1. 首頁
  2. 問答
  3. mysql檢查賬戶類型,看看是否管理員登錄

mysql檢查賬戶類型,看看是否管理員登錄

2013-08-21 109 views
0

嗨在我的腳本我有它登錄用戶,但我想讓腳本也檢查用戶是否是管理員通過查看如果account_type是a,b,c賬戶類型「C」是管理,我想它在你的while循環應該這樣做管理員重定向到管理頁面...mysql檢查賬戶類型,看看是否管理員登錄

<?php // Start Session to enable creating the session variables below when they log in 

// Force script errors and warnings to show on page in case php.ini file is set to not display them 
error_reporting(E_ALL); 
ini_set('display_errors', '1'); 

include_once("security/checkuserlog.php"); 
if (isset($_SESSION['idx'])) { 

echo '<script language="Javascript">'; 
echo 'window.location="home.php"'; 
echo '</script>'; 
} 
//----------------------------------------------------------------------------------------------------------------------------------- 
// Initialize some vars 
$errorMsg = ''; 
$username = ''; 
$pass = ''; 
$remember = ''; 
if (isset($_POST['username'])) { 

    $username = $_POST['username']; 
    $pass = $_POST['pass']; 
    if (isset($_POST['remember'])) { 
     $remember = $_POST['remember']; 
    } 
    $username = stripslashes($username); 
    $pass = stripslashes($pass); 
    $username = strip_tags($username); 
    $pass = strip_tags($pass); 

    // error handling conditional checks go here 
    if ((!$username) || (!$pass)) { 

     $errorMsg = '<font color="red">Please fill in both fields</font>'; 

    } else { // Error handling is complete so process the info if no errors 
     include 'connect_to_mysql.php'; // Connect to the database 
     $username = mysql_real_escape_string($username); // After we connect, we secure the string before adding to query 
     //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query 
     $pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it 
     // Make the SQL query 
     $sql = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$pass'"); 
     $login_check = mysql_num_rows($sql); 
     // If login check number is greater than 0 (meaning they do exist and are activated) 
     if($login_check > 0){ 
       while($row = mysql_fetch_array($sql)){ 


        // Create session var for their raw id 
        $id = $row["id"]; 
        $_SESSION['id'] = $id; 
        // Create the idx session var 
        $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id"); 

        $username = $row["username"]; 
        $_SESSION['username'] = $username; 



       } // close while 

       // Remember Me Section 


       // All good they are logged in, send them to homepage then exit script 
       header("location: home.php"); 
       exit(); 

     } else { // Run this code if login_check is equal to 0 meaning they do not exist 
      $errorMsg = '<font color="red">The Username And Password did not match.</font>'; 
     } 


    } // Close else after error checks 

} //Close if (isset ($_POST['uname'])){ 
?>

來源

2013-08-21 Glenn

+1

看看PHP中的MySQLi擴展 - 還有很多附帶的老mysql_ *函數壞事。另外,爲了安全起見,您應該使用'md5'哈希值。 – phatskat

回答

1

if ($row["account_type"] == "c") { header("Location: admin.php"); };

這將基本上將「位置」標題設置爲「admin.php」或任何你想要的管理頁面,但是不要忘記檢查你的管理頁面,如果用戶實際登錄,以避免用戶簡單地去手動轉換爲「admin.php」並繞過權限檢查。

來源

2013-08-21 03:04:17

0 
$account_type= $row["account_type"]; 
$_SESSION['account_type'] = $account_type;

然後換header("location: home.php");

if($account_type=='admin') 
{ 
    header("location: adminpanel.php"); 
} 
else 
{ 
    header("location: home.php"); 
}

來源

2013-08-21 03:11:48 n3ISe

相關問題

 相關問題