我需要根据数据库中给出的角色将用户重定向到不同的页面。登录页面上仅提供用户名和密码。我必须从数据库中获取角色,如下所示:
username | password | role
admin1 admin1 admin
alex12 alex12 (nothing to normal users)
以下是代码:
<?php
session_start();
// conectare la baza de date
$db = mysqli_connect("localhost", "root", "", "inregistrare");
if (isset($_POST['login_btn'])) {
$username = mysqli_real_escape_string($db,$_POST['username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
$password = md5($password); // parola cryptata
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 1) {
$_SESSION['message'] = "Te poti Conecta!";
$_SESSION['username'] = $username;
header("location: clasa.php"); //spre o pagina
}else{
$_SESSION['message'] = "Parola gresita!";
}
}
?>
<head>
<title>Conectare</title>
<link rel="stylesheet" type="text/css" href="./css/index-style.css">
</head>
<body>
<?php
if (isset($_SESSION['message'])) {
echo "<div id='error_msg'>".$_SESSION['message']."</div>";
unset($_SESSION['message']);
}
?>
<form method="post" action="clasa.php"> <!-- modifica si aici cand modifici mai sus la php-->
<table align="center">
<tr>
<th id="titlu" class="titlu" colspan="2">Conectare</th>
</tr>
<tr>
<td class="border">Username:</td>
<td class="border"><input type="text" name="username" class="text-input" size="20"></td>
</tr>
<tr>
<td class="border">Password:</td>
<td class="border"><input type="password" name="password" class="text-input" size="20"></td>
</tr>
<tr>
<td class="spatiu"></td>
<td class="spatiu"></td>
</tr>
<tr>
<td><button class="register" type="submit" formaction="./register.php">Inregistrare</button></td>
<td><button class="connect" type="submit" name="login_btn">Conectare</button></td>
</tr>
</table>
</form>
</body>
</html>
答案 0 :(得分:1)
您应该检查用户角色。这是一个如何检查它的示例。
P.S adminfile.php和anotherfile.php是您应该重定向用户的地方,可以是您想要的任何内容。
if (mysqli_num_rows($result) == 1) {
$_SESSION['message'] = "Te poti Conecta!";
$_SESSION['username'] = $username;
$user = mysql_fetch_assoc($result);
if($user['role'] == 'admin'){
header("location: adminfile.php");
}else{
header("location: anotherfile.php");
}
}else{
$_SESSION['message'] = "Parola gresita!";
}
答案 1 :(得分:0)
$result = mysqli_query($db, $sql);
while ($row = mysqli_fetch_row($result)) {
printf ("%s (%s)\n", $row[0], $row[1]);
}
答案 2 :(得分:0)
我可以看到你已经从@ leli.1337得到了答案但是我认为我应该以比你上面的方式更安全的方式给你相同的例子,下面我用PDO准备好了用于防止sql注入的语句,并且不需要在会话变量上存储成功消息/错误消息。
贝娄是我的代码。
<?php
session_start();
// conectare la baza de date
$host_name = "localhost";
$u_name = "root";
$u_pass = "";
try {
$db = new PDO("mysql:host=$host_name;dbname=inregistrare", $u_name, $u_pass);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $ex) {
error_log($ex);
}
$loginMessage = ""; //will fill this at a later stage.
if (isset($_POST['login_btn'])) {
$username = UserInput($_POST['username']);
$password = UserInput($_POST['password']);
try {
$stmt = $db->prepare("SELECT username,password, role FROM users where username = ? ");
$stmt->bindValue(1, $username);
$stmt->execute();
$result = $stmt->fetchall(PDO::FETCH_ASSOC);
if (count($result) > 1) { // username corerct
foreach ($result as $row) { // now lets validate password
if (password_verify($password, $row['password'])) {
$loginMessage = "<p style=\"color:green;\">Te poti Conecta!</p>"; //We don't really need to store the success on a session.
$_SESSION['username'] = $row['username'];
if ($row['role'] === "admin") {
//admin user
header("location:admin.php");
} elseif ($row['role'] === "") {
header("location: clasa.php"); //spre o pagina
}
} else {
// password incorrect
$loginMessage = "<p style=\"color:#f00\">Parola gresita!</p>";
}
}
}
}
catch (PDOException $e) {
error_log($e);
}
}
function UserInput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<head>
<title>Conectare</title>
<link rel="stylesheet" type="text/css" href="./css/index-style.css">
</head>
<body>
<?php
echo $loginMessage;
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table align="center">
<tr>
<th id="titlu" class="titlu" colspan="2">Conectare</th>
</tr>
<tr>
<td class="border">Username:</td>
<td class="border"><input type="text" name="username" class="text-input" size="20"></td>
</tr>
<tr>
<td class="border">Password:</td>
<td class="border"><input type="password" name="password" class="text-input" size="20"></td>
</tr>
<tr>
<td class="spatiu"></td>
<td class="spatiu"></td>
</tr>
<tr>
<td><button class="register" type="submit" formaction="./register.php">Inregistrare</button></td>
<td><button class="connect" type="submit" name="login_btn">Conectare</button></td>
</tr>
</table>
</form>
</body>
</html>
正如您所看到的,我在您的register.php页面上使用password_verify()来验证密码哈希而不是您使用的md5 你需要像这样哈希密码:
$password = $_POST['password'];
// Now lets hash the password
$hash = password_hash($password, PASSWORD_DEFAULT);
代替:$password= md5($_POST['password'];
因此,在您的数据库中,您将存储$ hash值
谢谢,希望您发现这更有用。