douyan1453 2014-04-07 22:02
浏览 30

PHP登录客户和管理员

I am trying to develop a login system where both a customer and admin can login. The customer will be sent back to the index and the admin will be sent to a control panel. I have a user table in my database. Here a have level which defines the users; customer level = 1 and admin level = 0.

I am reletavily new to PHP and have been searching the internet for answers. I have found two versions of what i need. I'm not 100% sure they are correct and which is the best to use.

Example 1:

//indicate that sessions are to be used or started

session_start();


 // Define $myusername and $mypassword from the form

$myusername=$_POST['myusername']; 

$mypassword=$_POST['mypassword']; 

// Query

$result= $dbh->query("SELECT * FROM users WHERE username='$myusername' AND password='$mypassword';");

// Mysql_num_row is counting table row

$count = $result->rowCount();

// Determine if user is "user" or "admin"

$userlevel =  mysqli_query($con,"SELECT level FROM users WHERE username='$myusername';");
$level = mysql_fetch_row($userlevel);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1) {

// Start session, register $myusername, $mypassword and redirect to login_success.php

session_start();
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
$_SESSION['level'] = $level;

// Redirect to appropriate page depending on user rights. Indicator 0 for user, 1 for admin.

if($_SESSION['level'] == 0)
{
    //Admin Login
    header("location:../php/admin.php"); 

}
 if ($_SESSION['level']) == 1)

 {
//Customer login

    header("location:../login_success.php");
    }

//flush the output buffer

ob_end_flush();
?>

Example 2:

// Define $myusername and $mypassword from the form
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 



$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword' and level== '0'";

if($count==1){
  $_SESSION["username"] = $username;
  $_SESSION["password"] = $password;
  $info = mysql_fetch_array($result);
  if ($info['level'] == 0) {
        header("location:../php/admin.php");
    }
    else
        header("location:../index.html");
    }
}
else {
    echo "Incorrect password";
}
?>

Any help will be much appreciated.

  • 写回答

2条回答 默认 最新

  • duanjiyun7391 2014-04-07 22:13
    关注

    Both lots of code work in the same way. The second code block looks a lot cleaner.

    Though, there is other problems, your query has 0 protection from injection. And these days it's good practice to use PDO for database connections.

    http://au2.php.net/manual/en/class.pdo.php

    Also, while the headers are fine, you need to check on the admin page to make sure they are an administrator. And make sure to Hash their password and compare against the hash. Also don't store the password in the session.

    http://us2.php.net/manual/en/function.hash.php

    评论

报告相同问题?

悬赏问题

  • ¥15 matlab中使用gurobi时报错
  • ¥15 WPF 大屏看板表格背景图片设置
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂