dpmrakfbx820320638 2016-03-25 18:42
浏览 50
已采纳

使用PHP将用户名和密码与HTML下拉列表相匹配

I have a MySQL database called school that is set up like this: schoolID(1), schoolName(school 1), schoolCounty(Buckinghamshire), schoolUsername(school1admin), schoolPassword(school1password)

I currently have a drop down menu that shows the list of schools and when I type any username and password into the HTML login form I can log in.

I can't seem to work out how I can set it so, depending on the school selection will depend on what username and password to use.

For example, if i select school1 then i can ONLY use school1's username and password.

This is what I have so far for index.php:

<?php

require_once 'databaseConnect.php';  // connects to the databse via this file
if ($conn->connect_error) die ($conn->connect_error); // check the connection to the database. If failed, display error


$sql = "SELECT * FROM school";
$result = $conn->query($sql);


$conn->close();
?>  


<html>
    <body>
        <title>EduKode</title>




       <div id="login-form-container">
           <p>Log In:</p>

<?php
echo'<div id="schoolSelection">';
echo '<select name="schoolName">';
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo '<option>'. $row["schoolName"].  "<br>";
}
} else {
echo "0 results";
}
echo '</select>';

echo'</div>';

//http://stackoverflow.com/questions/10009464/fetching-data-from-mysql-database-to-html-dropdown-list
?>

                <form id="login-form" name="contactform" method="post" action="checkSchoolCredentials.php"> <!-- when submitting the form will call the 'authenticate.php' script.-->
                    <div class="contact-form">

                        <label>Username:</label>
                        <input name="username" type="text"> <!-- students created username field-->

                        <label>Password:</label>
                        <input name="password" type="password"> <!-- students created password field-->
                    </div>
                        <div id="submit-button">
                            <input type="submit" name="submit" value="Log In">
                        </div>
                </form>
        </div>

    </body>
</html>

This is for checkSchoolCredentials.php:

<?php
require_once 'databaseConnect.php';  // connects to the databse via this file
if ($conn->connect_error) die ($conn->connect_error); // check the connection to the database. If failed, display error


if(isset($_POST['submit'])) // if submit button is pressed
{
    $username = $_POST['username']; //assigns the value of the input box username to $username
    $password = $_POST['password']; //assigns the value of the input box password to $password

    $query = "SELECT * FROM school WHERE schoolUsername='$username' AND schoolPassword ='$password'"; // Query the database 


    $result=mysqli_query($conn, $query);
    if(mysqli_num_rows($result) ==1)
    {
        session_start(); // start session 
        $_SESSION['auth']='true';
        $_SESSION['username'] = $username; // save session as username
        header('location:taskSelection.php'); // if correct, redirect to taskSelection.php

    }
    else
    {
        header('location:index.php'); // redirect to index.html if incorrect


    }

}


$conn->close();

?>
  • 写回答

2条回答 默认 最新

  • dongzhenqi2015 2016-03-25 18:51
    关注

    You were close, what you have to is to send also the schoolname and check if all variable are set:

    if (isset($POST['username'],$POST['userpassword'],$POST['schoolName'])

    And then just replace :

    $query = "SELECT * FROM school WHERE schoolUsername='$username' AND schoolPassword ='$password'"; // Query the database

    with :

    $query = "SELECT * FROM school WHERE schoolUsername='$username' AND schoolPassword ='$password' AND schoolName='$schoolName'"; //

    Now you have to now know that my query is still bad because it's vulnerable to sql injection. You have to use prepare statements instead:

     $sql = "SELECT * FROM school WHERE schoolUsername=? AND schoolPassword = ? AND schoolName=?"; 
 if ($query = $conn->prepare($sql)){
   $query->bind_param("s", $username,$password,$schoolName);
   $stmt->bind_result($result);
   while($stmt->fetch()){
    // you can work with $result which is an array containing a line of the results 
    }
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器