多用户登录不验证密码和会话

时间:2017-02-22 08:47:03

标签: php mysql

按照我的代码提供文件夹明智登录但不验证我的密码和会话。

没有开关情况如果其他条件它工作但是然后只有两个角色正在工作
我需要一个多重角色

ob_start();
require_once 'dbconnect.php';
$userName = '';
$passError = '';
$error = false;
if (isset($_POST['btn-login'])) {
    $userName = trim($_POST['userName']);
    $userName = strip_tags($userName);
    $userName = htmlspecialchars($userName);
    $pass = trim($_POST['pass']);
    $pass = strip_tags($pass);
    $pass = htmlspecialchars($pass);
    if (empty($userName)) {
        $error = true;
        $userNameError = "Please enter your User Name.";
    }
    if (empty($pass)) {
        $error = true;
        $passError = "Please enter your password.";
    }
    if (!$error) {
        $password = hash('sha256', $pass);
        $res = mysqli_query($conn, "SELECT userId, userName, userPass, role FROM users1 WHERE userName='$userName'");
        $row = mysqli_fetch_array($res);
        $count = mysqli_num_rows($res);
        var_dump($count);
        $count == 1 && $row['userPass'] == $password && $row['role'] == 'multirole';
        $multirole = $row['role'];
        $row['userPass'] == ($password);
        switch ($multirole) {
            case "admin":
                $_SESSION['user'] = $row['userName'];
                $_SESSION['role'] = 'admin';
                header('Location: admin/home.php');
                break;
            case "user":
                $_SESSION['user'] = $row['userName'];
                $_SESSION['role'] = 'user';
                header('Location: user/home.php');
                break;
            default:
                echo "No User Found ! Please Contact Admin";
        }
    }
}

你有什么建议吗?

1 个答案:

答案 0 :(得分:0)

好的,你的脚本格式很差!

我认为您的问题出在这一部分:

$ count == 1&& $ row [' userPass'] == $ password&& $行['作用'] =='多用途&#39 ;;

$行['作用'] =='多用途&#39 ;; //这不可能是真的!

我尝试重写你的脚本(使用+ - 你的逻辑也不合适!):

ob_start();
require_once 'dbconnect.php';

if( isset($_POST['btn-login']) )
{
 $username = $_POST['userName'];
 $pass = $_POST['pass'];

 if(empty($userName))
 {
  $error = true;
  $userNameError = "Please enter your User Name.";
 }
 elseif(empty($pass))
 {
  $error = true;
  $userNameError = "Please enter your password.";
 }
 else
 {
  $password = hash('sha256', $pass);

  $res = $db -> prepare ("SELECT * FROM users1 WHERE userName = :userName");

  $res -> execute (array (":userName" => $userName));

  $count = $res -> rowCount();

      if($count == 1)
      {
       $rows = $res -> fetchAll (PDO::FETCH_ASSOC);

        foreach ($rows as $row)
        {
            $db_password= $row['userPass'];
            $multirole = $row["role"];
        }

                if($password == $db_password)
                {
                 switch ($multirole)
                 {
                  case "admin":
                  $_SESSION['user'] = $row['userName'];
                  $_SESSION['role'] = 'admin';
                  header('Location: admin/home.php');
                  break;
                  case "user":
                  $_SESSION['user'] = $row['userName'];
                  $_SESSION['role'] = 'user';
                  header('Location: user/home.php');
                  break;
                  default:
                  echo "No User Found ! Please Contact Admin";
                 }
                }
      }
 }
}