0

我正在创建具有不同用户级别的登录名。如果用户名和密码是 admin 或 staff,如何从我的表 users 中获取 user_level 字段。

这是代码:

<?php
include("../config/database.php");

if(isset($_POST["login"]))
{
  $username = $_POST['username'];
  $password = $_POST['password'];

  $username = stripslashes($username);
  $password = stripslashes($password);
  $username = mysql_real_escape_string($username);
  $password = mysql_real_escape_string($password);

  $query = "SELECT * FROM users 
                     WHERE username= '$username' OR email= '$username'  
                           AND password='$password'";
  $result = mysql_query($query);

  $count = mysql_num_rows($result);//counting table rows

  if($count==1)
  {//check if found username and password
    if(user_level == "admin")
    {
      header("Location: ../views/admin/dashboard.php");
    }
    elseif(user_level=="patient")
    {
      header("Location: ../views/default/home.php");
    }

  }
  else
  {
    echo "WRONG USERNAME OR PASSWORD!";
  }

}
?>
4

4 回答 4

1

做一些改变,它会工作......

$count = mysql_fetch_assoc($result);

并且

if($count==1){//check if found username and password
        if($count['user_level'] == "admin"){
            header("Location: ../views/admin/dashboard.php");
        }elseif($count['user_level']=="patient"){
            header("Location: ../views/default/home.php");
        }

    }
于 2013-02-08T06:33:40.820 回答
0

您应该user_level在数据库表中添加一个字段users。您可以为其分配值adminpatient在注册级别。

之后,对新变量使用相同的查询$previlage。然后使用它从数据库中获取内容,如下所示,,,

           $previlage=mysql_fetch_array($result); //fetch contents from db

            if($previlage['user_level'] == "admin"){
                header("Location: ../views/admin/dashboard.php"); // if userlevel admin
            }elseif($previlage['user_level']=="patient"){
                header("Location: ../views/default/home.php"); // if user level is patient
            }
于 2013-02-08T06:32:44.987 回答
0 
if(user_level == "admin"){

应该

$record=mysql_fetch_assoc($result);
if($record["user_level"] == "admin"){
于 2013-02-08T06:28:02.770 回答
0

首先尝试使用括号分隔

$sql = "SELECT * FROM users
        WHERE (username= '$username' OR email= '$username')  
        AND password='$password'";";

并且mysql_*功能也被贬低了。您可以使用mysqli_*or PDO

为了回答您的问题,您是否有一个字段来确定用户在您的表中的角色?如果是这样,只需返回该字段并检查用户是否是适当的角色。

例子:

$data = mysql_fetch_assoc($result);

if ($data["user_level"] == "admin" ){
   ...
}
于 2013-02-08T06:28:04.260 回答