我有一个'用户'具有两列/属性i-e用户名和密码的表。此表包含该网站的管理员。现在我创建了一个用于从上述表中删除一个或多个管理员的表单,但如果当前登录用户尝试删除自己,则不得发生。 我面临的问题是:我从会话中收到了当前登录用户的用户名和密码,但是当我输入另一个管理员详细信息时,仍然会给我当前登录用户试图删除的错误本身。
FORM:
<form action="delete_user.php" method="post">
<fieldset><legend style="text-align:center; font-size:18px">Enter Details of the User You want to Delete</legend><br>
<label for="username">Username : </label><input type="text" name="username" placeholder = "Username"><br>
<label for="password">Password :</label><input type="password" name="password" placeholder = "Password"><br>
</fieldset>
<p id="btn">
<input type="submit" value="Delete" name="submit_delete_user" style="font-size:16px"><input type="reset" value="Reset" style="font-size:16px"><br>
<center>
<a href="admin.php">Admin Home</a><br>
<a href="logout.php">Logout</a>
</center>
</p>
</form>
PHP文件/ CODE:
<?php session_start();
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";
$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno())
{
echo "Connection Error: " . mysqli_connect_error();
}
//reiving values from form
$username = mysqli_real_escape_string($con,$_POST['username']);
$password = mysqli_real_escape_string($con,$_POST['password']);
if(isset($_POST['submit_delete_user'])){
if(!empty($_POST['username']) && !empty($_POST['password'])){
if($username == $_SESSION['username'] && $password == $_SESSION['password']){
$sql_delete = "DELETE FROM 'users' WHERE username = '$username' AND password = '$password'";
if($result = mysqli_query($con, $sql)){
echo '<script language="javascript" type="text/javascript">
alert("Record Deleted Successfully!");
window.location = "admin.php";
</script>';
}else { echo '<script language="javascript" type="text/javascript">
alert("SQL Error!");
window.location = "delete_user_form.php";
</script>'; }
}else { echo '<script language="javascript" type="text/javascript">
alert("Sorry! You can not delete currently Logged in User");
</script>'; }
}else { echo '<script language="javascript" type="text/javascript">
alert("Please Fill the Form Completly");
window.location = "delete_user_form.php";
</script>'; }
}
?>
登录(我目前登录的用户详细信息)
<?php session_start();
error_reporting();
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";
$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno()){
echo "Connection Error: " . mysqli_connect_error();
}
mysqli_select_db($con,"camouflage_studio");
if(isset($_POST['submit_login']))
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$get_user_name = mysqli_real_escape_string($con,$_POST['username']);
$get_password = mysqli_real_escape_string($con,$_POST['password']);
$sql = "SELECT * FROM `users` WHERE username='$get_user_name' and password='$get_password'";
if($result = mysqli_query($con, $sql))
{
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $get_user_name;
$_SESSION['password'] = $get_password;
header('Location:admin.php');
}
else{
header('Location:login_form.html');
}
}
else{
header('Location:login_form.html');
}
}
else {
header('Location:login_form.html');
}
}
?>
答案 0 :(得分:0)
我认为您的if条件相反:
试试这个:
if($username != $_SESSION['username']){
// delete user
} else {
// can not delete
}