无法弄清楚我的错误在哪里,我想根据用户角色重定向到网站的不同部分。
if (isset($_POST['submit'])) {
$stmt = $conn->prepare('SELECT id, password FROM accounts WHERE email = ?');
$stmt->bind_param('s', $_POST['email']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
if (password_verify($_POST['password'], $password)) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$row = $result->fetch_assoc();
if ($row['role']=='admin') {
header('Location: admin.php');
} else if ($row['role']=='user') {
header('Location: profile.php');
}
} else {
$password_incorrect = '¡Contraseña incorrecta! Si has olvidado tu contraseña puedes <a href="#">restablecerla</a>.';
}
}
答案 0 :(得分:1)
您没有在查询中选择role
列,因此您永远无法检查该值。您还使用了store_result()
,但保留了一些声明方法。建议您不要选择其中一个(此代码删除了store_result()
,仅使用简单的预处理语句)。
if (isset($_POST['submit'])) {
$stmt = $conn->prepare('SELECT id, password, role FROM accounts WHERE email = ?');
$stmt->bind_param('s', $_POST['email']);
$stmt->execute();
$stmt->bind_result($id, $password, $role);
if ($stmt->fetch() && password_verify($_POST['password'], $password)) {
session_regenerate_id();
$_SESSION['loggedin'] = true;
if ($role == 'admin') {
header('Location: admin.php');
exit;
} elseif ($role == 'user') {
header('Location: profile.php');
exit;
}
} else {
$password_incorrect = '¡Contraseña incorrecta! Si has olvidado tu contraseña puedes <a href="#">restablecerla</a>.';
}
}