我有一个登录页面。管理员A为主分支和其他管理员B,C和分支B,C和D.管理员A可以登录到所有分支,而管理员B,C和D只能登录到他们自己的分支。但现在我能做的就是所有管理员都可以登录自己的分支机构。我怎么能这样做,所以管理员A也可以登录分支B,C和D?
这是我的代码。
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch']) {
$username = $_POST['username'];
$password = $_POST['password'];
$txtbranch = $_POST['txtbranch'];
$hash_pass = $password;
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username, Password and Branch.';
}
}
答案 0 :(得分:1)
if ($type == 1) {
//Admin A login
} else {
// Another Admin Login
}
答案 1 :(得分:0)
我去为用户的权利添加一个表格
┌──────┬──────┐
│userid│branch│
├──────┼──────┤
│ 1 │ A │
│ 1 │ B │
│ 1 │ C │
│ 1 │ D │
│ 2 │ B │
│ 2 │ C │
│ 2 │ D │
└──────┴──────┘
然后您可以发出类似以下
的SQL语句SELECT *
FROM users, userrights
WHERE users.userid=userrights.userid
AND users.username=@username
AND users.password=@hashed_pass
LIMIT 1
此SQL查询从连接表SELECT userid, username, pin, branchid FROM ...和users中选择所有列(更好地明确选择列!userrights)(为清晰起见,重命名表)。后者拥有用户对表的权限。过滤并限制为原始查询,略有不同,我使用SQL参数来防止注入。
使用该查询,您可以保留
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
[...]
答案 2 :(得分:0)
将branch_id替换为角色,以便其他人也能轻松理解。 您必须在数据库命名中插入一个标志作为角色。 如果角色是1 - 在你的情况下(A -Main分支) 如果角色是2 - 在你的情况下(B,C,D - 其他分支)
让我们说你的数据库结构就像
id | username | password | role |
---------------------------------
1 | A | 123 | 1
---------------------------------
2 | B | 1111 | 2
---------------------------------
3 | C | 2323 | 2
---------------------------------
4 | D | 1782 | 2
我不喜欢将纯文本密码存储在数据库中,这只是为了举例。 您的代码将如下所示:
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch'])
{
$username = $_POST['username'];
$password = $_POST['password'];
$txtbranch = $_POST['txtbranch'];
$hash_pass = $password;
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$role = $row['role'];
if($role == 1)
{
//that is A then set the session and redirect to A dashboard
}
else if($role ==2)
{
//that is B,C and D then set the session and redirect to there respective dashbaord
}
else
{
//whatever action you want
}
}
else
{
$error = 'Incorrect Username, Password and Branch.';
}
}
答案 3 :(得分:0)
我已经解决了我的问题,这是我的最终代码。
if($_POST['SUBMIT']=='Sign In')
{
if($_POST['username'] && $_POST['password'] && $_POST['txtbranch'])
{
$username = $_POST['username'];
$password = $_POST['password'];
$txtbranch = $_POST['txtbranch'];
$query_callbranch=mysqli_query("SELECT * FROM sysfile WHERE USERNAME='$username' ")or die(mysqli_error());
while($rowcallbranch=mysqli_fetch_array($query_callbranch))
{
$pin = $rowcallbranch['pin'];
if($pin == '9' && $username == 'admin')
{
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$password."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username dan Password.';
}
}
if($pin == '0')
{
$query = mysqli_query("select * from sysfile where username='".$username."' and password='".$hash_pass."' and branchid='".$txtbranch."' limit 1");
$count_user = mysqli_num_rows($query);
if($count_user==1)
{
$row = mysqli_fetch_array($query);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['pin'] = $row['pin'];
$_SESSION['branchid'] = $_POST['txtbranch'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username, Password and Branch.';
}
}
}
}
}