0

嗨,在我的脚本中,我让它登录用户,但我想让脚本还通过查看 account_type 是否为 a、b、c 帐户类型“c”是管理员来检查用户是否是管理员,我想要它将管理员重定向到管理页面...

<?php // Start Session to enable creating the session variables below when they log in

// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');

include_once("security/checkuserlog.php");
if (isset($_SESSION['idx'])) {

echo '<script language="Javascript">';
echo 'window.location="home.php"';
echo '</script>';
}
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars
$errorMsg = '';
$username = '';
$pass = '';
$remember = '';
if (isset($_POST['username'])) {

    $username = $_POST['username'];
    $pass = $_POST['pass'];
    if (isset($_POST['remember'])) {
        $remember = $_POST['remember'];
    }
    $username = stripslashes($username);
    $pass = stripslashes($pass);
    $username = strip_tags($username);
    $pass = strip_tags($pass);

    // error handling conditional checks go here
    if ((!$username) || (!$pass)) { 

        $errorMsg = '<font color="red">Please fill in both fields</font>';

    } else { // Error handling is complete so process the info if no errors
        include 'connect_to_mysql.php'; // Connect to the database
        $username = mysql_real_escape_string($username); // After we connect, we secure the string before adding to query
        //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query
        $pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
        // Make the SQL query
        $sql = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$pass'"); 
        $login_check = mysql_num_rows($sql);
        // If login check number is greater than 0 (meaning they do exist and are activated)
        if($login_check > 0){ 
                while($row = mysql_fetch_array($sql)){


                    // Create session var for their raw id
                    $id = $row["id"];   
                    $_SESSION['id'] = $id;
                    // Create the idx session var
                    $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");

                    $username = $row["username"];
                    $_SESSION['username'] = $username;



                } // close while

                // Remember Me Section


                // All good they are logged in, send them to homepage then exit script
                header("location: home.php"); 
                exit();

        } else { // Run this code if login_check is equal to 0 meaning they do not exist
            $errorMsg = '<font color="red">The Username And Password did not match.</font>';
        } 


    } // Close else after error checks

} //Close if (isset ($_POST['uname'])){
?>
4

2 回答 2

1

if ($row["account_type"] == "c") { header("Location: admin.php"); };在你的while循环中应该这样做。

这基本上会将“位置”标题设置为“admin.php”或您想要的任何管理页面,但是如果用户实际登录,请不要忘记检查您的管理页面,以避免用户只需手动进入“管理员” .php”并绕过权限检查。

于 2013-08-21T03:04:17.740 回答
0 
$account_type= $row["account_type"];
$_SESSION['account_type'] = $account_type;

然后header("location: home.php");变成

if($account_type=='admin')
{
   header("location: adminpanel.php");
}
else
{
   header("location: home.php");
}
于 2013-08-21T03:11:48.403 回答