我有以下检查用户登录的功能。在当前状态下,它会检查用户名或电子邮件和密码(散列),如果结果与数据库中的结果匹配,它会返回一些值(如果你不能,请抽象其他没有意义的变量或函数看到他们):
// Start Checking The Login Credentials
public function checkUserLogin($username, $password) {
$password = hash_hmac('sha512', $password, $this->salt($password));
if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $username)){
$identifier = 'user_email';
} else {
$identifier = 'user_username';
}
$sql = 'SELECT user_username,user_level FROM users WHERE '.$identifier.' = ? AND user_password = ?';
// Check Login Attempts
if (isset($_SESSION['attempts']) && $_SESSION['attempts'] >= NUMBER_OF_ATTEMPTS) {
$lockdown = true;
$message['lockdown'] = true;
$message['message'] = SYSTEM_LOCKDOWN_MESSAGE;
return json_encode($message);
} else {
if ($stmt = $this->connect->prepare($sql)) {
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $level);
if ($stmt->fetch()) {
$stmt->close();
$_SESSION['member_logged_in'] = true;
$_SESSION['username'] = $username;
$_SESSION['level'] = $level;
$_SESSION['attempts'] = 0;
$ip = $this->getIP();
$sql = "UPDATE users SET user_last_login_date = NOW(), user_last_login_ip = '$ip' WHERE user_username = '$username'";
if ($stmt = $this->connect->prepare($sql)) {
$stmt->execute();
$stmt->close();
} else {
$error = true;
$message['error'] = true;
$message['message'] = CANNOT_PREPARE_DATABASE_CONNECTION_MESSAGE;
return json_encode($message);
}
$message['level'] = $level;
if( $level = 0 ) {
$_SESSION['standard'] = true;
} elseif( $level = 1 ) {
$_SESSION['special'] = true;
} elseif( $level = 2 ) {
$_SESSION['admin'] = true;
}
$error = false;
$message['error'] = false;
$message['message'] = SUCCESFUL_LOGIN_MESSAGE;
return json_encode($message);
} else {
@$_SESSION['attempts'] = $_SESSION['attempts'] + 1;
$error = true;
$message['error'] = true;
$message['message'] = FAILED_LOGIN_MESSAGE;
return json_encode($message);
}
}
}
}
现在,我要做的是,如果在数据库中找到凭据并匹配,则在返回值之前,检查数据库中名为 user_disabled
的另一个值可以是 0
或 1
如果1
找到值返回另一条消息,类似于 This account has been disabled
如果0
找到后,像以前一样继续其余代码(成功登录)。
我有以下代码,大致可以满足我的需要,但是当我尝试将其放入此公共(public)函数中时,它不起作用:
$sql = "SELECT user_disabled FROM users WHERE user_username = '$username'";
if ($stmt = $this->connect->prepare($sql)) {
$stmt->execute();
$stmt->bind_result($disabled);
$stmt->fetch();
$stmt->close();
if($disabled = 0){
/* Here is what should happen if the user is not blocked | The code after "$stmt->fetch()" */
} else {
@$_SESSION['attempts'] = $_SESSION['attempts'] + 1;
$error = true;
$message['error'] = true;
$message['message'] = 'ceva';
return json_encode($message);
}
} else {
$error = true;
$message['error'] = true;
$message['message'] = CANNOT_PREPARE_DATABASE_CONNECTION_MESSAGE;
return json_encode($message);
}
有人可以帮我解决这个问题吗,因为我不知道该怎么做?
最佳答案
线
if($disabled = 0){
应该阅读
if($disabled == 0){
关于php - 如果从数据库中选择的值为 1,如何阻止用户?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9030017/