在更改为准备好的语句后,重定向太多,SESSION问题

时间:2017-07-11 15:13:11

标签: php mysql

我最近更改了我的PHP代码以使用预准备语句来保护我的应用程序。然而,我在登录页面上苦苦挣扎。我检查用户" userlevel"登录时,然后重定向到用户的相应页面。它在我的旧登录页面上运行良好:

的login.php 

<?php
session_start();

if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="1") {
    header("Location: v1/ued/");
} else 
if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="2") {
    header("Location: v1/ced/");
}

include_once 'includes/database.php';

//Login
    if (isset($_POST['login'])) {

        $email = mysqli_real_escape_string($con, $_POST['user-name']);
        $password = mysqli_real_escape_string($con, $_POST['user-password']);
        $result = mysqli_query($con, "SELECT * FROM users WHERE idnumber = '" . $email. "' and password = '" . md5($password) . "'");

        if ($row = mysqli_fetch_array($result)) {
            $_SESSION['usr_id'] = $row['id'];
            $_SESSION['userlevel'] = $row['userlevel'];
            $_SESSION['idnumber'] = $row['idnumber'];

            if ($_SESSION['userlevel']=="1"){
                    $_SESSION['firstnames'] = $row['firstnames'];
                    $_SESSION['surname'] = $row['surname'];
                    header("Location: v1/level1/index.php");
            } 
            else
            if ($_SESSION['userlevel']=="2"){
                header("Location: v1/level2/index.php");
            }

        } else {
            $errormsg = "Incorrect Email or Password!!!";
        }
    }

?>

和我的 level1 / index.php 

<?php
    session_start();
    if(!isset($_SESSION['usr_id'])) {
        header("Location: ../../login.php");
    }
    if($_SESSION['userlevel']!=="1") {
        header("Location: ../../login.php");
    }
?>

我现在更改了我的Login.php页面,使用如下准备语句:

<?php
session_start();

if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="1") {
    header("Location: v1/ued/");
} else 
if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="2") {
    header("Location: v1/ced/");
}

include_once 'includes/database.php';

if (isset($_POST['login'])) {
    $password = md5($_POST['user-password']);
    $email = $_POST['user-name'];

    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }
    $stmt = $mysqli->prepare("SELECT * FROM users WHERE idnumber = ? and password = ?");
    $stmt->bind_param('ss', $email, $password);
    $stmt->execute();
    $result = $stmt->get_result();
        if ($row = $result->fetch_array()) 
        {
            $_SESSION['usr_id'] = $row['id'];
            $_SESSION['userlevel'] = $row['userlevel'];
            $_SESSION['idnumber'] = $row['idnumber'];
            $_SESSION['firstnames'] = $row['firstnames'];
            $_SESSION['surname'] = $row['surname'];
            if ($_SESSION['userlevel']=="1"){
                header("Location: v1/ued/");
            } 
            else
            if ($_SESSION['userlevel']=="2"){
                header("Location: v1/ced/");
            } 
        }       
}

?>

但现在我在Chrome上收到错误ERR_TOO_MANY_REDIRECTS。我似乎无法弄清问题是什么。我很感激能得到的任何帮助。

1 个答案:

答案 0 :(得分:1)

if($_SESSION['userlevel'] !== "1") {查看此行

应该是

if($_SESSION['userlevel'] != "1") {

相关问题
最新问题