我有一個用戶表,這種結構:檢查用戶是否是admin PHP
ID
用戶名
密碼
經銷商(管理員)
現在我要檢查登錄用戶是否是經銷商,經銷商可以保持0(普通用戶)或1(管理員)的值,但我不知道如何做到這一點(我是PHP新手)。
這是登錄表單:
<form action="index.php?action=login" method="post" style="width: 50%;">
<input type="hidden" name="login" value="true" />
<?php if (isset($results['errorMessage'])) { ?>
<div class="errorMessage"><?php echo $results['errorMessage'] ?></div>
<?php } ?>
<ul>
<li>
<label for="username">Username</label>
<input type="text" name="username" id="username" placeholder="Uw gebruikersnaam" required autofocus maxlength="20" />
</li>
<li>
<label for="password">Password</label>
<input type="password" name="password" id="password" placeholder="Uw wachtwoord" required maxlength="20" />
</li>
</ul>
<div class="buttons">
<input type="submit" name="login" value="Login" />
</div>
</form>
這是登錄功能:
function login() {
$results = array();
$results['pageTitle'] = "Admin Login | Gemeente Urk";
$host = "localhost";
$mysqluser = "root";
$mysqlpass = "usbw";
$db = "wagenpark";
mysql_connect($host, $mysqluser, $mysqlpass);
mysql_select_db($db);
if (isset($_POST['login'])) {
$gebruiker = $_POST['username'];
$wachtwoord = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='".$gebruiker."' AND password='".$wachtwoord."' LIMIT 1";
$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
$_SESSION['username'] = $gebruiker;
header("Location: index.php");
} else {
// Login failed: display an error message to the user
$results['errorMessage'] = "Incorrect username or password. Please try again.";
require(TEMPLATE_PATH . "/admin/loginForm.php");
}
} else {
// User has not posted the login form yet: display the form
require(TEMPLATE_PATH . "/admin/loginForm.php");
}
}
謝謝了。
[您的代碼易受SQL注入影響](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – PeeHaa 2015-02-08 15:02:33