登录php代码,admin / user的不同内容:

时间:2013-12-17 17:08:02

标签: php mysql login

请您帮我弄清楚如何使用if语句向不同类型的用户显示不同的内容。

这是我在另一个问题上找到的代码:

  if($_SESSION['usertype'] == 2){  //do stuff here}  if ($_SESSION['usertype']) == 1) { //do stuff here }

我想在只有成员可以查看该页面的页面上使用它,并且根据用户类型,它应该显示不同的内容。

但是当用户登录时,我无法在登录页面中发送usertype,这是在那里使用的代码(login.php):

<?php 

// First we execute our common code to connection to the database and start the session 
require("common.php"); 

// This variable will be used to re-display the user's username to them in the 
// login form if they fail to enter the correct password.  It is initialized here 
// to an empty value, which will be shown if the user has not submitted the form. 
$submitted_username = ''; 

// This if statement checks to determine whether the login form has been submitted 
// If it has, then the login code is run, otherwise the form is displayed 
if(!empty($_POST)) 
{ 
    // This query retreives the user's information from the database using 
    // their username. 
    $query = " 
        SELECT 
            id, 
            username, 
            password, 
            salt, 
            email 
            usertype
        FROM users 
        WHERE 
            username = :username 
    "; 

    // The parameter values 
    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 

    try 
    { 
        // Execute the query against the database 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // This variable tells us whether the user has successfully logged in or not. 
    // We initialize it to false, assuming they have not. 
    // If we determine that they have entered the right details, then we switch it to true. 
    $login_ok = false; 

    // Retrieve the user data from the database.  If $row is false, then the username 
    // they entered is not registered. 
    $row = $stmt->fetch(); 
    if($row) 
    { 
        // Using the password submitted by the user and the salt stored in the database, 
        // we now check to see whether the passwords match by hashing the submitted password 
        // and comparing it to the hashed version already stored in the database. 
        $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
        for($round = 0; $round < 65536; $round++) 
        { 
            $check_password = hash('sha256', $check_password . $row['salt']); 
        } 

        if($check_password === $row['password']) 
        { 
            // If they do, then we flip this to true 
            $login_ok = true; 
        } 
    } 

    // If the user logged in successfully, then we send them to the private members-only page 
    // Otherwise, we display a login failed message and show the login form again 
    if($login_ok) 
    { 
        // Here I am preparing to store the $row array into the $_SESSION by 
        // removing the salt and password values from it.  Although $_SESSION is 
        // stored on the server-side, there is no reason to store sensitive values 
        // in it unless you have to.  Thus, it is best practice to remove these 
        // sensitive values first. 
        unset($row['salt']); 
        unset($row['password']); 

        // This stores the user's data into the session at the index 'user'. 
        // We will check this index on the private members-only page to determine whether 
        // or not the user is logged in.  We can also use it to retrieve 
        // the user's details. 
        $_SESSION['user'] = $row; 
        $_SESSION['usertype'] = $row; 


        // Redirect the user to the private members-only page. 
     header("Location: dashboard.php"); 
      die("Redirecting to: dashboard.php"); 
    } 
    else 
    { 
        // Tell the user they failed 
        print("Login Failed."); 

        // Show them their username again so all they have to do is enter a new
        // password.  The use of htmlentities prevents XSS attacks.  You should
        // always use htmlentities on user submitted values before displaying them
        // to any users (including the user that submitted them).  For more information:
        // http://en.wikipedia.org/wiki/XSS_attack
        $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
    }
}
?>

我需要在此代码中进行哪些更改? 我对这一切都很陌生,感谢任何帮助。

1 个答案:

答案 0 :(得分:0)

您需要修改if($login_ok)部分的最后一位,以便正确设置$_SESSION个变量:

if($login_ok)
{
    ...
    $_SESSION['user'] = $row['username'];
    $_SESSION['usertype'] = $row['usertype'];
    ...
}

从我在代码中看到的内容,如果其余部分正常工作,则dashboard.php页面应该能够像这样访问它:

<?php
require("common.php");

if($_SESSION['usertype'] == 2) {
    //do stuff here
} elseif($_SESSION['usertype']) == 1) {
    //do stuff here
}
?>
相关问题
最新问题