所以我在我的数据库中基本上有2个角色,它们是sollicitant和bedrijf 我想将它们重定向到另一个页面,我现在有一个脚本控制我的数据库中的电子邮件和密码,但我不知道如何"检查"他们有哪个角色,所以他们都可以被重定向到不同的欢迎页面
这是我的代码,用于检查密码和电子邮件但不检查角色..如何将两个角色重定向到其他页面?
<?php
if(isset($_POST['verzenden'])) {
$inputEmail = htmlspecialchars($_POST['email']);
$inputWachtwoord = htmlspecialchars($_POST['wachtwoord']);
$servername = "localhost";
$databasename = "powerjobs";
$username = "root";
$password = "";
try {
$conn = new PDO("mysql:host=$servername; dbname=$databasename", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
return;
}
try {
$stmt = $conn->prepare("SELECT * FROM registratie WHERE email = '$inputEmail'");
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
$row = $stmt->fetch();
$rowCount = $stmt->rowCount();
if ($rowCount) {
if ($inputWachtwoord == $row['wachtwoord'])
header("Location: sollicitant.html");
else
echo "<br/>Gebruikersnaam en wachtwoord komen niet overeen.";
} else {
echo "<br/>Login failed, no record found";
}
}
catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
$conn = null;
session_start();
$_SESSION["login"] = true;
$_SESSION["email"] = $inputEmail;
}
?>
答案 0 :(得分:1)
根据事物的外观,您似乎已将密码存储为纯文本,而您无需这样做,您需要使用password_has()和password_verify() <存储哈希密码值/ p>
因此,当您在注册页面中保存时,您需要哈希密码
喜欢:
$hash = password_hash($inputWachtwoord,PASSWORD_DEFAULT);
然后,当您存储时,您将不再存储$inputWachtwoord,但您将存储$hash
然后您可以使用password_verify()
喜欢:
<?php
ob_start();
session_start();
if (isset($_POST['verzenden'])) {
$inputEmail = $_POST['email'];
$inputWachtwoord = $_POST['wachtwoord'];
$servername = "localhost";
$databasename = "powerjobs";
$username = "root";
$password = "";
try {
$conn = new PDO("mysql:host=$servername; dbname=$databasename", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
try {
$stmt = $conn->prepare("SELECT * FROM registratie WHERE email = ? ");
$stmt->execute([$inputEmail]);
$result = $stmt->fetchall(PDO::FETCH_ASSOC);
if (count($result) > 0) {
foreach ($result as $key => $row) {
if (password_verify($inputWachtwoord, $row['wachtwoord'])) {
//password matches
$_SESSION["login"] = true;
$_SESSION["email"] = $inputEmail;
//check user role
switch ($row['role']) {
case 0:
$redirectUrl = "ThisRolePage.php";
break;
case 1:
$redirectUrl = "ThisRolePage.php";
break;
}
header("location:$redirectUrl"); //redirect user to respective page
exit();
} else {
echo "password and username does not match";
}
}
} else {
echo "username invalid";
}
}
catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
}
?>