管理员登录用户帐户

I have a pretty simple login script which does as you would expect and checks for a match in the database between an Email and Password combination. Although I am wondering if there is a way that I could edit this script so an Administrator could use a users email like such:

user@hotmail.com

And a master password or something:

master123

To access any account on the system? Here is my current script:

<?
session_start();
    require_once("system/db.php");

    if($_POST['submit']){

    $email_address = $conn->real_escape_string($_POST['email_address']);
    $password = md5($_POST['password']);
    $stay_logged_in = $_POST['stay_logged_in'];


 if (empty($email_address) === true || empty($password) === true) {
     header('Location: login.php?loginerror=3');    
 } else {

    $sql1 = "SELECT * from ap_users WHERE email_address = '{$email_address}' LIMIT 1";
    $result1 = $conn->query($sql1);
    if (!$result1->num_rows == 1) {
        header('Location: login.php?loginerror=4');
    } else {


    $sql2 = "SELECT * from ap_users WHERE email_address = '{$email_address}' AND blocked='0' LIMIT 1";
    $result2 = $conn->query($sql2);
    if (!$result2->num_rows == 1) {
        header('Location: login.php?loginerror=6');
    } else {


    $sql = "SELECT * from ap_users WHERE email_address = '{$email_address}' AND password = '{$password}' LIMIT 1";
    $result = $conn->query($sql);
    if (!$result->num_rows == 1) {
        header('Location: login.php?loginerror=2');
    } else {

        mysqli_query($conn, "UPDATE ap_users SET last_login = NOW() WHERE email_address = '{$email_address}'");

        if($stay_logged_in == 1){
            setcookie("email_address", $email_address, time()+31556926 ,'/');
        } else {
            setcookie("email_address", $email_address);
        }




$length = 76;
$randomString = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
$hash = md5($randomString);
mysqli_query($conn, "UPDATE ap_users SET login_hash = '{$hash}' WHERE email_address = '{$email_address}'");
if($stay_logged_in == 1){
setcookie("hash", $randomString, time()+31556926 ,'/');
} else {
setcookie("hash", $randomString);   
}
    $value = 'yes';
    if($stay_logged_in == 1){
    setcookie("login", $value, time()+31556926 ,'/');
    } else {
    setcookie("login", $value); 
    }
    header('Location: check_gateway.php');

    } 
    }
    }
    }
    }
?>

I have tried adding:

if($_POST['password'] != 'master123'){

$sql = "SELECT * from ap_users WHERE email_address = '{$email_address}' AND password = '{$password}' LIMIT 1";
    $result = $conn->query($sql);
    if (!$result->num_rows == 1) {
        header('Location: login.php?loginerror=2');
    } else {

} else if($_POST['password'] == 'master123'){

Which didn't quite do the job? Any ideas ?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanqinbi9029 2016-02-06 10:33
关注
create a master_passowrd column in user table than do a query like that.

select * from user where `email` = '$email' AND (`password` = '$password' or `master_passowrd` = '$password')
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

管理员登录用户帐户 php
2016-02-06 10:19

回答 2 已采纳 create a master_passowrd column in user table than do a query like that. select * from user where
不小心删除了电脑上的管理员帐户怎么办怎么恢复帮助专区用户咨询
2023-03-11 00:33

回答 2 已采纳重装系统就行了
PHP注册允许管理员创建帐户[关闭] mysql php
2013-10-28 17:13

回答 1 已采纳 You could add a boolean field "group_admin" in the table where these users are stored to control i
php判断用户和管理员,php – 检查用户是否是root用户
2021-04-22 17:59

Nohing的博客老派的方式,系统管理员用uid 0创建多个帐户,而我 – 我当然不是一个人 – 认为这是一场噩梦.在这种情况下,您可以使用posix_getpwnam检查列表中的所有用户,并查看他们的uid是否匹配0.以下代码片段就是这样,$...
OctoberCMS未找到管理员帐户“空后端用户” mysql php
2015-03-26 05:12

回答 1 已采纳 One solution is that you can delete all your tables from database(if you don't have critical data
PHP，Active Directory，用户帐户控制 php
2014-02-11 09:48

回答 4 已采纳 Came upon the same situation today and it is more concise with: $flag_to_find = 530; $flags = arr
阻止2个用户登录同一帐户 php
2016-12-04 20:13

回答 1 已采纳 Let's assume that duration of your session is 15 minutes. Just in case. You have no db access. I
php区分普通用户和管理员,php – 为不同的Web用户(管理员,客户)提供不同的菜单视图以创建新帐户...
2021-04-13 12:34

诚哥馨姐的博客创建新帐户时,我希望管理员看到制作其他管理员或客户的选项.我希望客户只看到客户选项.我正在使用PHP.这是我尝试过的：foreach ($types as $type) {if (!isset($_SESSION['user_id'])) { //Anyone on the web can ...
PHP-登录帐户工作 php
2016-03-21 16:39

回答 2 已采纳 Do you intend window.open('./customer/Cus_Account.php'.'_self') to be window.open('./customer/Cus_
Google Analytics报告Api - PHP：添加用户帐户 php
2017-02-24 14:02

回答 1 已采纳 First of all, make sure to grab refresh token by settings access type to offline. Then Create a se
PHP LDAP绑定AD与服务器的用户帐户 php
2014-07-30 14:11

回答 1 已采纳 As you run it from server itself, and you just want to read I would try to use : ... if(ldap_bind
php区分管理员和普通用户,允许管理员用户查看/查看其他用户类型吗？ - php
2021-04-28 05:05

weixin_39700215的博客 管理员以管理员身份登录时，我可以在表中看到用户列表例，用户A用户B用户C更多 …目标：我想查看在单击列表中的一个用户时看到的客户。我无法解决这个问题。海事组织Auth::user()->type在这种情况下可以工作吗？...
PHP用户帐户激活检查不起作用 mysql php
2013-08-04 15:38

回答 2 已采纳 Try this: $result = mysqli_query($connection, "SELECT COUNT(`ID`) AS count FROM users WHERE usern
ldap-user-manager:一个基于PHP Web的界面，用于LDAP用户帐户管理和自助密码更改
2021-05-14 11:08

设置向导：这将创建必要的结构以允许您添加用户和组，并将设置可以登录用户管理器的初始admin用户。组创建和管理。用户帐户的创建和管理。（可选）向用户发送电子邮件，告知他们新的或更新的帐户凭据。安全...
confirm-user-registration:激活用户帐户后才能登录
2021-05-10 12:20

验证用户：激活用户帐户阻止用户：停用用户帐户选项：更改某些设置经常问的问题会创建任何新的数据库表吗？不，它不会创建任何新表。插件使用用户元数据和选项表是否有任何语言文件？是的，它可以完全翻译。 ...
没有解决我的问题, 去提问

悬赏问题

¥15 Vue3 大型图片数据拖动排序
¥15 划分vlan后不通了
¥15 GDI处理通道视频时总是带有白色锯齿
¥20 用雷电模拟器安装百达屋apk一直闪退
¥15 算能科技20240506咨询（拒绝大模型回答）
¥15 自适应 AR 模型参数估计Matlab程序
¥100 角动量包络面如何用MATLAB绘制
¥15 merge函数占用内存过大
¥15 使用EMD去噪处理RML2016数据集时候的原理
¥15 神经网络预测均方误差很小但是图像上看着差别太大

管理员登录用户帐户

2条回答 默认 最新

悬赏问题

2条回答默认最新