使用PHP和mysql时如何检查普通用户或管理员用户是否已登录?

时间:2017-03-14 03:04:46

标签: php html mysql validation

我有这个用于登录两个用户的示例代码,即用户'和' admin'。如何在登录时验证每一个,以便在成功登录后将其重定向到各自的页面。

HTML代码 

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Login</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="stylelogin.css">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
    <!-- Latest compiled and minified CSS -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
    <!-- Optional theme -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
  </head>
  <body>
    <!-- Navigation Bar -->
    <nav class="navbar navbar-inverse">
      <div class="container-fluid">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar">
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="index.html">Welcome</a>
        </div>
        <div class="collapse navbar-collapse" id="myNavbar">
          <ul class="nav navbar-nav navbar-right">
            <li><a href="index.html"><span class="glyphicon glyphicon-step-backward"></span>Back</a></li>
          </ul>
        </div>
      </div>
    </nav>


    <div class="container">
      <div id="login-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
              <div class="modal-dialog">
                    <div class="loginmodal-container">
                        <h1>Login to Your Account</h1><br>
                      <form action="Model/loginbackend.php" method="post">
                            <input type="text" name="username" placeholder="Username" autofocus required>
                            <input type="password" name="password" placeholder="Password" required>
                            <input type="submit" name="login" class="login loginmodal-submit" value="Login">
                      </form>

                      <div class="login-help">
                        No account? Register <a href="signup.html">Here</a>
                      </div>
                    </div>
                </div>
              </div>
    </div>
  </body>
  <!-- Latest compiled and minified JavaScript -->
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</html>

我有这个示例PHP代码。

PHP代码 

<?php
include "connection.php";
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if (!empty($username) && !empty($password)) {

  $sql = "select * from users where username = '$username' and password = '$password'";
  $result = mysqli_query($conn, $sql);

  $row = mysqli_fetch_assoc($result);

  if($row){
      $_SESSION["user_id"] = $row["userid"];
      header('Location: /laurence/FirstDayTraining/Model/users.php');
  }
  else
  {

    $sql = "select * from admin where adminusername = '$username' and adminpassword = '$password'";

    $result = mysqli_query($conn, $sql);

    $row = mysqli_fetch_assoc($result);
    $_SESSION["adminuser_id"] = $row["adminid"];
    header('Location: /laurence/FirstDayTraining/Model/admin.php');
  }

  mysqli_close($conn);
}

?>

在这种情况下

  if($row){
      $_SESSION["user_id"] = $row["userid"];
      header('Location: /laurence/FirstDayTraining/Model/users.php');
  }
  else
  {

    $sql = "select * from admin where adminusername = '$username' and adminpassword = '$password'";

    $result = mysqli_query($conn, $sql);

    $row = mysqli_fetch_assoc($result);
    $_SESSION["adminuser_id"] = $row["adminid"];
    header('Location: /laurence/FirstDayTraining/Model/admin.php');
  }

这将重定向到各自的页面。但是当我输入任何文本框usernamepassword时。示例我将输入随机文本,例如:for username asdu:for password asoda。我使用的输入主要不在我的数据库中。但它仍然将我重定向到管理页面。有没有正确的方法来验证我的表格..请帮助,我是一个很新的PHP。提前谢谢。

2 个答案:

答案 0 :(得分:1)

你需要找出mysqli有一个结果给你。您可以这样检查:

if ($result->num_rows) {
    $row = mysqli_fetch_assoc($result);
    $_SESSION["adminuser_id"] = $row["adminid"];
    header('Location: /laurence/FirstDayTraining/Model/admin.php');
}
//this will check if something is returned by your query if not then dont redirect

答案 1 :(得分:1)

您可以在数据库中添加if( $row['role'] == 'admin') $_SESSION['user_role'] = $row['role'] ; 列,并通过脚本手动分配每个管理员/编辑者,否则默认情况下他们将成为用户。之后,您可以轻松识别它们

{{1}}
相关问题
最新问题