基于用户角色的登录始终重定向到同一页面
[英]User-role based login always redirect to the same page
问题描述
I want to redirect users to different page based on their role using PHP. 
我想根据用户使用PHP的角色将其重定向到其他页面。 But, the problem is, whoever the user, they'll always redirected to the same page (page where the first if-statement referred). 但是,问题是,无论用户是谁,他们总是将重定向到同一页面(第一个if语句所引用的页面)。
here's the code 这是代码
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT * FROM user WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = isset($row['active']);
$count = mysqli_num_rows($result);
$role = isset($row['role']);
if($role == 'admin'){
$link = 'admin.php';
}
elseif($role == 'user'){
$link = 'user.php';
}
elseif($role == 'expert'){
$link = 'expert.php';
}
else{
$link = '404.php';
}
if($count == 1) {
$_SESSION['username'] = $myusername;
header("Location: ".$link."");
exit();
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>
So, if i replace admin.php on the first if statement with another page, the users will be redirected there. 因此,如果我用另一个页面替换第一个if语句上的admin.php,用户将被重定向到该页面。 I've followed solutions from different case, but it didnt work. 我已经从不同的案例中遵循了解决方案,但是没有成功。
1 个解决方案
解决方案1
2 已采纳 2016-08-20 15:21:42
This line 这条线
$role = isset($row['role']);
Sets $role to true or possibly false but it definitely does not set it to the contents of $row['role'] 将$role设置$role true或可能为false但绝对不会将其设置为$row['role']
I would suggest removing that line completely it is not necessary as your if/elseif/else covers all the possible options quite nicely. 我建议您完全删除该行,因为您的if / elseif / else很好地涵盖了所有可能的选项。
It is also totally unnecesary to move a value from the $row array into a scalar variable so this would be simpler 将值从$row数组移到标量变量中也是完全不必要的,这样会更简单
//$role = isset($row['role']);
if($row['role'] == 'admin'){
$link = 'admin.php';
} elseif($row['role'] == 'user'){
$link = 'user.php';
} elseif($row['role'] == 'expert'){
$link = 'expert.php';
} else{
$link = '404.php';
}
Unfortunately I have to mention that: Your script is at risk of SQL Injection Attack Have a look at what happened to Little Bobby Tables Even if you are escaping inputs, its not safe!
It is also very dangerous storing plain text password on your database.
password_hash()andpassword_verify()please use them.password_hash()和password_verify()请使用它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.