1. 首页
  2. 问答
  3. mysql检查账户类型,看看是否管理员登录

mysql检查账户类型,看看是否管理员登录

2013-08-21 102 views
0

嗨在我的脚本我有它登录用户,但我想让脚本也检查用户是否是管理员通过查看如果account_type是a,b,c账户类型“C”是管理,我想它在你的while循环应该这样做管理员重定向到管理页面...mysql检查账户类型,看看是否管理员登录

<?php // Start Session to enable creating the session variables below when they log in 

// Force script errors and warnings to show on page in case php.ini file is set to not display them 
error_reporting(E_ALL); 
ini_set('display_errors', '1'); 

include_once("security/checkuserlog.php"); 
if (isset($_SESSION['idx'])) { 

echo '<script language="Javascript">'; 
echo 'window.location="home.php"'; 
echo '</script>'; 
} 
//----------------------------------------------------------------------------------------------------------------------------------- 
// Initialize some vars 
$errorMsg = ''; 
$username = ''; 
$pass = ''; 
$remember = ''; 
if (isset($_POST['username'])) { 

    $username = $_POST['username']; 
    $pass = $_POST['pass']; 
    if (isset($_POST['remember'])) { 
     $remember = $_POST['remember']; 
    } 
    $username = stripslashes($username); 
    $pass = stripslashes($pass); 
    $username = strip_tags($username); 
    $pass = strip_tags($pass); 

    // error handling conditional checks go here 
    if ((!$username) || (!$pass)) { 

     $errorMsg = '<font color="red">Please fill in both fields</font>'; 

    } else { // Error handling is complete so process the info if no errors 
     include 'connect_to_mysql.php'; // Connect to the database 
     $username = mysql_real_escape_string($username); // After we connect, we secure the string before adding to query 
     //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query 
     $pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it 
     // Make the SQL query 
     $sql = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$pass'"); 
     $login_check = mysql_num_rows($sql); 
     // If login check number is greater than 0 (meaning they do exist and are activated) 
     if($login_check > 0){ 
       while($row = mysql_fetch_array($sql)){ 


        // Create session var for their raw id 
        $id = $row["id"]; 
        $_SESSION['id'] = $id; 
        // Create the idx session var 
        $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id"); 

        $username = $row["username"]; 
        $_SESSION['username'] = $username; 



       } // close while 

       // Remember Me Section 


       // All good they are logged in, send them to homepage then exit script 
       header("location: home.php"); 
       exit(); 

     } else { // Run this code if login_check is equal to 0 meaning they do not exist 
      $errorMsg = '<font color="red">The Username And Password did not match.</font>'; 
     } 


    } // Close else after error checks 

} //Close if (isset ($_POST['uname'])){ 
?>

来源

2013-08-21 Glenn

+1

看看PHP中的MySQLi扩展 - 还有很多附带的老mysql_ *函数坏事。另外,为了安全起见,您应该使用'md5'哈希值。 – phatskat

回答

1

if ($row["account_type"] == "c") { header("Location: admin.php"); };

这将基本上将“位置”标题设置为“admin.php”或任何你想要的管理页面,但是不要忘记检查你的管理页面,如果用户实际登录,以避免用户简单地去手动转换为“admin.php”并绕过权限检查。

来源

2013-08-21 03:04:17

0 
$account_type= $row["account_type"]; 
$_SESSION['account_type'] = $account_type;

然后换header("location: home.php");

if($account_type=='admin') 
{ 
    header("location: adminpanel.php"); 
} 
else 
{ 
    header("location: home.php"); 
}

来源

2013-08-21 03:11:48 n3ISe

相关问题

 相关问题