stackoom
  简体   繁体   中英

Problems with a PHP login for Admin

 原文  2015-10-23 02:12:41       php/ html/ mysql

Question

I am having an issue with my code, my login works perfectly but I want it to show a list of users registered to the website from the mysql database when I login as admin@admin.com for my credentials. My code shows a list of users registered for the website but it shows it for every person that logs in now instead of just the admin. Could anyone see what I am missing? Thank you. Code below. 

    <?php
session_start();


$mysql_hostname = 'localhost';
$mysql_user = 'username';
$mysql_password = 'password';
$mysql_database = 'db_users2015';

$connect = mysql_connect($mysql_hostname, $mysql_user, $mysql_password)
or die ("Couldn't connect");

echo "<BR>Connection Successful";

  //to put data into database
  //select database
  $db_selected= mysql_select_db($mysql_database, $connect) 
  or die ("Couldn't connect to the database");

//frontend and backend data processing
  $email= $_POST['email'];
  $password= $_POST['password'];


//to check for admin

$sql= "SELECT * FROM users WHERE email= 'admin@admin.com' and password= 'password'";
$sql_result = mysql_query($sql);
  {echo
  $query = mysql_query("SELECT email FROM users");
  echo '<table>';
while($rowtwo = mysql_fetch_array($query)){
  echo '<tr>
        <td>' .$rowtwo['email'].'</td>
        </tr>';
}
echo '</table>';
} 



//To see if email is registered
$sql = "SELECT COUNT(*) FROM users WHERE email= '{$_POST['email']}'";
$sql_result = mysql_query($sql);
if (mysql_result($sql_result, 0)<1)
 {
die("<BR>Email address not found");
}

else{
    echo "Login Successful!";
}



//To check if email and password match

$result = mysql_query("SELECT * FROM users WHERE email = '$email' AND 
password ='$password' LIMIT 1");

if(mysql_num_rows($result) > 0){
  $row = mysql_fetch_array($result, MYSQL_ASSOC);
  $firstname = $row["firstname"];
  $lastname = $row["lastname"];
  echo "<BR>Welcome back, ";
  echo $firstname;
  echo " ";
  echo $lastname;
}else{   
  echo 'wrong password/username combo';
}

?>

3 answers

solution1
 1 ACCPTED  2015-10-23 02:20:50

You need to create an actual conditional. 

$result = mysql_query($sql);

if( $result->num_rows == 1 ) {
    //show list
}else {
    //not authorized
}

solution2
 0  2015-10-23 02:20:56

您正在找到具有管理员电子邮件地址的用户记录,但是您没有将它与刚刚登录的用户进行比较。我在表代码周围看到花括号,但没有if语句。

solution3
 0  2015-10-23 02:23:44

I'd suggest setting up some sort of authentication groups.

So if the user logged in is a member of the admin group then they would see admin like things, likewise someone in the site users group would see site users things, etc...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Admin and Customer login in Php PHP : Login in to the admin page PHP Login for Customer and Admin unknown problems with php login Php login form problems PHP CURL Problems with login PHP Login script problems PHP Login Logout problems PHP admin permission without login User/Admin login via PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM