我在表(用户)中有一个名为admin的列,其数据类型是boolean。两个用户设置为" true"
我的目标是当这两个人登录时,他们可以访问后台办公室,但到目前为止代码还没有工作:
<?php
session_start();
$error="";
$successMessage="";
if ($_POST){
if(!isset($_POST["salada"]) || $_POST["salada"]===""){
$error = "PHP: An email is required <br>";
}
if(!isset($_POST["arroz"]) || $_POST["arroz"]===""){
$error .= "PHP: A password is required";
}
if ($error !=""){
$error = '<div class="error-login">'.$error.'</div>';
}else {
require("MGconfig.php");
$email = mysqli_real_escape_string($connection, $_POST["salada"]);
$pwd = md5(mysqli_real_escape_string($connection, $_POST["arroz"]));
$result = mysqli_query($connection, "select name, id from users where email = '".$email."' and password = '".$pwd."'");
if (mysqli_num_rows($result) !==1){
$error='<div class="error-login">PHP: Invalid email or password</div>';
header("Location:index.php?error=".$error);
}else {
$nome = mysqli_fetch_row($result);
$_SESSION["name"] = $nome[0];
$_SESSION["id"]=$nome[1];
header ("Location: main.php");
}
}
}
?>
<?php
if($_SESSION['admin'] !=0){
header ("Location:admin.php");
}?>
有人可以告诉我为什么不工作?是语法吗?如果我比较字段&#34;名称&#34;,限制有效...提前致谢!
答案 0 :(得分:0)
问题是,您未在// Get the bounds of the bss, fit the map to the bounds
let bssBounds = getBSSBounds(bss, 1); // Custom function using turf.buffer()
// Fit the map to the above boundaries using no options, propagate event data
map.fitBounds(bssBounds, {}, {newBounds: true});
// Set max bounds
map.on('moveend', (event) => {
// If the 'moveend' event has "newBounds" != undefined
if (event.newBounds) {
// Set the maxBounds slighlty wider than the fitBounds
let maxBounds = getBSSBounds(bss, 3); // Custom function using turf.buffer()
map.setMaxBounds(maxBounds)
}
});
查询中选择admin列,而您只选择了SELECT和id列。此外,您无处检查登录用户是否为管理员。
所以解决方案是,在name查询中选择admin列并使用该列值检查登录用户是否为admin,如下所示:
SELECT旁注:了解prepared statements因为您的查询现在容易受到SQL注入的影响。另请参阅how you can prevent SQL injection in PHP。