drlma06060
2016-07-18 19:55
浏览 35
已采纳

坚持等级检查消息的“if”[关闭]

I am busy on a login script but i am stuck at the moment with the php code "if" line.

I want to give the rank check a own message that the user isn't allowed because he hasn't the right rank for the admin login. At this moment it gives the message of wrong username or password.

My code:

<?php
session_start();
include_once 'dbconnect.php';

if(isset($_SESSION['userSession']))
{
header("Location: home.php");
exit;
}

if(isset($_POST['btn-login']))
{
$email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
$upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));

$query = $MySQLi_CON->query("SELECT user_id, user_email, user_pass, user_rank FROM users WHERE user_email='$email'");
$row=$query->fetch_array();
if(password_verify($upass, $row['user_pass']) && ($row['user_rank'] == '2'))
{
    $_SESSION['userSession'] = $row['user_id'];
    header("Location: home.php");
}
else
{
    $msg = "<div class='alert alert-danger'>
                <span class='glyphicon glyphicon-info-sign'></span> &nbsp; email or password does not exists!
            </div>";
}

$MySQLi_CON->close();

}
?>

I am a little bit new with PHP still.

图片转代码服务由CSDN问答提供 功能建议

我正忙于登录脚本,但我现在卡住了php代码“if”行。

我想给排名检查一个自己的消息,即用户不被允许,因为他没有正确的管理员登录等级。 此时它会显示错误用户名或密码的消息。

我的代码:

 &lt;?php 
session_start();  
include_once'dbconnect.php'; 
 
if(isset($ _ SESSION ['userSession']))
 {
header(“Location:home.php”); 
exit; 
} 
 
if(  isset($ _ POST ['btn-login']))
 {
 $ email = $ MySQLi_CON-&gt; real_escape_string(trim($ _ POST ['user_email'])); 
 $ upass = $ MySQLi_CON-&gt;  real_escape_string(trim($ _ POST ['password'])); 
 
 $ query = $ MySQLi_CON-&gt; query(“SELECT user_id,user_email,user_pass,user_rank FROM users WHERE user_email ='$ email'”); \  n $ row = $ query-&gt; fetch_array(); 
if(password_verify($ upass,$ row ['user_pass'])&amp;&amp;($ row ['user_rank'] =='2'))
  {
 $ _SESSION ['userSession'] = $ row ['user_id']; 
 header(“Location:home.php”); 
} 
else 
 {
 $ msg =“&lt; div class  ='alert alert-danger'&gt; 
&lt; span class ='glyphicon glyphicon-info-sign'&gt;&lt; / span&gt;&amp; nbsp;电子邮件或密码不存在!
&lt; / div&gt;“  ; \ N} 
 
 $的MySQLi_CON-&GT; CL  ose(); 
 
} 
?&gt; 
   
 
 

我还是有点新的PHP。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • duanmaduan1848 2016-07-18 20:04
    已采纳

    Just add an if-Statement in the password check if-Statement in order to check only the rank when the password matches.

    if(isset($_SESSION['userSession']))
    {
        header("Location: home.php");
        exit;
    }
    
    if(isset($_POST['btn-login']))
    {
        $email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
        $upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));
        $query = $MySQLi_CON->query("SELECT user_id, user_email, user_pass, user_rank FROM users WHERE user_email='$email'");
        $row = $query->fetch_array();
    
        if(password_verify($upass, $row['user_pass']))
        {
            if($row['user_rank'] == '2'){
                $_SESSION['userSession'] = $row['user_id'];
                header("Location: home.php");
            } else {
                echo "You need a higher rank";
            }
        }
        else
        {
            $msg = "<div class='alert alert-danger'>
                        <span class='glyphicon glyphicon-info-sign'></span> &nbsp; email or password does not exists!
                    </div>";
        }
    
        $MySQLi_CON->close();
    }
    ?>
    
    打赏 评论
  • douben1891 2016-07-18 19:58

    Just add an else if stage. You can have as many of those as you want, just don't go overboard.

    if(password_verify(...)) {
       ...
    } else if ($rank != 2) {
       ... wrong rank 
    } else if (...) {
       ...
    } else {
       ...
    }
    
    打赏 评论

相关推荐 更多相似问题