我无需输入密码和用户名即可登录到我的用户页面和管理页面。当选择用户类型,然后点击登录两者都得到的loggedIn。这是我的login.php代码
<?php
$servername="SERVER";
$username="USER";
$password="PWD";
$dbname="DB";
$conn = mysqli_connect($servername, $username, $password, $dbname);
echo("conneciton");
if(isset($_POST['Login'])){
$user=$_POST['user'];
$pass = $_POST['pass'];
$usertype=$_POST['usertype'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' and usertype='".$usertype."'";
$result = mysqli_query($conn, $query);
if($result){
while($row=mysqli_fetch_array($result)){
echo'<script type="text/javascript">alert("you are login successfully and you are logined as ' .$row['usertype'].'")</script>';
}
if($usertype=="admin"){
?>
<script type="text/javascript">
window.location.href="index.php"</script>
<?php
}else{
?>
<script type="text/javascript">
window.location.href="user.php"</script>
<?php
}
}else{
echo 'no result';
}
}
?>
<html>
<head>
<!-- title and meta -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>admin</title>
<!-- /title and meta -->
<script src="js/jquery.js"></script>
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/bootstrap.min.js"></script>
<link href="css/adminindex.css" rel="stylesheet">
</head>
<body class='bg-image'>
<center><div class="col-md-4 col-sm-4 col-xs-10 formclass">
<form action="" method="post" name="Login_Form">
<table>
<tr>
<td colspan="2" align="left" valign="top"><h3>Login</h3></td>
</tr>
<tr>
<td valign="top">Username:</td><td><input type="text" name="user" placeholder="enter your username"
</td>
</tr>
<tr>
<td >Password:</td><td><input type="text" name="pass" placeholder="enter your password"</td>
</tr>
<tr>
<td>
Select user type:</td><td> <select name="usertype">
<option value="admin">admin</option>
<option value="user">user</option>
</select>
</td>
</tr>
<tr>
<td><input type="submit" name="Login" value="Login"></td>
</tr>
</table>
</form> </div>
</center>
</body>
</html>
我的数据库表名称是multiuserlogin,列是用户名密码usertype 请对此提供帮助,我需要验证我的用户名密码,然后只能登录
答案 0 :(得分:0)
您的if语句
if($result){
始终为true,因为它包含查询而不是结果。因此,您将以所选的用户类型登录。
调整数据库信息并尝试以下方法:
$conn = new mysqli("SERVER", "USER", "PWD", "DB");
if (!$conn->connect_error) {
echo("connected");
if(isset($_POST['Login'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' LIMIT 1";
$result = $conn->query($query);
$logged_user = $result->fetch_array(MYSQLI_ASSOC);
$conn->close();
if(is_array($logged_user) && $logged_user['username'] == $user) {
echo '<script type="text/javascript">alert("you are login successfully and you are logined as ' . $logged_user['usertype'] .'")</script>';
if($logged_user['usertype'] == "admin"){
echo '<script type="text/javascript">window.location.href="index.php"</script>';
} else {
echo '<script type="text/javascript">window.location.href="user.php"</script>';
}
} else {
echo 'no result';
}
}
}
不要忘记进行验证以防止SQL注入。