0
用戶從他的私人區域發送給我一個更新他自己的等級的請求。 有三種類型的級別,從底部開始依次爲'utente','delegato'和超級用戶。更新字段的'通過並確認'表格
事實上,我已經爲level'utente'和level'delegato'準備了一個頁面,通過填寫一個簡單的表單,他們將名爲upgrade_liv的字段從'no'(默認值)更新爲'si'。
我建立了一個php頁面,我得到這些請求(我是超級用戶,自然);我使用數組構建了它,通過我看到所有在upgrade_liv字段中具有值'si'的用戶。這是形式:
$query_ver_liv_up="SELECT * from utenti WHERE upgrade_liv = 'si' order by id";
$result_ver_liv_up= mysql_query($query_ver_liv_up);
$utente_piu = 'delegato';
$delegato_piu = 'superuser';
// tabella upgrade
echo '<table border="1" width="1260px" style="margin-left:auto; margin-right:auto;">';
echo '<tr bgcolor="#bcc500"><td style="border: black 0px solid" height="30px"><b><center>UPGRADE LIVELLO UTENTI</center></b></td></tr>';
echo '</table>';
echo '<table border="1" width="1260px" style="margin-left:auto; margin-right:auto; margin-top:5px;">';
echo '<form method="post" name="ver_liv_upg_yes">';
echo '<tr bgcolor="#bb6500">';
echo '<td width="100px" style="border: black 1px solid"><center><b>Numero id</center></b></td>';
echo '<td width="300px" style="border: black 1px solid"><center><b>Nome e cognome</b></center></td>';
echo '<td width="120px" style="border: black 1px solid"><center><b>Livello</b></center></td>';
echo '<td width="120px" style="border: black 1px solid"><center><b>Upgrade</b></center></td>';
echo '<td width="180px" style="border: black 1px solid"><center><b>Livello richiesto</b></center></td>';
echo '<td width="120px" style="border: black 1px solid"><center><b>Pass</b></center></td>';
echo '<td width="120px" style="border: black 1px solid"><center><b>Conferma</b></center></td>';
echo '<td width="100px" style="border: black 1px solid"><center><b>Approva</b></center></td>';
echo '<td width="100px" style="border: black 1px solid"><center><b>Nega</b></center></td>';
echo '</tr>';
while($row_ver_liv_up = mysql_fetch_array($result_ver_liv_up))
{
echo '<tr>';
echo '<td style="border: black 1px solid"><center>'.$row_ver_liv_up['id']."</center></td>";
echo '<td style="border: black 1px solid"><center>'.$row_ver_liv_up['nome']." " .$row_ver_liv_up['cognome']."</center></td>";
echo '<td style="border: black 1px solid"><center>'.$row_ver_liv_up['tipo_user']."</center></td>";
echo '<td style="border: black 1px solid"><center>'.$row_ver_liv_up['upgrade_liv']."</center></td>";
echo '<td style="border: black 1px solid"><center>';
if ($row_ver_liv_up['tipo_user'] == 'utente'){
echo $utente_piu;}
if ($row_ver_liv_up['tipo_user'] == "delegato"){
echo $delegato_piu;}
echo '</center></td>';
echo '<td style="border: black 1px solid"><center>
<input name="pass" type="password" id="pass" value="" onfocus="if(this.value==\'pass\') this.value=\'\';" /></center></td>';
echo '<td style="border: black 1px solid"><center>
<input name="conferma" type="password" id="conferma" value="" onfocus="if(this.value==\'conferma\') this.value=\'\';" /></center></td>';
echo '<td style="border: black 1px solid"><center><input style="width: 100px;" name="ver_liv_upg_yes" type="submit" value="Approva" /></center></td>';
echo '<td style="border: black 1px solid"><center><input style="width: 100px;" name="ver_liv_upg_no" type="submit" value="Nega" /></center></td>';
echo '</tr>';
}
echo '</form>';
echo '</table>';
代碼PHP我用的是:
if(isset($_POST['ver_liv_upg_yes']))
{
$pass = (isset($_POST['pass'])) ? trim($_POST['pass']) : '';
$conferma = (isset($_POST['conferma'])) ? trim($_POST['conferma']) : '';
$query = mysql_query("SELECT * FROM utenti WHERE id = '" . $_SESSION['login'] . "' LIMIT 1");
$loggato = $_SESSION['login'];
// Controllo la Password
$pass = $_POST['pass'];
if($pass == ""){echo'Campo password non compilato!<br>'; exit();}
elseif(strlen($pass) < 4 || strlen($pass) > 12)
{echo('Password troppo corta o troppo lunga<br>');exit(); }
// Controllo la conferma della Password
$conferma = $_POST['conferma'];
if($conferma == ""){echo'Campo conferma password non compilato!<br>'; exit();}
elseif(strlen($conferma) < 4 || strlen($conferma) > 12)
{echo('Conferma della password troppo corta o troppo lunga<br>');exit(); }
// Controllo se password e conferma sono uguali
if($pass != $conferma){echo'I campi password e conferma password devono coincidere!<br>';exit();}
$query_pass = mysql_query("SELECT pass FROM utenti WHERE id = '" . $_SESSION['login'] . "' LIMIT 1");
$row_pass = mysql_fetch_array($query_pass);
$pass2 = $row_pass['pass'];
$pass = md5($pass);
// Crypto la password e la confronto con quella nel database
if($pass != $row_pass['pass']){echo('Password errata');exit();}
$query_ver_liv_up = "SELECT * from utenti WHERE upgrade_liv = 'si' ";
$result_ver_liv_up = mysql_query($query_ver_liv_up);
$row_ver_liv_up = mysql_fetch_array($result_ver_liv_up);
// Se ha trovato un record
if(mysql_num_rows($query) == 1)
{
// prelevo l'id dal database
$login = mysql_fetch_array($query);
// preparo la query di aggiornamento
$query_mod2 = "UPDATE utenti SET upgrade_liv = 'no', tipo_user ='delegato' WHERE id = '" . $row_ver_liv_up['id']. "' ";
// invio la query
$result = mysql_query($query_mod2);
{header('Location: privata.php'); exit; }
}
}
想我只有兩個用戶,他們想改變自己的水平:如果我插入通,並確認在 第一行,它顯示回聲'坎波密碼非compilato'(傳遞不填充),但如果我插入他們在第二行,(在我發佈的圖像,你可以看到第二行的用戶玩具故事),我的PHP代碼更改數據庫用戶peppa豬的領域!
該怎麼辦才能解決呢?我的代碼錯在哪裏?
