-1

如何定义我的 $_SESSION['amyusername']; 和 $_SESSION['amypassword']; 适当地?

完整代码: 

$host = "localhost";
$username = "root";
$password = "";
$db_name = "login";
$tbl_name = "medlemmer";

if ($_POST['amyusername'] && $_POST['amypassword']) {
    //Opret forbindelse til Databasen via MySQL.
    mysql_connect("$host", "$username", "$password") or die ("Kunne ikke oprette forbindelse til databasen!");
    mysql_select_db("$db_name");

        $amyusername = mysql_real_escape_string($_POST['amyusername']);
        $amypassword = mysql_real_escape_string($_POST['amypassword']);
        $amypassword = md5($amypassword);


    $sql = "SELECT * FROM $tbl_name WHERE Brugernavn = '$amyusername' AND Password = '$amypassword' ";
    $result = mysql_query($sql);    
    $count = mysql_num_rows($result);

    if ($count == 1) {
        while($row = mysql_fetch_array($result)) {

            if($row["Rank"] == "C") {
            $_SESSION['amyusername'];
            $_SESSION['amypassword'];
            header("Location: admin_success.php");
            }
            else {
                echo "Du er ikke Admin!";
                header("refresh: 3, admin.php");
            }
        }
    }
    else {
        echo "Indtast et gyldig ADMIN login";
        header("refresh: 3, admin.php");
    }


} 
else {
    echo "Du skal indtaste et brugernavn og password!";
    header("refresh: 3, admin.php");

}


?>

代码定义不正确的地方:

if($row["Rank"] == "C") {
   $_SESSION['amyusername'];
   $_SESSION['amypassword'];
   header("Location: admin_success.php");
}

它只是通过并让所有人进入,无论他们是管理员还是非管理员。我已经尝试了 3 个小时让它工作。可能是因为 $SESSION['amyusername']; 和 $SESSION['amypassword']; 没有正确定义还是什么?我不知道我应该怎么做。

4

2 回答 2

1

您没有通过 $rsql 查询中的用户名来限制排名。如果用户名和排名都在同一个表中,那么只需检查 $result 的排名,而不是运行一个全新的查询。

while($row = mysql_fetch_array($result)) {
于 2013-08-23T13:31:28.190 回答
0 
$sql = "SELECT * FROM $tbl_name WHERE Brugernavn = '$amyusername' AND Password = '$amypassword' ";
$result = mysql_query($sql);    
$count = mysql_num_rows($result);
$row = mysql_fetch_array($result);

if ($count == 1) {
    if($row["Rank"] == "C") {
        $_SESSION['amyusername'] = "$amyusername";
        header("Location: admin_success.php");
    }
    else {
        echo "Du er ikke Admin!";
        header("refresh: 3, admin.php");
    }
}
else {
    echo "Indtast et gyldig ADMIN login";
    header("refresh: 3, admin.php");
}

这解决了我的问题!

$_SESSION['amyusername'] = "$amyusername";

通过正确定义 $_SESSION ......我很愚蠢。

于 2013-08-25T09:33:07.533 回答