1. 首页
  2. 问答
  3. 作为管理员和学生以一种形式登录

作为管理员和学生以一种形式登录

2015-12-05 24 views
-2

Goodmorning夫人/先生,我有一种形式的问题,我想登录两个用户,我可以登录作为管理员,但如果我会让学生登录它会错误,这是正确的登录与两种类型的用户在一种形式?作为管理员和学生以一种形式登录

session_start(); 

function test_input($data) { 
    $data = trim($data); 
    $data = stripslashes($data); 
    $data = htmlspecialchars($data); 
    return $data; 
} 

if(isset($_POST['Submit'])){ 

    $username= test_input($_POST['Username']); 
    $password= test_input($_POST['Password']); 
    $IDNumber = test_input($_POST['IDNumber']); 

    if ($username&&$password){ 
     $con=mysqli_connect("localhost","root","","enrollmentsystem"); 
     $query=mysqli_query($con,"SELECT * FROM admin WHERE Username='$username'"); 
     $numrows=mysqli_num_rows($query); 

     if($numrows !=0){ 
      while ($row=mysqli_fetch_assoc($query)){ 
       $dbusername=$row['Username']; 
       $dbpassword=$row['Password']; 
      } 
      if($username==$dbusername&&$password==$dbpassword){ 
       $_SESSION['Username']=$dbusername; 
       header("Location: SecondForm.php"); 
       exit; 
      }else{ 
       header("Location: IncorrectPassword.html"); 
      } 
     }else{ 
      header("Location: IncorrectUsername.html"); 
     } 

     mysqli_close($con); 
    }elseif($IDNumber&&$password){ 
     $con=mysqli_connect("localhost","root","","enrollmentsystem"); 
     $query=mysqli_query($con,"SELECT * FROM studentpersonalinformation WHERE IDNumber=$IDNumber"); 
     $numrows=mysqli_num_rows($query); 

     if($numrows !=0){ 
      while ($row=mysqli_fetch_assoc($query)){ 
       $dbidnumber=$row['IDNumber']; 
       $dbpassword=$row['Password']; 
      } 

      if($IDNumber==$dbidnumber&&$password==$dbpassword){ 
       $_SESSION['IDNumber']=$dbidnumber; 
       header("Location: LoginAndView.php"); 
       exit; 
      }else{ 
       header("Location: IncorrectPassword.html"); 
      } 
     }else{ 
      header("Location: IncorrectUsername.html"); 
     } 
     mysqli_close($con); 
    } 
}

来源

2015-12-05 TruthLies Uchiha

+0

如果您收到错误信息,那么你的不可能是正确的,可以吗?向我们提供一条错误消息,并指明它来自哪里。 – Shadow

+0

不是同时进行的会话,正确吗?只是你想要一个表格来检查两个卷....? – Rasclatt

+0

它将转到Incorrectusername.html,即使它在mysql中是正确的idnumber和密码 –

回答

1

尝试打破你的脚本成可重用的作品,像这样:

/functions/myfunctions.php

<?php 
function sanitize($data = false) 
    { 
     return htmlspecialchars(stripslashes(trim($data))); 
    } 
// Create a simle query function 
function fetchUser($con,$sql) 
    { 
     $query  = mysqli_query($con,$sql); 

     if(mysqli_num_rows($query) == 1) { 
      $row = mysqli_fetch_assoc($query); 
      return $row['Password']; 
     } 

     return false; 
    } 
// Simple query for admin user 
function is_admin($con,$username) 
    { 
     return fetchUser($con,"SELECT * FROM `admin` WHERE `Username` = '{$username}'"); 
    } 
// Simple query for student user 
function is_student($con,$username) 
    { 
     return fetchUser($con,"SELECT * FROM `studentpersonalinformation` WHERE `IDNumber` = {$username}"); 
    } 
// Simple algorithme to return a user role and db password 
function get_user_role($con,$settings = false) 
    { 
     $isAdmin = false; 
     $isStudent = false; 
     $username = (!empty($settings['username']))? $settings['username'] : false; 
     $idNumber = (!empty($settings['idnumber']))? $settings['idnumber'] : false; 

     if(!empty($username)) 
      $isAdmin = is_admin($con, $username); 
     else 
      $isStudent = is_student($con, $idNumber); 

     if($isAdmin) { 
      $user['role']  = 'a'; 
      $user['password'] = $isAdmin; 
     } 
     elseif($isStudent) { 
      $user['role']  = 's'; 
      $user['password'] = $isStudent; 
     } 
     else { 
      $user['role']  = false; 
      $user['password'] = false; 
     } 

     return (object) $user; 
    }

login.php中(或者其他命名的页面,这是)

<?php 
session_start(); 
if(isset($_POST['Submit'])) { 
     // Include the functions above 
     include_once(__DIR__."/functions/myfunctions.php"); 
     // Preset for redirect 
     $header  = 'IncorrectPassword.html'; 
     // Sanitize credentials 
     $username = (!empty($_POST['Username']))? sanitize($_POST['Username']) : false; 
     $password = (!empty($_POST['Password']))? sanitize($_POST['Password']) : false; 
     $IDNumber = (!empty($_POST['IDNumber']) && is_numeric($_POST['IDNumber']))? $_POST['IDNumber'] : false; 
     // Assign connection 
     $con  = mysqli_connect("localhost","root","","enrollmentsystem"); 
     // Try and get user role + password 
     $user  = get_user_role($con,array("username"=>$username,"idnumber"=>$IDNumber)); 
     // If there is a user role 
     if(!empty($user->role)) { 
      // If db password matches POST password 
      // NOTE: You should not be storing plaintext passwords, look into using 
      // password_hash()/password_verify() 
      if($user->password == $password) { 
       // If admin asign username 
       // Make IDNumber false, then you don't have to check later in your app if it's set. 
       // Same with username in the other role 
       if($user->role == 'a') { 
        $_SESSION['Username'] = $username; 
        $_SESSION['IDNumber'] = false; 
        $header     = 'SecondForm.php'; 
       } 
       else { 
        $_SESSION['Username'] = false; 
        $_SESSION['IDNumber'] = $IDNumber; 
        $header     = 'LoginAndView.php'; 
       } 
      } 
     } 
     // Close before redirect 
     // (mysqli will close by default unless you persist the connection manually) 
     mysqli_close($con); 
     // Redirect 
     header("Location: {$header}"); 
     exit; 
    }

来源

2015-12-05 06:53:07 Rasclatt

+0

我只能在这里找到不同意的一点是括号 - 这只是个人偏好。除此之外,这几乎是你(OP)应该做的事情。 – ScottMcGready

相关问题

 相关问题