在我的数据库中,有一行名为' role'具体是管理员还是登录用户。
当然,管理员和用户有不同的功能
这是我的登录流程代码。
<?php
include 'database_conn.php'; // make db connection
ini_set("session.save_path", "../../sessionData");
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>
</title>
</head>
<body>
<?php
$username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName']: null;
$passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd']: null;
$username = trim($username);
$passWD = trim($passWD);
//before we query from the database , we have to standartise
// create an empty array
if (empty($username)){
die("No username entered.");
}
if (empty($passWD)){
die("No password entered.");
}
/* Query the users database table to get the password hash for the username entered by the user in the logon form */
$sql = "SELECT password ,userID FROM t_user WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql); // prepare the sql statement
/* Bind the $username entered by the user to the prepared statement. Note the “s” part indicates the data type used – in this case a string */
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);// execute the query
/* Get the password hash from the query results for the given username and store it in the variable indicated */
mysqli_stmt_bind_result($stmt, $passWDHash,$userID);
/* Check if a record was returned by the query. If yes, then there was a username matching what was entered in the logon form and we can now test to see if the password entered in the logon form is the same as the stored (correct) one in the database. */
if (mysqli_stmt_fetch($stmt)) {
$_SESSION['uName'] = $username;
$_SESSION['uID'] = $userID;
//PASSWORD CORRECT
if (password_verify($passWD, $passWDHash)) {
$_SESSION['logged-in'] = true;
echo "<p>Welcome back " .$_SESSION['uName']."</p>\n";
echo "<p>Welcome back " .$_SESSION['uID']."</p>\n";
echo "<p>Password correct!</p>\n";
echo "<p><a href='logout.php'>Logout</a></p>";
}
else {
echo "<p>Password incorrect.</p>\n";
}
}
else {
echo "<p>Sorry we don't seem to have that username.</p>";
}
//this line should determine whether it is user or admin is login
$result = mysqli_query($conn,$sql);
if($result)
{
$row = mysqli_fetch_assoc($result);
$user_type = $row['role']; // you get user type here whether he's admin or login
if ($user_type == 'admin') {
echo " this is admin";
//header to admin page
}
elseif ($user_type == 'user') {
echo "this is user" ;
//header to user page
}
else{
echo "query failed";
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
</body>
</html>
代码不起作用,因为它应该显示登录角色 它似乎无法确定角色 或者还有其他方法吗???
答案 0 :(得分:0)
代码不起作用,因为它应该显示登录角色。看起来像 角色无法确定
正是这种情况发生的原因是因为您有未定义的索引角色。这行应该引发一个未定义索引的通知: def cover_params
params.require(:cover).permit(design_files: [])
end
因为在你没有选择角色的sql语句中未定义角色。这是你的陈述:$user_type = $row['role'];,因为你可以看到你没有在你的代码中的任何地方选择角色,我也不明白你想在这里实现什么:$sql = "SELECT password ,userID FROM t_user WHERE username = ?";
您已经准备好了一个语句并执行了该语句,因此您不需要运行另一个查询来确定用户的角色,这可以通过一个查询来完成。
这就是你能做到这一点的方法:
$result = mysqli_query($conn,$sql);注意:在您静止时启用错误报告非常重要 在您的本地主机上工作,这样您就可以看到这些通知并且很小 您正在做的错误:在页面顶部添加:
<?php ob_start(); session_start(); ini_set("session.save_path", "../../sessionData"); include 'database_conn.php'; // make db connection ?> <!DOCTYPE html> <html> <head> <title></title> </head> <body> <?php $username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName'] : null; $passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd'] : null; $username = trim($username); $passWD = trim($passWD); //before we query from the database , we have to standartise // create an empty array if (empty($username)) { die("No username entered."); } if (empty($passWD)) { die("No password entered."); } /* Query the users database table to get the password hash for the username entered by the user in the logon form */ $sql = "SELECT password ,userID,role FROM t_user WHERE username = ?"; $stmt = mysqli_prepare($conn, $sql); // prepare the sql statement /* Bind the $username entered by the user to the prepared statement. Note the “s” part indicates the data type used – in this case a string */ mysqli_stmt_bind_param($stmt, "s", $username); mysqli_stmt_execute($stmt); // execute the query /* Get the password hash from the query results for the given username and store it in the variable indicated */ mysqli_stmt_bind_result($stmt, $passWDHash, $userID, $user_type); /* Check if a record was returned by the query. If yes, then there was a username matching what was entered in the logon form and we can now test to see if the password entered in the logon form is the same as the stored (correct) one in the database. */ if (mysqli_stmt_fetch($stmt)) { $_SESSION['uName'] = $username; $_SESSION['uID'] = $userID; //PASSWORD CORRECT if (password_verify($passWD, $passWDHash)) { $_SESSION['logged-in'] = true; echo "<p>Welcome back " . $_SESSION['uName'] . "</p>\n"; echo "<p>Welcome back " . $_SESSION['uID'] . "</p>\n"; echo "<p>Password correct!</p>\n"; echo "<p><a href='logout.php'>Logout</a></p>"; // check user role if ($user_type == 'admin') { echo " this is admin"; //header to admin page } elseif ($user_type == 'user') { echo "this is user"; //header to user page } } else { echo "<p>Password incorrect.</p>\n"; } } else { echo "<p>Sorry we don't seem to have that username.</p>"; } mysqli_stmt_close($stmt); mysqli_close($conn); ?> </body> </html>此外,您必须始终检查
中的服务器错误日志ini_set('display_errors', 1); `error_reporting(E_ALL);`