0 
database hs_hr_users

user_name    user_password     is_admin
admin          qwe123            Yes
999999         123qwe            No

在这里,我只有普通用户的 checklongin 并且它可以工作。但我需要使用列以管理员身份登录is_admin = 'Yes'

检查登录.php

$host="localhost"; // test local
$username="ess_las_admin"; // Mysql username 
$password="esslasadmin"; // Mysql password 
$db_name="ess_las_admin"; // Database name 
$tbl_name="hs_hr_users"; // Table name user
$tbl_name2 ="hs_hr_employee" ; //
$db = mysql_connect($host, $username, $password); 
$link = mysql_select_db($db_name,$db);
ob_start();

// Connect to server and select databse.
$link = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = md5(stripslashes($mypassword));
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name a, $tbl_name2 b WHERE a.emp_number=b.emp_number AND a.user_name='$myusername' and a.user_password='$mypassword' 
        AND (
        b.work_station = '14' 
        OR  b.work_station = '1'
        OR  b.work_station = '15'
        OR  b.work_station = '16'
        OR  b.work_station = '17'
        OR  b.work_station = '18'
        OR  b.work_station = '19'
        OR  b.work_station = '20'
        OR  b.work_station = '21'
        OR  b.work_station = '22'
        OR  b.work_station = '23'
        OR  b.work_station = '24'
        OR  b.work_station = '25'
        OR  b.work_station = '27'
        OR  b.work_station = '28'


        )";
$result=mysql_query($sql);
echo $sql;
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;


//session_register("myusername");
//session_register("mypassword"); 
header("location:dashboard.php");
}
else {
//echo "Wrong Username or Password";
header("Location: login.php?error=1");
}

mysql_close($link);
ob_end_flush();
?>

管理员和普通用户的所有数据都在同一个表中。但是,is_admin = Yes/No区分两者的列。如果用户以管理员身份登录,将转到header:location:admin_search.php管理页面。如果用户以普通用户身份登录,将进入header:location:dashboard.php

4

1 回答 1

1

可能是这样的:

if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_name_eprofile'] = $myusername;
$_SESSION['user_password'] = $mypassword;
$row = mysql_fetch_array($result);
$_SESSION['is_admin'] = $row['is_admin'];

做任何你想做的事$_SESSION['is_admin']

在您的情况下,对于重定向:

if ($_SESSION['is_admin']=="Yes") { 
    header("location:admin_search.php");
} else {
    header("location:dashboard.php");
}

还有另一个建议,更改$sql="SELECT * FROM...$sql="SELECT is_admin FROM...

警告 警告
MYSQL_ FUNCTIONS ARE DEPRECATED
mysql_*函数自 PHP 5.5.0 起已弃用,并将在未来删除。相反,应该使用MySQLiPDO_MySQL扩展。

于 2013-10-11T03:10:41.947 回答