在我的数据库中,有一个名为'角色'的行,它是admin还是用户登录的特定的。
当然,管理员和用户具有不同的功能。
这是我的登录过程代码。
<?php
include 'database_conn.php'; // make db connection
ini_set("session.save_path", "../../sessionData");
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>
</title>
</head>
<body>
<?php
$username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName']: null;
$passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd']: null;
$username = trim($username);
$passWD = trim($passWD);
//before we query from the database , we have to standartise
// create an empty array
if (empty($username)){
die("No username entered.");
}
if (empty($passWD)){
die("No password entered.");
}
/* Query the users database table to get the password hash for the username entered by the user in the logon form */
$sql = "SELECT password ,userID FROM t_user WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql); // prepare the sql statement
/* Bind the $username entered by the user to the prepared statement. Note the “s” part indicates the data type used – in this case a string */
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);// execute the query
/* Get the password hash from the query results for the given username and store it in the variable indicated */
mysqli_stmt_bind_result($stmt, $passWDHash,$userID);
/* Check if a record was returned by the query. If yes, then there was a username matching what was entered in the logon form and we can now test to see if the password entered in the logon form is the same as the stored (correct) one in the database. */
if (mysqli_stmt_fetch($stmt)) {
$_SESSION['uName'] = $username;
$_SESSION['uID'] = $userID;
//PASSWORD CORRECT
if (password_verify($passWD, $passWDHash)) {
$_SESSION['logged-in'] = true;
echo "<p>Welcome back " .$_SESSION['uName']."</p>n";
echo "<p>Welcome back " .$_SESSION['uID']."</p>n";
echo "<p>Password correct!</p>n";
echo "<p><a href='logout.php'>Logout</a></p>";
}
else {
echo "<p>Password incorrect.</p>n";
}
}
else {
echo "<p>Sorry we don't seem to have that username.</p>";
}
//this line should determine whether it is user or admin is login
$result = mysqli_query($conn,$sql);
if($result)
{
$row = mysqli_fetch_assoc($result);
$user_type = $row['role']; // you get user type here whether he's admin or login
if ($user_type == 'admin') {
echo " this is admin";
//header to admin page
}
elseif ($user_type == 'user') {
echo "this is user" ;
//header to user page
}
else{
echo "query failed";
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
</body>
</html>
代码不起作用,因为它应该显示登录角色。
看来角色无法确定
还是还有其他方法可以这样做?
代码不起作用,因为它应该显示登录角色。好像 角色无法确定
发生的原因是因为您没有定义的索引角色。该行应该发出未定义索引的通知:$user_type = $row['role'];,因为您没有选择角色的SQL语句中的角色不确定。这是您的陈述:$sql = "SELECT password ,userID FROM t_user WHERE username = ?";您可以看到您在代码中没有在任何地方选择角色,我也不明白您在这里要实现什么:$result = mysqli_query($conn,$sql);
您已经准备了一份语句并执行了该语句,因此您不需要运行其他查询来确定用户的角色,这可以通过单个查询来完成。
这就是您可以实现这一目标的方式:
<?php
ob_start();
session_start();
ini_set("session.save_path", "../../sessionData");
include 'database_conn.php'; // make db connection
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<?php
$username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName'] : null;
$passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd'] : null;
$username = trim($username);
$passWD = trim($passWD);
//before we query from the database , we have to standartise
// create an empty array
if (empty($username)) {
die("No username entered.");
}
if (empty($passWD)) {
die("No password entered.");
}
/* Query the users database table to get the password hash for the username entered by the user in the logon form */
$sql = "SELECT password ,userID,role FROM t_user WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql); // prepare the sql statement
/* Bind the $username entered by the user to the prepared statement. Note the “s” part indicates the data type used – in this case a string */
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt); // execute the query
/* Get the password hash from the query results for the given username and store it in the variable indicated */
mysqli_stmt_bind_result($stmt, $passWDHash, $userID, $user_type);
/* Check if a record was returned by the query. If yes, then there was a username matching what was entered in the logon form and we can now test to see if the password entered in the logon form is the same as the stored (correct) one in the database. */
if (mysqli_stmt_fetch($stmt)) {
$_SESSION['uName'] = $username;
$_SESSION['uID'] = $userID;
//PASSWORD CORRECT
if (password_verify($passWD, $passWDHash)) {
$_SESSION['logged-in'] = true;
echo "<p>Welcome back " . $_SESSION['uName'] . "</p>n";
echo "<p>Welcome back " . $_SESSION['uID'] . "</p>n";
echo "<p>Password correct!</p>n";
echo "<p><a href='logout.php'>Logout</a></p>";
// check user role
if ($user_type == 'admin') {
echo " this is admin";
//header to admin page
} elseif ($user_type == 'user') {
echo "this is user";
//header to user page
}
} else {
echo "<p>Password incorrect.</p>n";
}
}
else {
echo "<p>Sorry we don't seem to have that username.</p>";
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
</body>
</html>
nb:重要的是,您仍然启用错误报告时仍在 在您的本地主机上工作,以便您可以看到这些通知和小 您正在做的错误:在页面顶部添加:
ini_set('display_errors', 1); `error_reporting(E_ALL);`,而且您必须始终检查位于
apache/logs/error.log中的服务器错误日志