[英]login as Admin and normal user
database hs_hr_users
user_name user_password is_admin
admin qwe123 Yes
999999 123qwe No
在这里,我只为普通用户提供checklongin,它可以正常工作。 但是我需要使用is_admin = 'Yes'
列以admin身份登录
checklogin.php
$host="localhost"; // test local
$username="ess_las_admin"; // Mysql username
$password="esslasadmin"; // Mysql password
$db_name="ess_las_admin"; // Database name
$tbl_name="hs_hr_users"; // Table name user
$tbl_name2 ="hs_hr_employee" ; //
$db = mysql_connect($host, $username, $password);
$link = mysql_select_db($db_name,$db);
ob_start();
// Connect to server and select databse.
$link = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = md5(stripslashes($mypassword));
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name a, $tbl_name2 b WHERE a.emp_number=b.emp_number AND a.user_name='$myusername' and a.user_password='$mypassword'
AND (
b.work_station = '14'
OR b.work_station = '1'
OR b.work_station = '15'
OR b.work_station = '16'
OR b.work_station = '17'
OR b.work_station = '18'
OR b.work_station = '19'
OR b.work_station = '20'
OR b.work_station = '21'
OR b.work_station = '22'
OR b.work_station = '23'
OR b.work_station = '24'
OR b.work_station = '25'
OR b.work_station = '27'
OR b.work_station = '28'
)";
$result=mysql_query($sql);
echo $sql;
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;
//session_register("myusername");
//session_register("mypassword");
header("location:dashboard.php");
}
else {
//echo "Wrong Username or Password";
header("Location: login.php?error=1");
}
mysql_close($link);
ob_end_flush();
?>
管理员和普通用户的所有数据都在同一表中。 但是,列is_admin = Yes/No
区分两者。 如果用户以管理员身份登录,将进入header:location:admin_search.php
,这是管理页面。 如果用户以普通用户身份登录,将进入header:location:dashboard.php
。
可能是这样的:
if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;
$row = mysql_fetch_array($result);
$_SESSION['is_admin'] = $row['is_admin'];
并使用$_SESSION['is_admin']
。
在您的情况下,对于重定向:
if ($_SESSION['is_admin']=="Yes") {
header("location:admin_search.php");
} else {
header("location:dashboard.php");
}
另一个建议是,将$sql="SELECT * FROM...
更改$sql="SELECT is_admin FROM...
但
警告 警告
MYSQL_功能已弃用
从PHP 5.5.0开始不推荐使用mysql_*
函数,以后将删除它们。 相反,应使用MySQLi或PDO_MySQL扩展。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.