我创建了一个登录页面。
我希望客户和经理从同一页面登录。 我在数据库中将客户和经理分别按角色“”,“经理”(客户表示为空值)分开。
我写了这段代码,但是它没有按预期工作。 当我输入名称和密码并按登录按钮时,它不会转到所需页面,而是保留在登录页面上。
<?php
session_start();
$db=mysqli_connect("localhost","root","","authentication");
if (isset($_POST['login_btn'])) {
$customer_name = mysql_real_escape_string($_POST['customer_name']);
$password = mysql_real_escape_string($_POST['password']);
$password=md5($password);
if(empty($customer_name)&&empty($password)) {
$error="Fields are Mandatory";
} else {
$sql="SELECT *
FROM customers
WHERE customer_name='$customer_name' AND password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result);
$_SESSION['id']=$row['id'];
$_SESSION['role']=$row['role'];
$count=mysqli_num_rows($result);
if($count==1){
if ($row['role']=="manager"){
header("location:manager.php");
}
else if($row['role']==""){
header("location:ueser.php");
}
}else{
$error='Customer_name/password combination incorrect';
}
}
}
?>
答案 0 :(得分:0)
使用elseif代替else if
/* Incorrect Method: */
if ($a > $b):
echo $a." is greater than ".$b;
else if ($a == $b): // Will not compile.
echo "The above line causes a parse error.";
endif;
/* Correct Method: */
if ($a > $b):
echo $a." is greater than ".$b;
elseif ($a == $b): // Note the combination of the words.
echo $a." equals ".$b;
else:
echo $a." is neither greater than or equal to ".$b;
endif;
答案 1 :(得分:0)
有许多需要明智的代码。我留下了一些其他注释,您可以在其中更好地编写此代码。我认为您的主要问题是您需要使用标头重定向有点不同。我相信L中的Location应该是大写字母,应该是Location: url空白,页面必须是url。
此外,当可能添加更多角色时,我将使用if else切换。 但是,如果您不检查访问页面的用户是否有访问权限,则执行此重定向是没有用的。身份验证与授权。
<?php
session_start();
$db=mysqli_connect("localhost","root","","authentication");
if (isset($_POST['login_btn'])) {
if(empty($_POST['customer_name'])&&empty($_POST['password'])) {
$error="Fields are Mandatory";
} else {
//You cannot mess with them before check if empty md5 will hash a space and null
//Use prepared statements and the mysql_real_escape_string is not needed
$customer_name = mysql_real_escape_string();
//I really am not sure that mysql_real_escape_string before your hash is a good idea...
//You will be hashing the escaped version of it.
$password = mysql_real_escape_string($_POST['password']);
//This is not secure either check out.
//http://php.net/manual/en/function.password-hash.php
//http://php.net/manual/en/function.password-verify.php
$password=md5($password);
//http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
$sql="SELECT *
FROM customers
WHERE customer_name='$customer_name' AND password='$password'";
//You can drop the password from the query and check what is returned
//In the results with using password_verify)
$result=mysqli_query($db,$sql);
//Check this upfront and do work if you meet it.
//I assume that username is unique so you should
//Want to do something if one is returned
if(mysqli_num_rows($result) == 1){;
$row=mysqli_fetch_array($result);
$_SESSION['id']=$row['id'];
$_SESSION['role']=$row['role'];
//For the page I would use a switch
switch ($_SESSION['role']) {
case "manager":
//Capital L and a space
//Also it should be a url so example
header("Location: http://localhost/manager.php");
break;
default:
//Capital L and a space
//Also it should be a url so example
header("Location: http://localhost/user.php");
break;
}
}else{
$error='Customer_name/password combination incorrect';
}
}
}