以管理员和普通用户身份登录 [英] login as Admin and normal user
问题描述
database hs_hr_users
user_name user_password is_admin
admin qwe123 Yes
999999 123qwe No
这里我只有普通用户的 checklongin 并且它可以工作.但我需要使用列 is_admin = 'Yes'
here I have checklongin for normal user only and it working. But I need to login as admin using column is_admin = 'Yes'
checklogin.php
checklogin.php
$host="localhost"; // test local
$username="ess_las_admin"; // Mysql username
$password="esslasadmin"; // Mysql password
$db_name="ess_las_admin"; // Database name
$tbl_name="hs_hr_users"; // Table name user
$tbl_name2 ="hs_hr_employee" ; //
$db = mysql_connect($host, $username, $password);
$link = mysql_select_db($db_name,$db);
ob_start();
// Connect to server and select databse.
$link = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = md5(stripslashes($mypassword));
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name a, $tbl_name2 b WHERE a.emp_number=b.emp_number AND a.user_name='$myusername' and a.user_password='$mypassword'
AND (
b.work_station = '14'
OR b.work_station = '1'
OR b.work_station = '15'
OR b.work_station = '16'
OR b.work_station = '17'
OR b.work_station = '18'
OR b.work_station = '19'
OR b.work_station = '20'
OR b.work_station = '21'
OR b.work_station = '22'
OR b.work_station = '23'
OR b.work_station = '24'
OR b.work_station = '25'
OR b.work_station = '27'
OR b.work_station = '28'
)";
$result=mysql_query($sql);
echo $sql;
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;
//session_register("myusername");
//session_register("mypassword");
header("location:dashboard.php");
}
else {
//echo "Wrong Username or Password";
header("Location: login.php?error=1");
}
mysql_close($link);
ob_end_flush();
?>
管理员和普通用户的所有数据都在同一个表中.但是,列 is_admin = Yes/No
区分两者.如果用户以管理员身份登录,将转到 header:location:admin_search.php
这是管理页面.如果用户以普通用户身份登录,将转到header:location:dashboard.php
.
All the data for admin and normal user is in same table. But, column is_admin = Yes/No
that differentiate between both. If user login as admin, will go header:location:admin_search.php
which is admin page. If user login as normal user, will go header:location:dashboard.php
.
推荐答案
可能是这样的:
if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;
$row = mysql_fetch_array($result);
$_SESSION['is_admin'] = $row['is_admin'];
并使用 $_SESSION['is_admin']
做任何你想做的事情.
and do whatever you want with $_SESSION['is_admin']
.
在您的情况下,对于重定向:
In your case, for the redirection :
if ($_SESSION['is_admin']=="Yes") {
header("location:admin_search.php");
} else {
header("location:dashboard.php");
}
还有一个建议,将 $sql="SELECT * FROM...
改为 $sql="SELECT is_admin FROM...
Also another suggestion, change $sql="SELECT * FROM...
to $sql="SELECT is_admin FROM...
但是
警告 警告
MYSQL_ 函数已弃用mysql_*
函数自 PHP 5.5.0 起已弃用,将来会被删除.相反,MySQLi 或 PDO_MySQL 应该使用扩展名.
Warning Warning
MYSQL_ FUNCTIONS ARE DEPRECATED
mysql_*
functions are deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
这篇关于以管理员和普通用户身份登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!