以下是我正在运行的代码。我试图获取它,所以如果用户user_level低于1,我的CMS index.php将拒绝访问。我使用测试帐户设置登录,其中user_level为1,但我不是好运。
我的index.html上的代码:
<?php
if($_SESSION['user_level'] == "1"){
header("Location: index.php");
exit;
}else{ header("Location: login.php");
exit;
}
因此,如果user_level为1或更高,请继续index.html(这是我的CPanel索引,而不是我的实际网站索引。
如果user_level低于1,则重定向回登录。
这是我的server.php代码,点击登录后会发生所有魔法。
<?php
session_start();
// variable declaration
$fullname = "";
$useremail = "";
$age = "";
$igname = "";
$profileurl = "";
$errors = array();
// connect to database
$db = mysqli_connect('****', '****', '****',
'****');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$fullname = mysqli_real_escape_string($db, $_POST['fullname']);
$useremail = mysqli_real_escape_string($db, $_POST['useremail']);
$age = mysqli_real_escape_string($db, $_POST['age']);
$igname = mysqli_real_escape_string($db, $_POST['igname']);
$profileurl = mysqli_real_escape_string($db, $_POST['profileurl']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($fullname)) { array_push($errors, "Full name is required"); }
if (empty($useremail)) { array_push($errors, "Email is required"); }
if (empty($age)) { array_push($errors, "Age is required"); }
if (empty($igname)) { array_push($errors, "In game name is required"); }
if (empty($profileurl)) { array_push($errors, "Truckers-MP Profile URL is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (fullname, email, age, igname, profileurl, password)
VALUES('$fullname', '$useremail', '$age', '$igname', '$profileurl', '$password')";
mysqli_query($db, $query);
$_SESSION['useremail'] = $useremail;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
echo '<script language="javascript">';
echo 'alert("Once an admin reviews your account, they will send you an email alerting you that you can login. Please be patient.")';
echo '</script>';
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$useremail = mysqli_real_escape_string($db, $_POST['useremail']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($useremail)) {
array_push($errors, "Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$useremail' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['useremail'] = $useremail;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
我确定我做得不对,但至少我可以说我该死的很好。任何帮助都会受到极大的关注。
答案 0 :(得分:0)
有未定义的变量$row。首先定义它(fetch_assoc()),然后将其分配给会话。
if (mysqli_num_rows($results) == 1) {
$row = mysqli_fetch_assoc($results);
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['useremail'] = $useremail;
...
}
答案 1 :(得分:-2)
mysqli_num_rows返回结果集中的行数。不是索引!您可以保留此代码并以此方式分配 - &gt; $_SESSION['user_level'] = $row[some index];(如果您的表格类似于ID,则用户,通行证,邮件“some index将为1。
如果您想拥有文字索引,只需查看mysqli_fetch_array