我创建了一个login.html页面和一个login.php脚本。在脚本中,它将首先获取我们输入的用户名和密码,然后使用数据库检查用户名或密码是否存在,或者如果用户有效,则它将检查其装卸ID,并使用其装卸权限打开其页面,但问题是,无论他们所在的部门是什么,它始终都在打开管理页面。请帮助我。
这是我的login.html代码
<form id="form1" name="form1" method="post" action="login.php">
<div class="form-group col-md-6">
<label class="sr-only" for="exampleInputEmail1">User Name: *</label>
<input required type="text" class="form-control" id="username" name="username" placeholder="User Name: *">
</div>
<div class="form-group col-md-6">
<label class="sr-only" for="exampleInputEmail1">Password: *</label>
<input required type="password" class="form-control" id="password" name="password" placeholder="Password: *">
</div>
<input id="submit" type="submit" class="btn btn-lg btn-primary" value="Submit" style="width: 130px">
Forgot Username or Password ?</form>
login.php脚本
<?php
session_start();
ob_start();
$conn = mysqli_connect("localhost","root","","hct_db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$sql="SELECT username, password FROM employee where username='".$username."' and password='".$password."'";
$result=mysqli_query($conn,$sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$sql2="SELECT department FROM employee WHERE username='".$username."'";
$result2=mysqli_query($conn,$sql2);
if($result2==1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location:admin/index.php");
}
if ($result2==2){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location:developer/index.html");
}
if ($result2==3){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location:sales/index.html");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
您没有获取结果。
$result2=mysqli_query($conn,$sql2);
if($result2==1)
仅检查sql-query是否成功,返回true,也返回1。执行以下操作:
$row = $result2->fetch_assoc();
if($row["department"]=="1")
and so on...
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句