du970294 2015-10-08 16:02
浏览 39
已采纳

检查是否用户,然后检查是否成员

So I'm checking whether the person accessing the page is a user then redirecting them to the signup page if they're not.

Then I'm checking whether the user is a member ( paid subscription ) if not then redirect to the user page.

The redirecting for the non users work But with the code below, noone can get access to the membership page because of the is_member check

<?php
error_reporting(0);
session_start();
include('connect.php');
ob_start();

if(!isset($_SESSION['username']))
{
    header("**********");
}
else
{
    $username =$_SESSION['username']  ;
}
$check = $mysqli->query("SELECT is_Member FROM users WHERE username = $username");
$row = mysql_fetch_assoc($check);
$isMember = $row['is_member'];
if ($isMember == 0){
    header("*************");
}

is_member is either a 1 or a 0: 1 meaning they are a member

Connect file:

<?php
$servername = "*****";
$user = "*****";
$password = "*****";
$dbname = "******";

$mysqli = new mysqli($servername, $user, $password, $dbname); //used to connect to the database

if ($mysqli->connect_error) {
     die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
?>
  • 写回答

2条回答 默认 最新

  • doutu4335 2015-10-08 16:22
    关注

    This

    WHERE username = $username");

    If the variable is a string (i.e.: "john", then it should be wrapped in quotes:

    WHERE username = '$username'");

    Then you're using a mysql_ function mysql_fetch_assoc which does not intermix with any other MySQL API than its own.

    It must read as mysqli_fetch_assoc with the added i for the function.

    Consult these following links http://php.net/manual/en/mysqli.error.php and http://php.net/manual/en/function.error-reporting.php and apply that to your code.

    You should also add exit; after each header, otherwise you code may want to continue executing.

    Another thing; your code is prone to an SQL injection. It's best that you use a prepared statement.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度