我的管理頁面是兩者都可以訪問的唯一頁面。
我的代碼:
<?php
if ($_SERVER[ 'REQUEST_METHOD' ] == 'POST')
{
$usernane = $_POST['username'];
$password = sha1($_POST['password' ]);
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1");
$stmt->execute(array($usernane, $password));
$checkuser = $stmt->rowCount();
$user = $stmt->fetch();
}
當我登錄到我的用戶頁面時,它會被重定向到管理頁面。
當我大部分時間嘗試調整代碼時,只有 1 頁有效。
任何幫助將不勝感激!
if ($checkuser === 0)
{
$_SESSION[ 'user' ] = $user['username'];
$_SESSION[ 'type'] = $user['type'];
header('location:User.php');
}
if ($checkuser === 1)
{
$_SESSION[ 'user' ] = $user['username'];
$_SESSION[ 'type'] = $user['type'];
header('location:Admin.php');
}
?>
uj5u.com熱心網友回復:
我希望這能幫到您:
- 重新排列您的用戶表:
USER:
-> id (int)
-> username (string)
-> password (string)
-> isAdmin (bool)
- 觸發您的請求:
$usernane = $_POST['username'];
$password = sha1($_POST['password' ]);
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND password = ? LIMIT 1");
$stmt->execute(array($usernane, $password));
- 檢查結果
if($stmt->rowCount() > 0) {
$user = $stmt->fetch();
if($user['isAdmin'])
{
$target = 'Admin.php';
} else {
$target = 'User.php';
}
header(sprintf('location:%s', $target));
} else {
// no user found with this credentials
}
小心,我沒有測驗過代碼。
接下來你必須做的:永遠不要將明確的密碼保存到資料庫中。看看php的密碼工具并使用它。
https://www.php.net/manual/de/function.password-hash.php
uj5u.com熱心網友回復:
在代碼的第二部分中,您正在檢查用戶是否存在,如果要將管理員與普通用戶分開,則需要檢查用戶型別而不是行數:
/*----- Check User Exists? ------*/
if ($checkuser === 0){
// This area will execute when user not exists.
}else if($checkuser === 1){ // I suggest to add 'else' in here
/*----- Get user Data ------*/
$_SESSION[ 'user' ] = $user['username'];
$_SESSION[ 'type'] = $user['type'];
/*----- Check Privilage In here ------*/
if($user['type'] == 1){ // If your admin type == 1 then use it else change '1' in here
header('location:Admin.php');
}else{
header('location:User.php');
}
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/407919.html
標籤: