登录前检查用户状态

Question

在他/她可以登录他/她的帐户之前，我已经编写了几个小时的代码来尝试检查用户状态（活动，非活动，暂停，禁用等），但似乎没有任何工作。

以下是代码。

<?php

if (!defined('included')){
die('You cannot access this file directly!');
}

//log user in ---------------------------------------------------
function login($user, $pass){

   //strip all tags from varible   

   $user = strip_tags(mysql_real_escape_string($user));
   $pass = strip_tags(mysql_real_escape_string($pass));   
   $status = 'active';
   $salt = sha1('_wchs2242%..father%/**...mygreenparrot_password&username\--\__/heelo"@@@@@@.');
   $password = md5($pass.$salt);


   //$pass = md5($pass);

   // check if the user id and password combination exist in database
   $sql = "SELECT * FROM panel_users WHERE username = '$user' AND password = '$password'  ";
   $result = mysql_query($sql) or die('Query failed. ' . mysql_error());


   if (mysql_num_rows($result) == 1) {

      // the username and password match,
      // set the session
      $_SESSION['authorized'] = true;
      $_SESSION['user'] = $user;


      // direct to admin
      header('Location: '.DIRADMIN);
      exit();
   } else {
    $cs = mysql_fetch_array($result);
    $sta = $cs['status'];
       if($sta == 'suspended'){
          $_SESSION['sus'] = 'Your account is being suspended';
       }
       elseif($sta == "inactive"){
          $_SESSION['ina'] = 'You\'re not yet authorized.';
       }else{
    // define an error message
    $_SESSION['error'] = 'Sorry, wrong username or password';
       }
   }
}

// Authentication
function logged_in() {
    if($_SESSION['authorized'] == true) {
        return true;
    } else {
        return false;
    }   
}

function login_required() {
    if(logged_in()) {   
        return true;
    } else {
        header('Location: '.DIRADMIN.'login');
        exit();
    }   
}

function logout(){
    unset($_SESSION['authorized']);
    header('Location: '.SITEDIR.'login');
    exit();
}

// Render error messages
function messages() {
    $message = '';
    if($_SESSION['success'] != '') {
        $message = '<div class="alert-success">'.$_SESSION['success'].'</div>';
        $_SESSION['success'] = '';
    }
    if($_SESSION['error'] != '') {
        $message = '<div class="alert-warning">'.$_SESSION['error'].'</div>';
        $_SESSION['error'] = '';
    }
    if($_SESSION['sus'] != '') {
        $message = '<div class="alert-warning">'.$_SESSION['sus'].'</div>';
        $_SESSION['sus'] = '';
    }
    if($_SESSION['ina'] != '') {
        $message = '<div class="alert-warning">'.$_SESSION['ina'].'</div>';
        $_SESSION['ina'] = '';
    }


    echo "$message";
}

function errors($error){
    if (!empty($error))
    {
            $i = 0;
            while ($i < count($error)){
            $showError.= "<div class=\"msg-error\">".$error[$i]."</div>";
            $i ++;}
            echo $showError;
    }// close if empty errors
} // close function


?>

任何人都知道我可能做错了什么？

Answer 1

仅当用户名和密码匹配时，

List<String> strings = stream .map(Object::toString) .collect(ArrayList::new, ArrayList::add, ArrayList::addAll); 才会包含行 否则$result它将为NULL 因此，每次$result其他{}不起作用，我认为会出错。 所以试试这个代码

if (mysql_num_rows($result) == 1) {}else{}