我有一些代码试图检查用户是管理员还是客户才能登录,然后有一个问题我无法解决。当我使用客户用户的帐户登录时,例如使用redhood作为我的客户的用户名来访问客户登录页面。但是,当我使用管理员用户的帐户登录时,例如使用wolfpack作为我的管理员用户名,它会将我重定向到客户登录页面而不是管理员登录页面。但我不知道我需要更改哪个 php代码。有人能解决这个问题吗?谢谢!
MySql数据库:
Signin.html
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/signin/signin_desktop.css">
<link rel="stylesheet" type="text/css" href="css/signin/signin_tablet.css" media="screen and (max-width:768px)">
<link rel="stylesheet" type="text/css" href="css/signin/signin_mobile.css" media="screen and (max-width:480px)">
</head>
<body>
<div id="wrapper">
<header>
<nav id="mainMenu">
<img src="logo/logo.png" id="logo">
<ul>
<li><a href="home.html">Home</a></li>
<li><a href="about.html">About</a></li>
<li><a href="rates.html">Booking Rates</a></li>
<li><a href="facilities.html">Recreation</a></li>
</ul>
</nav>
</header>
<section id="banner">
<div id="ritu" class="shadow">
<img src="images/content_pure.jpg">
<img src="images/Sports-Hub-Gym.jpg">
<img src="images/gym.jpg">
<img src="images/ClubFitt2jpg.jpg">
</div>
</section>
<section id="content">
<div id="sign">
<div class="user">
<h2>Existing User</h2>
<form action="checkuser.php" method="post">
<p style="color:white;">Username:</p>
<input type="text" name="uname" size="25" maxlength="20" placeholder="Please enter your username" required><br><br>
<p style="color:white;">Password:</p>
<input type="password" name="pword" size="25" maxlength="20" placeholder="Please enter your password" pattern=".{6,}" required><br><br>
<input type="submit" name="loginbtn" value="">
</form>
<?php
if(isset($_GET['uname']) && isset($_GET['pword']))
{
echo "<script>alert('Invalid Username and Password.')</script>";
}
?>
</div>
<div class="user">
<h2>New User</h2>
<a href="createacc.html"><img id="create" src="button/CREATE%20ACCOUNT.png"></a>
<p style="color:white;">Ads:</p>
<div id="ads">
<div class="row">
<div class="image">
<img id="minilogo" src="logo/logo.png">
<div id="advt">
Download Now
</div>
</div>
<div class="image">
<img id="apps" src="images/myActiveSG%20APP.jpg">
</div>
</div>
</div>
</div>
</div>
</section>
<footer>
<p>© Copyright 2016 SportLab. All Rights Reserved.</p>
<nav id="submenu">
<ul>
<li><a href="#">Sitemap | </a></li>
<li><a href="contact.html"> Contact |</a></li>
<li><a href="term.html">Term of Use </a></li>
<li><a href="privacy.html">| Privacy </a></li>
</ul>
</nav>
</footer>
</div>
</body>
</html>
PHP
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Check Login</title>
</head>
<body>
<?php
if(isset($_POST["loginbtn"]))
{
$u=$_POST['uname'];
$p=$_POST['pword'];
$conn=mysqli_connect("localhost", "root", "" , "M3_156020K_Syahri_SportFacility");
$sql = "SELECT * FROM create_user WHERE username='" .$u. "' AND password='" .$p. "' ";
$search_result=mysqli_query($conn, $sql);
$userfound=mysqli_num_rows($search_result);
if($userfound >= 1)
{
session_start();
$_SESSION['MM_Username']= $u;
$row=mysql_fetch_assoc($search_result);
if($row['role'] == 1)
{
header("Location: login_admin.html");
}
else
{
header("Location: login_cust.html");
}
}
else
{
header("Location: signin.html?uname=" . $u . "&pword=" . $p);
}
mysqli_close($conn);
}
?>
答案 0 :(得分:2)
快速浏览一下,您应该纠正的一件事就是在完成会话之后才发送输出。另外,正如Rafael提到的那样,您正在检查字段是否等于1,而不是字段中的实际值。
例如,将html块移动到您的条件之后(更新此示例以使用预准备语句):
#include <stdio.h>
#include "cblas.h"
#include "lapacke.h"
// inplace inverse n x n matrix A.
// matrix A is Column Major (i.e. firts line, second line ... *not* C[][] order)
// returns:
// ret = 0 on success
// ret < 0 illegal argument value
// ret > 0 singular matrix
lapack_int matInv(double *A, unsigned n)
{
int ipiv[n+1];
lapack_int ret;
ret = LAPACKE_dgetrf(LAPACK_COL_MAJOR,
n,
n,
A,
n,
ipiv);
if (ret !=0)
return ret;
ret = LAPACKE_dgetri(LAPACK_COL_MAJOR,
n,
A,
n,
ipiv);
return ret;
}
int main()
{
double A[] = {
0.378589, 0.971711, 0.016087, 0.037668, 0.312398,
0.756377, 0.345708, 0.922947, 0.846671, 0.856103,
0.732510, 0.108942, 0.476969, 0.398254, 0.507045,
0.162608, 0.227770, 0.533074, 0.807075, 0.180335,
0.517006, 0.315992, 0.914848, 0.460825, 0.731980
};
for (int i=0; i<25; i++) {
if ((i%5) == 0) putchar('\n');
printf("%+12.8f ",A[i]);
}
putchar('\n');
matInv(A,5);
for (int i=0; i<25; i++) {
if ((i%5) == 0) putchar('\n');
printf("%+12.8f ",A[i]);
}
putchar('\n');
}
在一天结束时,我会认真考虑从头开始编写自己的登录系统,特别是考虑到明显缺乏对明显安全漏洞的关注。我会推荐一个开箱即用的软件包,例如otp-thing,或者你必须自己编写整个门户网站,比如Laravel / etc。
答案 1 :(得分:1)
除了其他人所说的代码中的安全问题,回答你的问题...... 你的情况是错误的:
if($row['role'] == 1)
应更改为if ($row['role'] == "Admin")
在您的情况下,该角色从不 1
,因此始终会将else
条件发送到login_cust.html
。
您的数据库角色仅为User
和Admin
。改变条件。