以管理员和普通用户身份登录

Question

database hs_hr_users

user_name    user_password     is_admin
admin          qwe123            Yes
999999         123qwe            No

在这里，我只为普通用户提供checklongin，它可以正常工作。 但是我需要使用is_admin = 'Yes'列以admin身份登录

checklogin.php

$host="localhost"; // test local
$username="ess_las_admin"; // Mysql username 
$password="esslasadmin"; // Mysql password 
$db_name="ess_las_admin"; // Database name 
$tbl_name="hs_hr_users"; // Table name user
$tbl_name2 ="hs_hr_employee" ; //
$db = mysql_connect($host, $username, $password); 
$link = mysql_select_db($db_name,$db);
ob_start();

// Connect to server and select databse.
$link = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = md5(stripslashes($mypassword));
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name a, $tbl_name2 b WHERE a.emp_number=b.emp_number AND a.user_name='$myusername' and a.user_password='$mypassword' 
        AND (
        b.work_station = '14' 
        OR  b.work_station = '1'
        OR  b.work_station = '15'
        OR  b.work_station = '16'
        OR  b.work_station = '17'
        OR  b.work_station = '18'
        OR  b.work_station = '19'
        OR  b.work_station = '20'
        OR  b.work_station = '21'
        OR  b.work_station = '22'
        OR  b.work_station = '23'
        OR  b.work_station = '24'
        OR  b.work_station = '25'
        OR  b.work_station = '27'
        OR  b.work_station = '28'


        )";
$result=mysql_query($sql);
echo $sql;
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;


//session_register("myusername");
//session_register("mypassword"); 
header("location:dashboard.php");
}
else {
//echo "Wrong Username or Password";
header("Location: login.php?error=1");
}

mysql_close($link);
ob_end_flush();
?>

管理员和普通用户的所有数据都在同一表中。 但是，列is_admin = Yes/No区分两者。 如果用户以管理员身份登录，将进入header:location:admin_search.php ，这是管理页面。 如果用户以普通用户身份登录，将进入header:location:dashboard.php 。

Answer 1

可能是这样的：

if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;
$row = mysql_fetch_array($result);
$_SESSION['is_admin'] = $row['is_admin'];

并使用$_SESSION['is_admin'] 。

在您的情况下，对于重定向：

if ($_SESSION['is_admin']=="Yes") { 
    header("location:admin_search.php");
} else {
    header("location:dashboard.php");
}

另一个建议是，将$sql="SELECT * FROM...更改$sql="SELECT is_admin FROM...

但

警告 警告
MYSQL_功能已弃用
从PHP 5.5.0开始不推荐使用mysql_*函数，以后将删除它们。 相反，应使用MySQLi或PDO_MySQL扩展。