登錄系統的管理員權限php

Question

<?php session_start(); 

$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 


$conn = mysqli_connect('localhost', 'smithrwg_user', 'password', 'smithrwg_database'); 

$_SESSION['username'] = mysqli_real_escape_string($conn, $_SESSION['username']); 
$query = "SELECT password, salt 
     FROM tbl_mem 
     WHERE username = '" . $_SESSION['username'] . "';"; 

$result = mysqli_query($conn, $query); 


if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. 
{ 
    header('Location: index.php'); 
    echo "not found"; 
    session_destroy(); 
} 



$userData = mysqli_fetch_array($result, MYSQL_ASSOC); 
$hash = hash('sha256', $userData['salt'] . hash('sha256', $_SESSION['password'])); 
if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again. 
{ 
    header('Location: login.html'); 
}else { 
// Redirect to home page after successful login. 


    header('Location: index.php'); 
    $_SESSION['priv'] = $row['priv']; 

} 
?> 

我想設置$ _SESSION ['priv'] =到mysql數據庫表「tbl_mem」priv中的行。但目前它沒有設置任何東西，我真的不知道如何使它做到這一點。

Answer 1

$row未定義，您可能要寫$userData。但是這仍然行不通 - 你還需要編輯你的查詢。

$query = "SELECT password, salt, priv FROM..."; 
//... 
$_SESSION['priv'] = $userData['priv']; 
header('Location: index.php'); 

應該擺在前面header()以確保值是真正分配