我想知道如何让它发挥作用或是否有可能。我的应用程序不是由管理员访问所有用户帐户构建的,但现在我希望它可以访问所有帐户。
感谢。 (虽然我还没有尝试任何东西,只是不知道如何开始,我不想重新开始:建议)
我目前的登录代码是:
if(isset($_POST['login'])){
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$stmt = $pdo->prepare("SELECT password FROM tablename WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1){
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD</div></p>';
}else{
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
//$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "PROCESSING";
//$stmt = $pdo->query("SELECT status FROM ca_confirmed WHERE username ='$_SESSION[username]'");
$stmt = $pdo->query("SELECT status FROM tablename WHERE username ='$username'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
$_SESSION['username'] = $username;
if(strcmp($status, $status1) == 0){
header("location: completed/index.php");
exit();
}elseif(strcmp($status, $status2) == 0){
header("location: uncompleted/index.php");
//exit();
}
}else{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD again</div></p>';
}
}
}
答案 0 :(得分:0)
当用户登录时,检查他们是否是管理员,如果是,请设置会话变量,如:
$admin = $row['admin'];
$_SESSION['admin'] = $admin;
然后您的后期代码可以检查其中一个变量;如果是,则跳过检查帐户是否属于登录用户。