我正在设计一个网站,它有四个模块Admin、branch Admin、reporter和accountant,每个人都可以登录到各自的页面,就像管理员会登录到管理页面,reporter会登录到它的页面一样,但代码不起作用。当我尝试登录任何模块时,它只登录到管理页面,并转到分支机构管理员、记者或会计师。
这是我的index.php页面
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user']))
{
header("Location: admin.php");
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>LoginIN</title>
<link href="styles/bootstrap.min.css" rel="stylesheet">
<link href="styles/signin.css" rel="stylesheet">
</head>
<body>
<div id="wrapper">
<header id="top">
<center><h1>Reporter Management System</h1></center>
<div class="container">
<form class="form-signin" role="form" action ="" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<input type="email" name="username" class="form-control" placeholder="Email address" required autofocus>
<input type="password" name="password" class="form-control" placeholder="Password" required>
<br>
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me">Remember me
<br>
</label>
</div>
<input name="submit"button class="btn btn-lg btn-primary btn-block" type="submit" value=" Sign in">
<span><?php echo $error; ?></span>
<br>
<a href="">Forgot your password?</a>
</body>
</html>
这是我的登录.php页面
<?php
error_reporting( E_ALL );
ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$usr=$_POST['username'];
$pwd=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$con = mysql_connect("localhost", "root1", "oec@123") or die('Error Connecting to mysql server');
// To protect MySQL injection for Security purpose
$username = stripslashes($usr);
$password = stripslashes($pwd);
$username = mysql_real_escape_string($usr);
$password = mysql_real_escape_string($pwd);
// Selecting Database
$db=mysql_select_db('rms',$con);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select username, password from login where password='$pwd' AND username='$usr'", $con) or die('Error querying database');
$rows = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)) {
$_SESSION['Sl_no']=$rows['Sl_no'];
if ($rows ==1)
{
// Initializing Session
header("location: admin.php"); // Redirecting To Other Page
}
elseif ($rows==2)
{
header("location: branchadmin.php");
}
elseif($rows==3)
{
header("location: accountant.php");
}
elseif($rows==4)
{
header("location: reporter.php");
}
else
{
$error = "Username or Password is invalid";
}
}
mysql_close($con); // Closing Connection
}
}
?>
我认为问题出在这个区域的检索和条件语句上
while ($rows = mysql_fetch_array($query)) {
$_SESSION['Sl_no']=$rows['Sl_no'];
if ($rows ==1)
{
由于登录页面每次都重定向到admin.php,这可能是因为你把返回的行数放在$rows
变量中,比如$rows = mysql_num_rows($query);
,如果它返回一行,这将满足你稍后检查的if ($rows ==1){header("location: admin.php");}
条件…
只是受过教育(和/或未受过教育)的猜测。
为什么不在数据库中放一列,指明用户的访问级别呢。像user_level
或admin=1、branchadmin=2、accounter=3等,然后进行检查并在此基础上重新指导。
因此,当你检查表单中的用户名和密码是否在数据库中时,如果是,你可以查看他们的用户级别,看看将他们重定向到哪里。
if ($rows === 1){
$row_array = mysql_fetch_assoc($query);
if ($row_array['admin_level'] == 1){
header("location: admin.php"); // Redirecting To Other Page
}
elseif ($row_array['admin_level']==2){
header("location: branchadmin.php");
}
elseif($row_array['admin_level']==3){
header("location: accountant.php");
}
elseif($row_array['admin_level']==4){
header("location: reporter.php");
}
else{
$error = "Username or Password is invalid";
}
}
mysql_close($con); // Closing Connection
这有道理吗?还是我误解了你想要实现的目标?
在这种情况下,您必须使用多个会话变量,如$_SESSION['email']
和$_SESSION['type'].
这里,$email将是特定用户的用户名,$type将是管理员、分支机构管理员、记者、会计师等用户的类型。
这两个会话变量需要在用户登录时进行设置。例如,考虑以下代码片段:
if(isset($_SESSION['email']))
{
if($_SESSION['type'] == "admin")
{
header('location:admin.php');
}
else if($_SESSION['type'] == "reporter")
{
header('location:reporter.php');
}
}