时间戳

首页 > 解决方案 > 管理员用户登录使用 2 个表 PhP

php - 管理员用户登录使用 2 个表 PhP

问题描述

情况是,我需要在不使用下拉菜单或单选按钮的情况下创建具有用户级别的登录名,而且它有两个表,一个供使用,一个供管理员使用。我已经尝试以各种方式创建它,但它仍然没有进入用户页面

这是代码:

<?php
session_start();
include('configure.php');
date_default_timezone_set("Asia/Manila");
$date = date("y/m/d h:i:a");
$usern = $_POST['username'];
$passw = $_POST['password'];
$_SESSION['admin'] = '';
$_SESSION['user'] = '';

$sql = " SELECT * FROM admin WHERE username = '$usern' AND password = '$passw'";
$result = mysqli_query($conn, $sql);
if($result->num_rows > 0){
     while($row = $result->fetch_assoc()){
        if($row['username'] = $usern && $row['password'] = $passw){
            $_SESSION['admin'] = $usern;
            header("location: ../login_admin.php?log=".$_SESSION['admin']);
         }
    }
}else{
    $sql1 = " SELECT * FROM users WHERE username = '$usern' AND password = '$passw'";
    $result1 = mysqli_query($conn, $sql1);
    if($result1->num_rows > 0){
        while($row = $result->fetch_assoc()){
             if($row['username'] = $usern && $row['password'] = $passw){
                    $_SESSION['user'] = $usern;
                    header("location: ../main.php?log=".$_SESSION['user']);
             }else{
                    header("location:  SpaceAdv/index.php");
             }
        }
    }
}
?>

PS configure.php 是与数据库和本地主机的连接,谢谢

标签: phpmysql

解决方案

使用您的架构修复代码

<?php
session_start();
include('configure.php');
date_default_timezone_set("Asia/Manila");
$date = date("y/m/d h:i:a");
$usern = $_POST['username'];
$passw = $_POST['password'];
$_SESSION['admin'] = '';
$_SESSION['user'] = '';

$sql = " SELECT * FROM admin WHERE username = '$usern' AND password = '$passw'";
$result = mysqli_query($conn, $sql);

if ($result->num_rows === 1) {
    //Current user is in Admin table, hence he/she is an admin
    $_SESSION['admin'] = $usern;
    header("location: ../login_admin.php?log=".$_SESSION['admin']);
    exit(0);
} elseif ($result->num_rows > 1) {
      //there should not be more than one rows with same credentials. Two rows with same (username, password), Make username primary key.
      throw new Exception("Multiple entry with same username and password in admin table");
} else {
    //Given credentials are not in admin table, check user table.
    $sql1 = " SELECT * FROM users WHERE username = '$usern' AND password = '$passw'";
    $result1 = mysqli_query($conn, $sql1);
    if ($result->num_rows === 1) {
        $_SESSION['user'] = $usern;
        header("location: ../main.php?log=".$_SESSION['user']);
    } elseif ($result->num_rows > 1) {
        throw new Exception("Multiple entry with same username and password in user table");
    }
    else {
        //Nither in User nor in admin table
        header("location:  SpaceAdv/index.php");
    }


}

?>

推荐的方法

请阅读一些关于基于角色的访问控制的文章。下面是一篇关于如何实现相同功能的精彩文章。

https://www.sitepoint.com/role-based-access-control-in-php/

推荐阅读