第11行中的代码错误(即$type = mysqli_real_escape_string($conn, $_POST['type']);)。我在第一类设置数据库是admin,另一部分是成员。我需要让管理员去main.php,而成员到user.php ....
<?php
session_start();
if(isset($_POST['submit'])){
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$type = mysqli_real_escape_string($conn, $_POST['type']);
if (empty($uid) || empty($pwd)){
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)){
$hashedPwdCheck = password_verify($pwd,$row['user_pwd']);
if($hashedPwdCheck == false){
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_uid'] = $row['user_uid'];
$_SESSION['type'] = $row['type'];
if($type=='admin'){
header("Location: ../main.php?login=success");
exit();
}elseif ($type=='member') {
header("Location: ../user.php?login=success");
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}