stackoom
  简体   繁体   中英

How can I get a specific value from a database and compare it based on that value with PHP?

 原文  2016-05-30 18:14:56       php

Question

I have a problem with my login page. In my registration page I ask the user whether he/she is a student or a teacher. This is put into the database 'dbuploaden'. I need to get that information back from the database when a user wants to sign in, because a student gets to see a different home page than a teacher.

The problem here is that when I press the button "login", my page just seems to refresh and doesn't give me an error or anything. This is the PHP-code I use: 

<?php
session_start();
include_once 'connection.php';

if(isset($_SESSION['user'])!="")
{
//header("Location: home.php");
}
if(isset($_POST['btn-login']))
{
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$res=mysql_query("SELECT * FROM tblgebruikers WHERE email='$email'");
$row=mysql_fetch_array($res);

if($row['password']==md5($upass))
{
if(mysql_query("SELECT * FROM tblgebruikers WHERE soortgebruiker =       student")=="student")
 {  
 die('Following connection error has occured: '.mysql_error());
 $_SESSION['user'] = $row['gebruiker_id'];
 header("Location: index.php");
 }
if(mysql_query("SELECT * FROM tblgebruikers WHERE soortgebruiker =   docent")=="docent")
 {  
 die('Following connection error has occured: '.mysql_error());   
 $_SESSION['user'] = $row['gebruiker_id'];
 header("Location: index2.php");
 }
 }
 if($row['password']!=md5($upass))
 {
 echo "Foute gegevens. Probeer opnieuw.";
 }
 }

?>

Thanks

1 answers

solution1
 0  2016-05-30 19:15:15

I started out in web programming with little to no training, and certainly no teachers to guide me. It can be a little more difficult to learn than a lot of people will let on once they've already gotten the hang of where to look for answers and how to read the documentation.

First of all, please, please, please, use the mysqli functions rather than the mysql ones. This extension was updated for a reason. Or, even better, use PDO or another such adapter so that your code will be both more secure and easier to write and maintain later, if you ever do decide to go beyond this one assignment.

Also, parameterized queries! It will do you a world of good to start using them now and forget about mysql_real_escape_string .

Second, please look up why using md5 hashes for password storage is a bad idea. Even for an assignment like this, you should get in the practice of using secure and standard coding approaches so that you will develop good habits as you move forward.

I have removed the usage of your 'connection.php' file and have made several assumptions about the structure of your database in order to provide you with a working code fragment. There are many areas that you could optimize and improve on with the code below, but it does achieve the desired results. 

<?php
session_start();
//make sure you never do this in production
//you should store your connection usernames and passwords outside the web root
//to make unintentional disclosure of them harder
$mysqli = new mysqli( 'localhost', 'username', 'password', 'dpuploaden' );

if( mysqli_connect_errno() ){
    //in real production code, this would be insecure as you shouldn't give away error information
    //that could allow an attacker to gain more knowledge about your systems if at all possible
    exit( printf( "Kan geen verbinding met de database: %s\n", mysqli_connect_error() ) );
}

if( isset( $_POST[ 'btn-login' ] ) ){
    $email = $_POST[ 'email' ];
    $upass = $_POST[ 'pass' ];
    $id = NULL;
    $password = NULL;
    $soortgebruiker = NULL;

    if( $stmt = $mysqli->prepare( 'SELECT `gebruiker_id`, `password`, `soortgebruiker` FROM `tblgebruikers` WHERE `email` = ?' ) ){
        $stmt->bind_param( 's', $email );
        $stmt->execute();
        $stmt->bind_result( $id, $password, $soortgebruiker );
        $stmt->fetch();
        $stmt->close();

        //please do not ever use md5 has a password hashing solution in real code
        //look up the php function password_hash, or if you have PHP < 5.5.0 bcrypt
        //for their proper usage, or better yet, seek out a library that implements
        //this kind of login code and just use it
        //roll your own is always a bad idea when it comes to security and, even with
        //a lot of experience and information under your belt, it is all too easy to make mistakes
        if( $row[ 'password' ] === md5( $upass ) ){
            $_SESSION[ 'user' ] = $id;
            $_SESSION[ 'soortgebruiker' ] = $soortgebruiker;
        }
        else
            exit( "Foute gegevens. Probeer opnieuw." );
    }
    else{
        exit( 'Fout retrieveing ​​informatie.' );
    }
}

if( isset( $_SESSION[ 'user' ] ) && $_SESSION[ 'user' ] != '' ){
    if( $_SESSION[ 'soortgebruiker' ] === 'student' ){
        header( "Location: index.php" );
        exit;
    }
    else if( $_SESSION[ 'soortgebruiker' ] === 'docent' ){
        header( "Location: index2.php" );
        exit;
    }
}

//output login page here
?>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can i compare one value to multiple value in database in php? How can I get a column from database based on the value of the column How can I display value in textbox from database that value based on selected value from combobox in php? How can I get a value by it self using php from a database? PHP compare value from database How to get a specific value from my database with PHP how can get a specific value from database in using php laravel model PHP - get data from database compare it to variable and sort by less value How can I get a specific value in this PHP array? How can I change the switch display based on the value from the database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM