<?php
$cname=$_POST['cname'];
$cpass=$_POST['cpass'];
$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = 'confirmed' ");
$stmt->bind_param('ss', $_POST['cname'], $_POST['cpass']);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > "0")
{
$member = $result->fetch_assoc();
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_EMAIL'] = $member['email'];
session_write_close();
header("location:emp_home.php");
}
else
{
$errmsg_arr[] = 'Wrong Username or Password';
$errflag = true;
if($errflag)
{
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:employer.php");
}
}
$stmt->close();
这是我的登录代码,但是我在SQL语句中添加了“操作”,该操作仅由管理员确认。所以我想问一下如何回复像你还没有得到管理员确认的消息,一段时间后尝试登录当某人已经注册但尚未确认时。
声明如下:
$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = '' ");
答案 0 :(得分:2)
不要将action
添加到查询中,而是在php中手动检查:
if ($result->num_rows > "0") {
$member = $result->fetch_assoc();
if ($member['action'] != 'confirmed') {
$errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
$errflag = true;
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:employer.php");
}
} else {
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_EMAIL'] = $member['email'];
session_write_close();
header("location:emp_home.php");
}
} else {
$errmsg_arr[] = 'Wrong Username or Password';
$errflag = true;
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:employer.php");
}
}
尽量避免多次复制+粘贴行,我建议你这样做:
$errflag = false;
if ($result->num_rows > "0") {
$member = $result->fetch_assoc();
if ($member['action'] != 'confirmed') {
$errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
$errflag = true;
}
} else {
$errmsg_arr[] = 'Wrong Username or Password';
$errflag = true;
}
if ($errflag === true) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
$location = 'employer.php';
} else {
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_EMAIL'] = $member['email'];
$location = 'emp_home.php';
}
session_write_close();
header("location:" . $location);
die; // <-- NOTICE THIS
答案 1 :(得分:0)
在此if ($result->num_rows > "0")
部分中再添加一个条件。因为$result->num_rows > "0"
并不代表$errmsg_arr[] = 'Wrong Username or Password';
。还有一件事你需要检查。
我建议你,关闭这个if,然后用这个$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = '' ");
SQL添加另一个if。在else部分,您可以添加错误的用户名和密码。
希望这可以解决你的问题。