[英]login - different user roles
我有一个用户表,其中的角色字段存储了Admin和Customer。我希望具有admin角色的用户重定向到admin,另一个重定向到index.php。
我不确定如何执行此操作,因为我已经从注册表单中加密了密码,并且如果两个密码都匹配,则使用password_verify函数为用户提供访问权限。
function login_user() {
if(isset($_POST['btnlogin'])) {
global $connection;
$email = $_POST['email'];
$password = $_POST['password'];
$login_query = "SELECT * from users where email = '{$email}'";
$confirm = mysqli_query($connection, $login_query);
while($row = mysqli_fetch_assoc($confirm)) {
$db_pass = $row['password'];
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$contact_num = $row['mobile'];
$email = $row['email'];
$postcode = $row['postcode'];
$role = $row['role'];
$_SESSION['firstname'] = $first_name;
$_SESSION['lastname'] = $last_name;
$_SESSION['mob'] = $contact_num;
$_SESSION['email'] = $email;
$_SESSION['postcode'] = $postcode;
}
if(password_verify($password, $db_pass)) {
redirect("index.php");
}
}
}
使用简单的if条件:
if (password_verify($password, $db_pass)) {
if ($role == 'admin') { // or how do you store role value
redirect("admin.php");
} else {
redirect("index.php");
}
}
更进一步,您也应该在$_SESSION
添加role
。 就像是:
// code goes here
$_SESSION['postcode'] = $postcode;
$_SESSION['is_admin'] = $role == 'admin';
您需要执行此操作,以检查直接访问admin.php
是否是admin 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.