目前我有一个基于用户的登录信息但是我想包含一个管理员额外登录的代码。如果没有两个单独的登录,我将如何实现这一点?
if(isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if(DB::query('SELECT username FROM users WHERE username=:username', array(':username'=>$username))) {
if(password_verify($password, DB::query('SELECT password FROM users WHERE username=:username', array(':username'=>$username)) [0]['password'])) {
echo 'Logged in: ';
header('Location: index.php');
$cstrong = True;
$token = bin2hex(openssl_random_pseudo_bytes(64, $cstrong));
//echo $token;
$user_id = DB::query('SELECT id FROM users WHERE username=:username',array(':username'=>$username))[0]['id'];
DB::query('INSERT INTO login_tokens VALUES(\'\', :token, :user_id)', array(':token'=>sha1($token),'user_id'=>$user_id));
setcookie("PLACEME", $token, time() + 60 * 60 * 24 * 7, '/', NULL, NULL, TRUE);
setcookie("PLACEME_", $token, time() + 60 * 60 * 24 * 3, '/', NULL, NULL, TRUE);
} else {
echo 'Incorrect password';
}
} else {
echo 'user not registered';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Student login</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="container">
<img src="logo2.png">
<form action="login.php" method="post">
<div class="form-input">
<input type="text" name="username" value="" placeholder="Username"><br>
<div class="form-input">
<input type="password" name="password" value="" placeholder="Password"><br>
<input type="submit" name="login" value="Login"><br>
</form>
</div>
</body>
</html>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<a href="http://localhost/project_final/register.php">Register here if not a member</a>
答案 0 :(得分:0)
您可以在同一个数据库中包含所有用户类型,确保将用户名设置为唯一,并且具有名为user_type的列或类似的列。定期检查登录,但进一步检查用户类型,如果该类型的帐户登录,重定向或显示管理员资料。对于所有管理页面,您只需检查您的登录用户是否为管理员。
或者您可以回显像这样的脚本标记
if($admin)
echo '<script>location.href="desiredUrl"</script>';
答案 1 :(得分:0)
显而易见的方法是在表格中添加一个包含每个用户访问级别的列。
如果您想要快速而肮脏的方式,并假设您的所有用户名都是唯一的 - 您只需测试哪个用户已在PHP中登录并设置变量:
这是一个例子,但是我强烈建议正确使用您的表并在数据库中记录访问级别
if(DB::query('SELECT username FROM users WHERE username=:username',
array(':username'=>$username))) {
if(password_verify($password, DB::query('SELECT password FROM users WHERE username=:username', array(':username'=>$username)) [0]['password'])) {
echo 'Logged in: ';
header('Location: index.php');
$cstrong = True;
$token = bin2hex(openssl_random_pseudo_bytes(64, $cstrong));
//echo $token;
$user_id = DB::query('SELECT id FROM users WHERE username=:username',array(':username'=>$username))[0]['id'];
DB::query('INSERT INTO login_tokens VALUES(\'\', :token, :user_id)', array(':token'=>sha1($token),'user_id'=>$user_id));
setcookie("PLACEME", $token, time() + 60 * 60 * 24 * 7, '/', NULL, NULL, TRUE);
setcookie("PLACEME_", $token, time() + 60 * 60 * 24 * 3, '/', NULL, NULL, TRUE);
// Set flag to determine if user is admin AFTER successful login
$isAdmin = ($username == 'foo' || $username == 'bar');
} else {
echo 'Incorrect password';
}
} else {
echo 'user not registered';
}