我正在尝试连接到我的数据库,但我不知道如何编写用户名,密码和部门的代码,因为我有4个部门选项值。区域经理,运营经理和管理层的3个部门将被定向到同一页面,但管理员将被重定向到admin.html。如何编写正确的代码?
这是我的login.php:
<?php
include("connect.php");
error_reporting(0);
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$query = mysql_query("SELECT *FROM login_user WHERE loginid ='$_SESSION[username]'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
$dbdepartment = $row['department'];
}
if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "am") {
// echo "you're in! <a href='form.php'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='form.php'
</SCRIPT>");
} else if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "om") {
// echo "you're in! <a href='form.php'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='form.php'
</SCRIPT>");
} else if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "m") {
// echo "you're in! <a href='form.php'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='form.php'
</SCRIPT>");
} else if ($username == "$dbusername" && $password == "$dbpassword" && $dbdepartment == "a") { // echo "you're in! <a href='admin.html'>click</a> here to enter the member page";
$_SESSION['username'] = $username;
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Success ')
window.location.href='admin.html'
</SCRIPT>");
}
else
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Something went Wrong')
window.location.href='loginmain.php'
</SCRIPT>");
}
}
?>
这是我的HTML代码:
<?php
include 'login.php';
session_start();
$query = mysql_query("SELECT *FROM login_user WHERE loginid='$_SESSION[username]'");
while($row = mysql_fetch_assoc($query))
{
$dbusername =$row['username'];
$dbpassword =$row['password'];
$dbdepartment =$row['department'];
}
?>
.............
<form action="login.php" method="post">
<div class="form_settings">
<p><span>Username :</span><input type="username" name="username" placeholder ="username" value = "<?php echo $username;?>" /></p>
<p><span>Password :</span><input type="password" name="password" placeholder="password" required value = "<?php echo $password;?> " /> </p>
<p><span>Department :</span><select name = "department" value ="<?php echo $department;?>/><option value ="am">Area Manager </option><option value ="om"> Operation Manager</option><option value ="m"> Management</option><option value = "a"> Admin </option></select></p><br>
<p><span>Remember Me<input type="checkbox" name="remember" value="1"></span></p>
<p style="padding-top: 15px"><a href="form.php"><span> </span><input class="submit" type="submit" name="name" value="LogIn" /></a></p>
</div>
</form>
这是我的connect.php:
<?php
$mysql_hostname = "localhost";
$mysql_username = "root";
$mysql_password = "";
$mysql_database = "marrybrown_clean";
$bd = mysql_connect($mysql_hostname, $mysql_username, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");
?>
这是我的form.php:
<?php
require_once ("login.php");
include("connect.php");
?>
我正在尝试创建安全登录页面,但大多数在线代码都强调用户名和密码;如何加入部门?
答案 0 :(得分:0)
对于您的疑问,我有部分解决方案。
可以使用 htmlspecialchar() 保护您的代码,使用 mysqli 而不是 mysql 和密码散列。
我还认为您在 connect.php 中有错误,您应该使用 mysql_connect_db($mysql_database, $bd) 而不是 mysql_connect_db($bd, $mysql_database)。