0

基本上我尝试让这段代码在不同的 php 页面中导航。这是 verify_user.php 

$con = mysqli_connect("localhost", "root", "****", "myDB");
if (!$con){
    die("Connection to database failed: " . mysqli_connect_error());
}

$uname=$_POST['u_name'];
$pass=$_POST['pass'];

$qry = mysqli_query($con, "SELECT * FROM login WHERE user='$uname'");

if(!$qry){
    die("Query Failed: ". mysql_error());
} else {
    $row = mysqli_fetch_array($qry);

        if($_POST['u_name'] == $row["user"] && $_POST['pass'] == $row["password"]) {
            if ($_POST['u_name'] = "admin") {
                session_start();
                $_SESSION['name'] = $_POST['u_name'];
                header("Location:admin_panel.php");
            } else {    
                session_start();
                $_SESSION['name']=$_POST['u_name'];
                header("Location:main.php");
            }       
        } else {
            header("Location:main.php?id=Worng ID / Password!");
        }
    }
    ?>

从这段代码中我们可以看到,如果用户是 admin,它应该去 admin_panel.php。如果用户不是管理员,它应该去 main.php。进一步解释;这是我的 admin_panel.php

<?php
session_start();
if(isset($_SESSION['name'])){
   if(!$_SESSION['name']=='admin'){
?>



<!-- HTMML CODE -->



<?php
   }
   else
      header("Location:index.php?id=Only for admin.");
}
else
{
header("Location:index.php?id=Only for admin.");
}
?>

但它不起作用...

4

1 回答 1

0

改变

if ($_POST['u_name'] = "admin") {


if ($_POST['u_name'] == "admin") {

改变

 if(!$_SESSION['name']=='admin'){


 if($_SESSION['name']=='admin'){

事实上你可以改变

<?php
session_start();
if(isset($_SESSION['name'])){
   if(!$_SESSION['name']=='admin'){
?>



<!-- HTMML CODE -->



<?php
   }
   else
      header("Location:index.php?id=Only for admin.");
}
else
{
header("Location:index.php?id=Only for admin.");
}
?>


<?php
session_start();
if(isset($_SESSION['name']) && $_SESSION['name'] == 'admin'){
?>



<!-- HTMML CODE -->



<?php
}
else
{
header("Location:index.php?id=Only for admin.");
}
?>

另外,这真的不是很好

header("Location:index.php?id=Only for admin.");

网址中不应有空格

顺便说一句,这段代码很容易受到 SQL 注入的攻击。

于 2013-11-09T13:19:01.040 回答