dplo59755 2016-02-06 10:19
浏览 119
已采纳

管理员登录用户帐户

I have a pretty simple login script which does as you would expect and checks for a match in the database between an Email and Password combination. Although I am wondering if there is a way that I could edit this script so an Administrator could use a users email like such:

user@hotmail.com

And a master password or something:

master123

To access any account on the system? Here is my current script:

<?
session_start();
    require_once("system/db.php");

    if($_POST['submit']){

    $email_address = $conn->real_escape_string($_POST['email_address']);
    $password = md5($_POST['password']);
    $stay_logged_in = $_POST['stay_logged_in'];


 if (empty($email_address) === true || empty($password) === true) {
     header('Location: login.php?loginerror=3');    
 } else {

    $sql1 = "SELECT * from ap_users WHERE email_address = '{$email_address}' LIMIT 1";
    $result1 = $conn->query($sql1);
    if (!$result1->num_rows == 1) {
        header('Location: login.php?loginerror=4');
    } else {


    $sql2 = "SELECT * from ap_users WHERE email_address = '{$email_address}' AND blocked='0' LIMIT 1";
    $result2 = $conn->query($sql2);
    if (!$result2->num_rows == 1) {
        header('Location: login.php?loginerror=6');
    } else {


    $sql = "SELECT * from ap_users WHERE email_address = '{$email_address}' AND password = '{$password}' LIMIT 1";
    $result = $conn->query($sql);
    if (!$result->num_rows == 1) {
        header('Location: login.php?loginerror=2');
    } else {

        mysqli_query($conn, "UPDATE ap_users SET last_login = NOW() WHERE email_address = '{$email_address}'");

        if($stay_logged_in == 1){
            setcookie("email_address", $email_address, time()+31556926 ,'/');
        } else {
            setcookie("email_address", $email_address);
        }




$length = 76;
$randomString = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
$hash = md5($randomString);
mysqli_query($conn, "UPDATE ap_users SET login_hash = '{$hash}' WHERE email_address = '{$email_address}'");
if($stay_logged_in == 1){
setcookie("hash", $randomString, time()+31556926 ,'/');
} else {
setcookie("hash", $randomString);   
}
    $value = 'yes';
    if($stay_logged_in == 1){
    setcookie("login", $value, time()+31556926 ,'/');
    } else {
    setcookie("login", $value); 
    }
    header('Location: check_gateway.php');

    } 
    }
    }
    }
    }
?>

I have tried adding:

if($_POST['password'] != 'master123'){

$sql = "SELECT * from ap_users WHERE email_address = '{$email_address}' AND password = '{$password}' LIMIT 1";
    $result = $conn->query($sql);
    if (!$result->num_rows == 1) {
        header('Location: login.php?loginerror=2');
    } else {

} else if($_POST['password'] == 'master123'){

Which didn't quite do the job? Any ideas ?

  • 写回答

2条回答 默认 最新

  • duanqinbi9029 2016-02-06 10:33
    关注

    create a master_passowrd column in user table than do a query like that.

    select * from user where `email` = '$email' AND (`password` = '$password' or `master_passowrd` = '$password')
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 为什么使用javacv转封装rtsp为rtmp时出现如下问题:[h264 @ 000000004faf7500]no frame?
  • ¥15 乘性高斯噪声在深度学习网络中的应用
  • ¥15 运筹学排序问题中的在线排序
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛