我们被指示为不同类型的用户( super 管理员和管理员)使用两个表,这使得我们的代码比应有的更加复杂。
我有一个登录查询,用于验证用户是否已被 super 管理员帐户禁用。
但是,我的代码仅登录管理员帐户,每次我尝试登录 super 管理员帐户时,它只显示最后一个 Else,显示我使用了无效的密码/用户。
<?php
include "config.php";
if(isset($_POST['username']) && isset($_POST['password']))
{
$username = $_POST ['username'];
$password = md5($_POST['password']);
$stmt = $db -> prepare("SELECT * FROM users WHERE username=? AND password=?");
$stmt -> bindParam(1, $username);
$stmt -> bindParam(2, $password);
$stmt ->execute();
$stmt2 = $db -> prepare ("SELECT * FROM sa_users WHERE username=? AND password=?");
$stmt2 -> bindParam(1, $username);
$stmt2 -> bindParam(2, $password);
$stmt2 ->execute();
$row = $stmt->fetch();
$row2 = $stmt2->fetch();
$user = $row['username'];
$pass = $row['password'];
$id = $row['user_id'];
$id2 = $row2['sa_id'];
$type = $row['type'];
$type2 = $row2['type'];
$user_status = $row['user_status'];
if ($user_status == 'Disable')
{
?>
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
<strong>Error!</strong> Your account has been disabled!
</div>
<?php
} else {
if($username==$user && $pass==$password && $type2 == 'Super_Admin')
{
session_start();
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
$_SESSION['sa_id'] = $id2;
$_SESSION['type'] = $type2;
?>
<script>window.location.href='index.php'</script>
<?php
} else {
if ($username==$user && $pass==$password && $type=='Admin')
{
session_start();
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
$_SESSION['user_id'] = $id;
$_SESSION['type'] = $type;
?>
<script>window.location.href='index.php'</script>
<?php
} else {
if ($username!=$user && $pass!=$password)
{
?>
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
<strong>Error!</strong> Wrong Password/Username.
</div>
<?php
}
}
}
}
}
?>
最佳答案
您的 if 语句仅检查管理员用户和密码。 它错过了这个变量初始化:
$user2 = $row2['username'];
$pass2 = $row2['password'];
当您检查 super 管理员登录凭据时,您将使用管理员表中的用户名和密码进行检查,而不是 super 管理员表中的用户名和密码。
因此:
if($username==$user && $pass==$password
而不是:
if($username==$user2 && $pass2==$password
还有一些行使用了本应来自 super 管理员的管理员值。
这是我更新的下面的代码。还没有测试过。希望它运行良好。
<?php
include "config.php";
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST ['username'];
$password = md5($_POST['password']);
$stmt = $db -> prepare("SELECT * FROM users WHERE username=? AND password=?");
$stmt -> bindParam(1, $username);
$stmt -> bindParam(2, $password);
$stmt ->execute();
$stmt2 = $db -> prepare ("SELECT * FROM sa_users WHERE username=? AND password=?");
$stmt2 -> bindParam(1, $username);
$stmt2 -> bindParam(2, $password);
$stmt2 ->execute();
$row = $stmt->fetch();
$row2 = $stmt2->fetch();
$user = $row['username'];
$pass = $row['password'];
$user2 = $row2['username'];
$pass2 = $row2['password'];
$id = $row['user_id'];
$id2 = $row2['sa_id'];
$type = $row['type'];
$type2 = $row2['type'];
$user_status = $row['user_status'];
if ($user_status == 'Disable')
{
?>
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
<strong>Error!</strong> Your account has been disabled!
</div>
<?php
} else {
if($username==$user2 && $pass2==$password && $type2 == 'Super_Admin')
{
session_start();
$_SESSION['username'] = $user2;
$_SESSION['password'] = $pass2;
$_SESSION['sa_id'] = $id2;
$_SESSION['type'] = $type2;
?>
<script>window.location.href='index.php'</script>
<?php
} else {
if ($username==$user && $pass==$password && $type=='Admin')
{
session_start();
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
$_SESSION['user_id'] = $id;
$_SESSION['type'] = $type;
?>
<script>window.location.href='index.php'</script>
<?php
} else {
if ($username!=$user && $pass!=$password)
{
?>
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
<strong>Error!</strong> Wrong Password/Username.
</div>
<?php
}
}
}
}
}
?>
<!--end of php -->
关于php - (PHP) 使用两个表进行登录查询;其他用户未登录?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49343400/