你能帮我解决我的代码有问题吗?下面的代码是登录过程页面,我想将它重定向到特定页面,管理员主页或用户主页。当我运行它时,那些分配为用户的帐户将重定向到管理页面。我对那些指定为管理员的帐户没有问题,因为它会自动重定向到管理页面。
session_start();
$message = "";
if(count($_POST) > 0){
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("etransmittal", $conn);
$result = mysql_query("SELECT * FROM tbl_userlist WHERE username = '" . $_POST["userid"] . "' AND user_password = '" . $_POST["userpassword"] . "'");
$row = mysql_fetch_array($result);
if(is_array($row)){
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
$_SESSION['userrole'] = $row['userrole_id'];
$_SESSION['firstname'] = $row['fname'];
$_SESSION['middlename'] = $row['mname'];
$_SESSION['lastname'] = $row['lname'];
$_SESSION['nbu'] = $row['nbu'];
$_SESSION['department'] = $row['department'];
$_SESSION['branch'] = $row['branch'];
}
else{
$message = "Invalid username or password";
}
}
/*if(isset($_SESSION['userid'])){
header("location: admin_homepage.php");
}*/
if(isset($_SESSION['userrole']) == '1'){
header("location: admin_homepage.php");
}
else if(isset($_SESSION['userrole']) == '2'){
header("location: user_homepage.php");
}
最佳答案
isset — Determine if a variable is set and is not NULL
你的代码搞砸了 if 和 isset 。它被用作
if (isset($_SESSION['userrole']) && $_SESSION['userrole'] == '1') {
header("location: admin_homepage.php");
} else if (isset($_SESSION['userrole']) && $_SESSION['userrole'] == '2') {
header("location: user_homepage.php");
}
阅读http://php.net/manual/en/function.isset.php
http://php.net/manual/en/control-structures.if.php
Note:- mysql is deprecated instead use mysqli or PDO
你的代码对 sql 注入(inject)是开放的,阅读这个 How can I prevent SQL injection in PHP?
不要将明文密码存入数据库
关于PHP登录重定向流程,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34084586/