php - 如何根据用户的状态和角色登录用户

标签 php mysql authentication

<分区>

我正在创建一个登录页面,用户和管理员将在其中登录 用户将具有角色 = 用户和状态 = 待定,直到管理员将其激活。 我有不同的文件要显示给用户和管理员,在用户内部,有 2 个文件。 1 个用于活跃用户,另一个用于待定用户。

我创建了 if 语句并尝试了 switch 语句。但我在 XAMPP 上收到错误消息“解析错误:语法错误,C:\xampp\htdocs\MakerLab\server.php 中第 109 行的文件意外结束”

这是我的 server.php

...

<?php 
    session_start();

    // variable declaration
    $email = "";
    $status = "";

    $errors = array(); 
    $_SESSION['success'] = "";

    // connect to database
    $db = mysqli_connect('localhost', 'root', '', 'makerlab');

    // REGISTER USER
    if (isset($_POST['reg_user'])) {
        // receive all input values from the form
        $fname = mysqli_real_escape_string($db, $_POST['fname']);
        $lname = mysqli_real_escape_string($db, $_POST['lname']);
        $email = mysqli_real_escape_string($db, $_POST['email']);
        $lewisID = mysqli_real_escape_string($db, $_POST['lewisID']);
        $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
        $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

        // form validation: ensure that the form is correctly filled
        //if (empty($email)) { array_push($errors, "Lewis Email is required"); }
        //if (empty($password_1)) { array_push($errors, "Password is required"); }

        //if ($password_1 != $password_2) {
        //  array_push($errors, "The two passwords do not match");
        //}

    $user_check_query = "SELECT * FROM users WHERE lewisID='$lewisID' OR email='$email' LIMIT 1";
    $result = mysqli_query($db, $user_check_query);
    $user = mysqli_fetch_assoc($result);

    if ($user) { // if user exists
    if ($user['lewisID'] === $lewisID) {
    array_push($errors, "lewisID already exists");
    }

    if ($user['email'] === $email) {
    array_push($errors, "lewisID already exists");
    }
    }

        // register user if there are no errors in the form
        if (count($errors) == 0) {
            $password = md5($password_1);//encrypt the password before saving in the database
            $query = "INSERT INTO users (lewisID,
                                        fname, 
                                        lname, 
                                        email, 
                                        password) 
                        VALUES('$lewisID',
                                '$fname', 
                                '$lname', 
                                '$email',
                                '$password')";
            mysqli_query($db, $query);
            $_SESSION['fname'] = $fname;
            $_SESSION['email'] = $email;
            header('location: pend.php');


    // ... 

    // LOGIN USER
    if (isset($_POST['login_user'])) {
        $email = mysqli_real_escape_string($db, $_POST['email']);
        $password = mysqli_real_escape_string($db, $_POST['password']);

        if (empty($email)) {
            array_push($errors, "Lewis Email is required");
        }
        if (empty($password)) {
            array_push($errors, "Password is required");
        }

        if (count($errors) == 0) {
            $password = md5($password);
            $query = "SELECT * FROM users WHERE email='$email' 
            AND password='$password'";

            $results = mysqli_query($db, $query);

            if (mysqli_num_rows($results) == 1) {
                $_SESSION['email'] = $email;
                $row['status'] = $status;
                $row['role'] = $role;
                if ($status == "Pending" )
                {
                    header('location: pend.php');
                }
                else if ($status == "Active" || $role == "user" )
                {
                    header('location: AccountMain.php');
                }
                else if ($status == "Active" || $role == "admin" )
                {
                    header('location: admain.php');
                }
            } else {
                array_push($errors, "Wrong username/password combination");
            }
        }
    }

?>

...

最佳答案

文件末尾缺少 2 个括号(在 ?> 标记之前)下次您可以使用像 PHPStorm 这样的 IDE 来帮助缩进和格式化。 

<?php

// variable declaration
$email = "";
$status = "";

$errors = array();
$_SESSION['success'] = "";

// connect to database
$db = mysqli_connect('localhost', 'root', '', 'makerlab');

// REGISTER USER
if (isset($_POST['reg_user'])) {
    // receive all input values from the form
    $fname = mysqli_real_escape_string($db, $_POST['fname']);
    $lname = mysqli_real_escape_string($db, $_POST['lname']);
    $email = mysqli_real_escape_string($db, $_POST['email']);
    $lewisID = mysqli_real_escape_string($db, $_POST['lewisID']);
    $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
    $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

    // form validation: ensure that the form is correctly filled
    //if (empty($email)) { array_push($errors, "Lewis Email is required"); }
    //if (empty($password_1)) { array_push($errors, "Password is required"); }

    //if ($password_1 != $password_2) {
    //  array_push($errors, "The two passwords do not match");
    //}

    $user_check_query = "SELECT * FROM users WHERE lewisID='$lewisID' OR email='$email' LIMIT 1";
    $result = mysqli_query($db, $user_check_query);
    $user = mysqli_fetch_assoc($result);

    if ($user) { // if user exists
        if ($user['lewisID'] === $lewisID) {
            array_push($errors, "lewisID already exists");
        }

        if ($user['email'] === $email) {
            array_push($errors, "lewisID already exists");
        }
    }

    // register user if there are no errors in the form
    if (count($errors) == 0) {
        $password = md5($password_1);//encrypt the password before saving in the database
        $query = "INSERT INTO users (lewisID,
                                    fname, 
                                    lname, 
                                    email, 
                                    password) 
                    VALUES('$lewisID',
                            '$fname', 
                            '$lname', 
                            '$email',
                            '$password')";
        mysqli_query($db, $query);
        $_SESSION['fname'] = $fname;
        $_SESSION['email'] = $email;
        header('location: pend.php');
    }
}

// ...

// LOGIN USER
if (isset($_POST['login_user'])) {
    $email = mysqli_real_escape_string($db, $_POST['email']);
    $password = mysqli_real_escape_string($db, $_POST['password']);

    if (empty($email)) {
        array_push($errors, "Lewis Email is required");
    }
    if (empty($password)) {
        array_push($errors, "Password is required");
    }

    if (count($errors) == 0) {
        $password = md5($password);
        $query = "SELECT * FROM users WHERE email='$email' 
        AND password='$password'";

        $results = mysqli_query($db, $query);

        if (mysqli_num_rows($results) == 1) {
            $_SESSION['email'] = $email;
            $row = mysqli_fetch_assoc($results);
            $status = $row['status'];
            $role = $row['role'];
            if ($status == "Pending") {
                header('location: pend.php');
            } else if ($status == "Active" || $role == "user") {
                header('location: AccountMain.php');
            } else if ($status == "Active" || $role == "admin") {
                header('location: admain.php');
            }
        } else {
            array_push($errors, "Wrong username/password combination");
        }
    }
}
?>

关于php - 如何根据用户的状态和角色登录用户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56012964/

上一篇:php - Codeigniter 将查询组合在一个循环中

下一篇:python - 将已部署的 flask 应用程序连接到托管在另一台服务器/提供商上的数据库

相关文章:

c# - SmtpClient 无认证发送

PHP ~ 列数与第 1 行的值数不匹配

php - 希望对每个用户的数据库中的数据进行加密

PHP mysql_query,返回整数而不是资源

mysql - 简化 SQL 中的时间线 (Netezza)

java - 具有 Spring Security 的 OTP

php - System_Daemon 无法打开流/var/log/mydaemonname.log

php - 从 php 运行 mysql 查询

mysql - SQL 查询以检查 X 分钟内重复消息的数量?

android - 通过应用程序服务器问题进行 Sinch 身份验证

©2024 IT工具网  联系我们