管理员和客户登录Php

时间:2017-01-04 23:07:39

标签: php mysql

我有一些代码试图检查用户是管理员还是客户才能登录,然后有一个问题我无法解决。当我使用客户用户的帐户登录时,例如使用redhood作为我的客户的用户名来访问客户登录页面。但是,当我使用管理员用户的帐户登录时,例如使用wolfpack作为我的管理员用户名,它会将我重定向到客户登录页面而不是管理员登录页面。但我不知道我需要更改哪个 php代码。有人能解决这个问题吗?谢谢!

MySql数据库:

enter image description here

Signin.html 

<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/signin/signin_desktop.css">
<link rel="stylesheet" type="text/css" href="css/signin/signin_tablet.css" media="screen and (max-width:768px)">
<link rel="stylesheet" type="text/css" href="css/signin/signin_mobile.css" media="screen and (max-width:480px)">

</head>


<body>

<div id="wrapper">

<header>

<nav id="mainMenu">
  <img src="logo/logo.png" id="logo">
  <ul>
    <li><a href="home.html">Home</a></li>
    <li><a href="about.html">About</a></li>
    <li><a href="rates.html">Booking Rates</a></li>
    <li><a href="facilities.html">Recreation</a></li>
  </ul>  
</nav>

</header>


<section id="banner">

    <div id="ritu" class="shadow">
       <img src="images/content_pure.jpg">
       <img src="images/Sports-Hub-Gym.jpg">
       <img src="images/gym.jpg">
       <img src="images/ClubFitt2jpg.jpg"> 
    </div>
</section>


<section id="content">

<div id="sign">
    <div class="user">
      <h2>Existing User</h2>

      <form action="checkuser.php" method="post">
        <p style="color:white;">Username:</p> 
       <input type="text" name="uname" size="25" maxlength="20" placeholder="Please enter your username" required><br><br>
        <p style="color:white;">Password:</p> 
       <input type="password" name="pword" size="25" maxlength="20" placeholder="Please enter your password" pattern=".{6,}" required><br><br>
        <input type="submit" name="loginbtn" value="">
      </form>

      <?php

      if(isset($_GET['uname']) && isset($_GET['pword']))
      {
          echo "<script>alert('Invalid Username and Password.')</script>";
      }
      ?> 

    </div>

    <div class="user">
      <h2>New User</h2>

      <a href="createacc.html"><img id="create" src="button/CREATE%20ACCOUNT.png"></a>

      <p style="color:white;">Ads:</p>

      <div id="ads">
        <div class="row">
            <div class="image">
              <img id="minilogo" src="logo/logo.png">
                <div id="advt">
                   Download Now
                </div>
            </div>

            <div class="image">
              <img id="apps" src="images/myActiveSG%20APP.jpg">
            </div>
        </div>   


      </div>
    </div>

</div>


</section>


<footer>

<p>© Copyright 2016 SportLab. All Rights Reserved.</p>   
<nav id="submenu">
    <ul>
       <li><a href="#">Sitemap &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;| </a></li>
       <li><a href="contact.html">&nbsp;&nbsp;&nbsp;Contact &nbsp;&nbsp;&nbsp;&nbsp;|</a></li>
       <li><a href="term.html">Term of Use  </a></li>
       <li><a href="privacy.html">| &nbsp;&nbsp;&nbsp;&nbsp;Privacy </a></li>
    </ul>
</nav>


</footer>

</div>

</body>
</html>

PHP 

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Check Login</title>
</head>

<body>
<?php


if(isset($_POST["loginbtn"])) 
{
      $u=$_POST['uname'];
      $p=$_POST['pword'];

      $conn=mysqli_connect("localhost", "root", "" , "M3_156020K_Syahri_SportFacility");
      $sql = "SELECT * FROM create_user WHERE username='" .$u. "' AND password='" .$p. "' ";
      $search_result=mysqli_query($conn, $sql);

      $userfound=mysqli_num_rows($search_result);

      if($userfound >= 1)
      {
           session_start();
           $_SESSION['MM_Username']= $u; 

           $row=mysql_fetch_assoc($search_result);

           if($row['role'] == 1)
           {
               header("Location: login_admin.html");
           }
           else
           {
               header("Location: login_cust.html");
           }
      }
      else
      {
           header("Location: signin.html?uname=" . $u . "&pword=" . $p);
      }



  mysqli_close($conn);  

}

 ?>

2 个答案:

答案 0 :(得分:2)

快速浏览一下,您应该纠正的一件事就是在完成会话之后才发送输出。另外,正如Rafael提到的那样,您正在检查字段是否等于1,而不是字段中的实际值。

例如,将html块移动到您的条件之后(更新此示例以使用预准备语句):

#include <stdio.h>
#include "cblas.h"
#include "lapacke.h"

// inplace inverse n x n matrix A.
// matrix A is Column Major (i.e. firts line, second line ... *not* C[][] order)
// returns:
//   ret = 0 on success
//   ret < 0 illegal argument value
//   ret > 0 singular matrix

lapack_int matInv(double *A, unsigned n)
{
    int ipiv[n+1];
    lapack_int ret;

    ret =  LAPACKE_dgetrf(LAPACK_COL_MAJOR,
                          n,
                          n,
                          A,
                          n,
                          ipiv);

    if (ret !=0)
        return ret;


    ret = LAPACKE_dgetri(LAPACK_COL_MAJOR,
                       n,
                       A,
                       n,
                       ipiv);
    return ret;
}

int main()
{
    double A[] = {
        0.378589,   0.971711,   0.016087,   0.037668,   0.312398,
        0.756377,   0.345708,   0.922947,   0.846671,   0.856103,
        0.732510,   0.108942,   0.476969,   0.398254,   0.507045,
        0.162608,   0.227770,   0.533074,   0.807075,   0.180335,
        0.517006,   0.315992,   0.914848,   0.460825,   0.731980
    };

    for (int i=0; i<25; i++) {
        if ((i%5) == 0) putchar('\n');
        printf("%+12.8f ",A[i]);
    }
    putchar('\n');

    matInv(A,5);

    for (int i=0; i<25; i++) {
        if ((i%5) == 0) putchar('\n');
        printf("%+12.8f ",A[i]);
    }
    putchar('\n');
}

在一天结束时,我会认真考虑从头开始编写自己的登录系统,特别是考虑到明显缺乏对明显安全漏洞的关注。我会推荐一个开箱即用的软件包,例如otp-thing,或者你必须自己编写整个门户网站,比如Laravel / etc。

答案 1 :(得分:1)

除了其他人所说的代码中的安全问题,回答你的问题...... 你的情况是错误的

if($row['role'] == 1)应更改为if ($row['role'] == "Admin")

在您的情况下,该角色从不 1,因此始终会将else条件发送到login_cust.html

您的数据库角色仅为UserAdmin。改变条件。

相关问题
最新问题