doukekui0914 2018-09-28 02:34
浏览 25

检查用户权限

I want to check a user if they have permission to view the site during the login process via a manual set value in MySQL.

How would I insert that check into this code:

include 'dbh.inc.php';

$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

//Error handlers
//check if inputs are empty
if (empty($uid) || empty($pwd)) {
    header("Location: ../index.php?login=empty");
    exit();
} else {
    $sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
    $result = mysqli_query($conn, $sql);
    $resultCheck = mysqli_num_rows($result);
    if ($resultCheck < 1) {
        header("Location: ../index.php?login=error");
        exit();
    } else {
        if ($row = mysqli_fetch_assoc($result)) {
            //de-hash pass
            $hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
            if ($hashedPwdCheck == false) {
                header("Location: ../index.php?login=error");
                exit();
            } elseif ($hashedPwdCheck == true) {
                //log in user here
                $_SESSION['u_id'] = $row['user_id'];
                $_SESSION['u_first'] = $row['user_first'];
                $_SESSION['u_last'] = $row['user_last'];
                $_SESSION['u_email'] = $row['user_email'];
                $_SESSION['u_uid'] = $row['user_uid'];
                header("Location: ../index.php?login=success");
                exit();
            }
        }
    }
}
  • 写回答

1条回答 默认 最新

  • doujia4619 2018-09-28 02:51
    关注

    You have pretty much everything done already. But your question not clear enough. Do you want to block the user from login or only allow limited access to certain pages for the user ? 

    if ($hashedPwdCheck == false) {
 header("Location: ../index.php?login=error");
 exit();
} elseif ($hashedPwdCheck == true) {
 if($row['user_can_login']){ 
  //log in user here
  $_SESSION['u_id'] = $row['user_id'];
  $_SESSION['u_first'] = $row['user_first'];
  $_SESSION['u_last'] = $row['user_last'];
  $_SESSION['u_email'] = $row['user_email'];
  $_SESSION['u_uid'] = $row['user_uid'];
  header("Location: ../index.php?login=success");
  exit();
 }else{
  header("Location: ../index.php?login=error");
  exit();
 }
}

    This is to block existing user from login.

    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。