使用Access用户级别登录PHP
[英]PHP Login with Access user Level
问题描述
i want to login page with access user level and with status (if user is active or Not) check.php page 
我想使用访问用户级别和状态(如果用户处于活动状态或非活动状态)登录页面check.php页面
<?php
require_once("db.php");
function check_input($r){
$r=trim($r);
$r=strip_tags($r);
$r=stripslashes($r);
return $r;
}
function get_salt($uid){
$db=get_db();
$stmt=$db->prepare("SELECT salt FROM login_details WHERE emp_id=?");
$stmt->execute(array($uid));
$r=$stmt->fetch(PDO::FETCH_ASSOC);
return $r['salt'];
}
if (isset($_POST['uname'],$_POST['pwd'])){
$u=check_input($_POST['uname']);
$p=check_input($_POST['pwd']);
$saltedpassword=md5(get_salt($uid).$p);
try{
$db=get_db();
$stmt=$db->prepare("SELECT * FROM login_details WHERE emp_id=? && password=?");
$stmt->execute(array($u,$saltedpassword));
$r=$stmt->fetch(PDO::FETCH_ASSOC);
if($r){
if($r['status']=='1'){
session_start();
$access_level=$r['access_level'];
$_SESSION['emp_id']=$r['emp_id'];
$_SESSION['access_level']=$access_level;
if ($access_level==0){
header("Location:emppages/");
}
if($access_level==1){
header("Location:hrpages/");
}
if($access_level==2){
header("Location:adpages/");
}
}else{
header("Location:index.php?err=1");
}
}
}catch(PDOException $e){
die("Database error: ".$e->getMessage());
}
}else{
header("Location:index.php");
}
?>
my code is working correct when user enter correct password but if user enter wrong password is not working its stuck on check.php page.please correct my code if there is an error 当用户输入正确的密码时我的代码工作正确,但是如果用户输入错误的密码不起作用,则卡在check.php页面上。如果出现错误,请更正我的代码
2 个解决方案
解决方案1
0 2018-08-07 09:33:21
I think you need to move the else outside if ($r['status']=='1') block. 我认为您需要将else移到if($ r ['status'] =='1')块之外。
if($r){
if($r['status']=='1'){
session_start();
$access_level=$r['access_level'];
$_SESSION['emp_id']=$r['emp_id'];
$_SESSION['access_level']=$access_level;
if ($access_level==0){
header("Location:emppages/");
}
if($access_level==1){
header("Location:hrpages/");
}
if($access_level==2){
header("Location:adpages/");
}
}
else{
header("Location:index.php?err=4");
}
} else{
header("Location:index.php?err=1");
}
解决方案2
0 2018-08-07 09:47:34
Some things to consider. 一些事情要考虑。 Not a direct answer to the problem, but it will help you clean things out and most likely fix your problem or make it easier to find. 这不是直接解决问题的方法,但是它将帮助您清除问题,最有可能解决您的问题或使其更容易找到。
It's good practice to exit after doing a header redirect (and some times absolutely needed) 进行标头重定向后退出是一种很好的做法(有时是绝对必要的)
header("Location: /something");
exit;
Why not use PHP's password_hash()/password_verify ? 为什么不使用PHP的password_hash()/ password_verify? Much more easy. 容易得多。
Create user : 创建用户 :
$username = isset($_POST['username']) ? trim($_POST['username']) : null;
$password = isset($_POST['password']) ? trim($_POST['password']) : null;
if(!empty($username) && !empty($password)){
$hash = password_hash($password, PASSWORD_DEFAULT);
// Store in Database etc...
}
Login user: 登录用户:
$username = isset($_POST['username']) ? trim($_POST['username']) : null;
$password = isset($_POST['password']) ? trim($_POST['password']) : null;
if(!empty($username) && !empty($password)){
// Do DB query getting the username's password
$hashedPassword = $QueryResult->password;
if(password_verify($password, $hashedPassword){
// Success - check user level and status etc
}else{
// Failed
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.