这是我登录页面中的代码..我需要只允许我的数据库中的用户登录..用户可以是管理员,可以访问我网站中的某些链接..所以其他人无法访问我已将管理员分配给我的角色id 作为 R2 用户可以查看我的所有报告,除了 StaffReport...所以如果我是管理员,我将使用管理员用户名和密码,这是我在 login.php 上的代码
<?php
session_start();
require_once("mysqlconn.php");
$dbconn = mysql_connect($hostname, $username, $password) or
die('Could not connect: ' . mysql_error());
mysql_select_db($database, $dbconn);
$uusername= $_POST['uusername'];
$upassword= $_POST['upassword'];
// build query
$qry = "Select * from Users where u_username='$uusername' and " .
"u_password=PASSWORD('$upassword')";
// execute query
$result = mysql_query($qry) or die('Query failed: ' . mysql_error());
if(mysql_num_rows($result)==1)
{
$row = mysql_fetch_assoc($result);
.
$_SESSION['userno'] = $row['user_id'];
$_SESSION['roleno'] = $row['role_id'];
header("Location: ./index.php");
// stop execution of this page
exit;
}
else
{
header("Location: ./LoginForm.php");
exit;
}
mysql_close($dbconn);
?>
在我的 fun.in.php 我有这个
<?php
// start the session - this has to be done in all scripts that use $_SESSION array
session_start();
DEFINE("ADMIN_ROLE", "R2");
// function to check if the user has logged in. If user has loged in then this function
// returns a true
function Has_Session()
{
if(!isset($_SESSION['userno']) or
$_SESSION['userno'] == "")
{
return false;
}
else
{
return true;
}
}
// Declare cleaning function
function clean_it ($string_variable)
{
$string_variable = addslashes(trim($string_variable));
return $string_variable;
}
function IsAdministrator()
{
if(isset($_SESSION['roleid']) AND
$_SESSION['roleid'] == ADMIN_ROLE
{
return true;
}
else
{
return false;
}
}
function printErrorMessage($message)
{
echo "<center><table id='form-table'><th>Access Error</th>" .
"<tr><td><b>$message</b></td></tr></table></center>";
}
?>
问题当我尝试登录时,例如分配为 Adminstartor(R2) 的 John,我无法登录..没有显示错误,但它会将我返回到我的登录表单