管理员确认后登录

时间:2016-05-30 11:36:42

标签: php mysql prepared-statement 

<?php
$cname=$_POST['cname'];
$cpass=$_POST['cpass'];

$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = 'confirmed' ");
$stmt->bind_param('ss', $_POST['cname'], $_POST['cpass']);
$stmt->execute();
$result = $stmt->get_result();
    if ($result->num_rows > "0")
    {
        $member = $result->fetch_assoc(); 
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_EMAIL'] = $member['email'];
        session_write_close();
        header("location:emp_home.php");
    }
    else 
    {
        $errmsg_arr[] = 'Wrong Username or Password';
        $errflag = true;
        if($errflag) 
        {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location:employer.php");
        }
    } 
    $stmt->close();

这是我的登录代码,但是我在SQL语句中添加了“操作”,该操作仅由管理员确认。所以我想问一下如何回复像你还没有得到管理员确认的消息,一段时间后尝试登录当某人已经注册但尚未确认时。

声明如下:

$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = '' ");

2 个答案:

答案 0 :(得分:2)

不要将action添加到查询中,而是在php中手动检查:

if ($result->num_rows > "0") {
    $member = $result->fetch_assoc();
    if ($member['action'] != 'confirmed') {
        $errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
        $errflag = true;
        if ($errflag) {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location:employer.php");
        }
    } else {
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_EMAIL'] = $member['email'];
        session_write_close();
        header("location:emp_home.php");
    }
} else {
    $errmsg_arr[] = 'Wrong Username or Password';
    $errflag = true;
    if ($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location:employer.php");
    }
}

尽量避免多次复制+粘贴行,我建议你这样做:

$errflag = false;
if ($result->num_rows > "0") {
    $member = $result->fetch_assoc();
    if ($member['action'] != 'confirmed') {
        $errmsg_arr[] = 'You have not been confirmed by the admin yet, Try login after some time';
        $errflag = true;
    }
} else {
    $errmsg_arr[] = 'Wrong Username or Password';
    $errflag = true;
}

if ($errflag === true) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    $location = 'employer.php';
} else {
    $_SESSION['SESS_MEMBER_ID'] = $member['id'];
    $_SESSION['SESS_EMAIL'] = $member['email'];
    $location = 'emp_home.php';
}

session_write_close();
header("location:" . $location);
die; // <-- NOTICE THIS

答案 1 :(得分:0)


在此if ($result->num_rows > "0")部分中再添加一个条件。因为$result->num_rows > "0"并不代表$errmsg_arr[] = 'Wrong Username or Password';。还有一件事你需要检查。
我建议你,关闭这个if,然后用这个$stmt = $con->prepare("SELECT * FROM employer WHERE email = ? AND password = ? AND action = '' "); SQL添加另一个if。在else部分,您可以添加错误的用户名和密码。
希望这可以解决你的问题。

相关问题
最新问题