在我的注册/登录代码中仅插入和管理页面

时间:2016-06-02 22:34:39

标签: php mysql session login

我的网站注册/登录代码今天正在运行。

现在我想让我的登录识别是否有人使用管理员帐户登录,因此可以将他重定向到管理页面。我的桌子名为" klanten"它有列:

fldVoornaam(varchar), fldNaam(varchar), fldPassword, fldEmail(varchar), admin(boolean)

所以我手动将管理员用户的值设为1,其余的管理员列中的默认值为0,现在我想检查用户何时使用他的电子邮件和密码登录,他是否是管理员,并且被重定向到正确的页面。

这就是我得到的:

<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_POST['submitLogin'])){
    $fldEmail = $_POST['fldEmail'];
    $fldPassword = $_POST['fldPassword'];
    $fldEmail = stripslashes($fldEmail);
    $fldEmail = mysqli_real_escape_string($connection, $fldEmail);
    $fldPassword = stripslashes($fldPassword);
    $fldPassword = mysqli_real_escape_string($connection, $fldPassword);
//Checking is user existing in the database or not
    $query = "SELECT * FROM `klanten` WHERE fldEmail='$fldEmail' and fldPassword='".md5($fldPassword)."' ";
    $result = mysqli_query($connection, $query) or die(mysqli_error($connection));
    $rows = mysqli_num_rows($result);
    if($rows==1){
        $_SESSION['fldEmail'] = $fldEmail;
        header("Location: login.php"); // redirect user to login
        }else{
            echo "<p class=\"warning\"><span class=\"fa fa-warning\"></span>password of emailadres dat u heb ingevuld is niet juist, probeer opnieuw.<span class=\"fa fa-warning\"></span></p>";
            }
}else{
?>
<div class="formLogin">
<p class="opening">Onze promoties voor klanten zijn enkel te zien als u zich inlogt</p>
<p class="opening">Log je nu in, of maak een <a class="registerlink" href="#formRegister">account</a> aan.<p>
<form action="" method="post" name="login" id="formLogin">
<input type="email" name="fldEmail" placeholder="Emailadres" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,3}$" required />
<input type="password" id="test1" name="fldPassword" placeholder="password" pattern=".{6,}" title="6 of meer characters verplicht" required />
<div class="check"><input id="test2" type="checkbox"  /><label for="test2" class="checkbox">Show password</label></div>
<input name="submitLogin" type="submit" value="Login" id="submitLogin"/>
</form>
</div>
<?php } ?>

这就是我尝试过但不工作的事情: https://gyazo.com/9c64c16db8a5960d5586cf9a9c8de49d

亲切的问候,

1 个答案:

答案 0 :(得分:0)

您只需访问第一个查询中的结果,然后查看该用户是否为管理员:

$query = "SELECT fldEmail, admin FROM `klanten` WHERE fldEmail='$fldEmail' and fldPassword='".md5($fldPassword)."' ";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
$rows = mysqli_num_rows($result);
if($rows==1){
    $row = mysqli_fetch_row($result)
    $_SESSION['fldEmail'] = $row[0]; //contains the email
    if($row[1] == 1) {
        // this user is an admin
    }

    header("Location: login.php"); // redirect user to login
    }else{
...