以管理员和普通用户身份登录

时间:2013-10-11 02:18:55

标签: php mysql sql 

database hs_hr_users

user_name    user_password     is_admin
admin          qwe123            Yes
999999         123qwe            No

这里我只为普通用户提供checklong,并且正常工作。但我需要使用列is_admin = 'Yes'

以管理员身份登录

checklogin.php 

$host="localhost"; // test local
$username="ess_las_admin"; // Mysql username 
$password="esslasadmin"; // Mysql password 
$db_name="ess_las_admin"; // Database name 
$tbl_name="hs_hr_users"; // Table name user
$tbl_name2 ="hs_hr_employee" ; //
$db = mysql_connect($host, $username, $password); 
$link = mysql_select_db($db_name,$db);
ob_start();

// Connect to server and select databse.
$link = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = md5(stripslashes($mypassword));
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name a, $tbl_name2 b WHERE a.emp_number=b.emp_number AND a.user_name='$myusername' and a.user_password='$mypassword' 
        AND (
        b.work_station = '14' 
        OR  b.work_station = '1'
        OR  b.work_station = '15'
        OR  b.work_station = '16'
        OR  b.work_station = '17'
        OR  b.work_station = '18'
        OR  b.work_station = '19'
        OR  b.work_station = '20'
        OR  b.work_station = '21'
        OR  b.work_station = '22'
        OR  b.work_station = '23'
        OR  b.work_station = '24'
        OR  b.work_station = '25'
        OR  b.work_station = '27'
        OR  b.work_station = '28'


        )";
$result=mysql_query($sql);
echo $sql;
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;


//session_register("myusername");
//session_register("mypassword"); 
header("location:dashboard.php");
}
else {
//echo "Wrong Username or Password";
header("Location: login.php?error=1");
}

mysql_close($link);
ob_end_flush();
?>

admin和普通用户的所有数据都在同一个表中。但是,列is_admin = Yes/No区分了两者。如果用户以admin身份登录,则会转到header:location:admin_search.php这是管理员页面。如果用户以普通用户身份登录,则会转到header:location:dashboard.php

1 个答案:

答案 0 :(得分:1)

可能是这样的:

if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;
$row = mysql_fetch_array($result);
$_SESSION['is_admin'] = $row['is_admin'];

并使用$_SESSION['is_admin']执行任何操作。

在您的情况下,对于重定向:

if ($_SESSION['is_admin']=="Yes") { 
    header("location:admin_search.php");
} else {
    header("location:dashboard.php");
}

另一个建议是,将$sql="SELECT * FROM...更改为$sql="SELECT is_admin FROM...

<强> BUT

警告 警告
MYSQL_功能已被弃用
自PHP 5.5.0起,mysql_*函数已弃用,将来将被删除。相反,应使用MySQLiPDO_MySQL扩展名。

相关问题
最新问题