我想让我的登录页面授予用户1级和2级访问权限,这里是代码。
我不知道从这里开始的下一步
$query = "SELECT * FROM affiliateuser WHERE (username = '" . mysqli_real_escape_string($con,$_POST['username']) . "') AND (password = '" . mysqli_real_escape_string($con,$_POST['password']) . "') AND (active = '" . mysqli_real_escape_string($con,"1") . "')";
if ($result = $mysqli->query($query)) {
if ($row = $result->fetch_assoc()) {
if($row['level'] == 1 || $row['level'] == 2) {
// Set username session variable
session_start();
$_SESSION['username'] = $username;
$errormsg= "
<div class='alert alert-warning' style='opacity: 0.5; background-color: rgb(51, 204, 102);'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'> <span aria-hidden='true'>×</span> </button> <strong>SUCCESS...</strong> Redirecting you to dashboard. </div>";
echo "<meta http-equiv='refresh' content='=2;dashboard' />";
}
else {
//UNAUTHORIZED
请问我该怎么做才能做到这一点?
答案 0 :(得分:0)
问题在于您的实际代码,您只选择级别为1的用户。
最简单的解决方案是更新您的查询以选择
的用户level IN (1,2)
另一种解决方案是删除WHERE level = ...子句,然后在PHP代码中检查。这样您就可以以不同方式处理错误密码和未授权错误
$query = "SELECT * FROM affiliateuser WHERE (username = '" . mysqli_real_escape_string($con,$_POST['username']) . "') AND (password = '" . mysqli_real_escape_string($con,$_POST['password']) . "') AND (active = '" . mysqli_real_escape_string($con,"1") . "')";
if ($result = $mysqli->query($query)) {
if ($row = $result->fetch_assoc()) {
if($row['level'] == 1 || $row['level'] == 2) {
//ALL GOOD
} else {
//UNAUTHORIZED
}
} else {
//WRONG USERNAME/PASSWORD
}
$result->close();
}
注意:当您确定其内容时,无需mysql_real_escape_string硬编码字符串:在您的示例中,“级别”始终为“1”