['IDNumber']) && is_numeric($_POST['IDNumber']))? $_POST['IDNumber'] : false;
        // Assign connection
        $con        =   mysqli_connect("localhost","root","","enrollmentsystem");
        // Try and get user role + password
        $user       =   get_user_role($con,array("username"=>$username,"idnumber"=>$IDNumber));
        // If there is a user role
        if(!empty($user->role)) {
            // If db password matches POST password
            // NOTE: You should not be storing plaintext passwords, look into using
            // password_hash()/password_verify()
            if($user->password == $password) {
                // If admin asign username
                // Make IDNumber false, then you don't have to check later in your app if it's set.
                // Same with username in the other role
                if($user->role == 'a') {
                    $_SESSION['Username']   =   $username;
                    $_SESSION['IDNumber']   =   false;
                    $header                 =   'SecondForm.php';
                }
                else {
                    $_SESSION['Username']   =   false;
                    $_SESSION['IDNumber']   =   $IDNumber;
                    $header                 =   'LoginAndView.php';
                }
            }
        }
        // Close before redirect
        // (mysqli will close by default unless you persist the connection manually)
        mysqli_close($con);
        // Redirect
        header("Location: {$header}");
        exit;
    }

以管理员和学生的身份登录一个表格

1 个答案: