我想在php中创建多个用户登录,我认为我的代码中有一些错误。
我曾尝试删除哈希密码之类的安全措施及其工作原理。但是当我再次放回它时,它说它看不到数据库中的用户和密码。
<?php
// Initialize the session
session_start();
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$username = $password = "";
$alertError = $alertMessage = $username_err = $password_err = $hashed_password = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
$username = test_input($_POST['username']);
$password = test_input($_POST['password']);
$hashed_password = password_hash($_POST['password'],PASSWORD_DEFAULT);
// Validate username and password
if(empty($username)){
$username_err = "Please enter username.";
}
if(empty($hashed_password)){
$password_err = "Please enter password.";
}
if(password_verify($_POST['password'], $hashed_password )){
//Query
$query="SELECT username, password FROM users WHERE username='$username' AND password='$hashed_password'";
$result = mysqli_query($link, $query) or die(mysqli_error($link));
if($result){
$rows = mysqli_fetch_array($result);
//Direct pages with different user levels
if ($rows['usertype'] == "Administrator") {
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $username;
$_SESSION["usertype"] = $rows;
header('location: ../myHome-IMS/index.php');
exit;
}
else
if ($rows['usertype'] == "Guest") {
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $username;
$_SESSION["usertype"] = $rows;
header('location: ../myHome-IMS/guest.php');
exit;
}
else
{
// Display an error message
$alertError = "No account found with that username or password.";
}
// Close connection
mysqli_close($link);
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
我希望有多个用户以安全的方式登录。