1 级和 2 级用户可以登录访问 php
login access able by level 1 and 2 users php
please i want to make my login page to grant users access from level 1 and 2 here is the code .
我不知道从这里开始的下一步
$query = "SELECT * FROM affiliateuser WHERE (username = '" . mysqli_real_escape_string($con,$_POST['username']) . "') AND (password = '" . mysqli_real_escape_string($con,$_POST['password']) . "') AND (active = '" . mysqli_real_escape_string($con,"1") . "')";
if ($result = $mysqli->query($query)) {
if ($row = $result->fetch_assoc()) {
if($row['level'] == 1 || $row['level'] == 2) {
// Set username session variable
session_start();
$_SESSION['username'] = $username;
$errormsg= "
<div class='alert alert-warning' style='opacity: 0.5; background-color: rgb(51, 204, 102);'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'> <span aria-hidden='true'>×</span> </button> <strong>SUCCESS...</strong> Redirecting you to dashboard. </div>";
echo "<meta http-equiv='refresh' content='=2;dashboard' />";
}
else {
//UNAUTHORIZED
请问我该怎么做?
问题出在您的实际代码中,您只 selecting 级别为 1 的用户。
最简单的解决方案是将您的查询更新为select
的用户
level IN (1,2)
另一种解决方案是删除您的 WHERE level = ... 子句并稍后在您的 PHP 代码中检查它。这样您就可以以不同的方式处理 WRONG PASSWORD 和 UNAUTHORIZED 错误
$query = "SELECT * FROM affiliateuser WHERE (username = '" . mysqli_real_escape_string($con,$_POST['username']) . "') AND (password = '" . mysqli_real_escape_string($con,$_POST['password']) . "') AND (active = '" . mysqli_real_escape_string($con,"1") . "')";
if ($result = $mysqli->query($query)) {
if ($row = $result->fetch_assoc()) {
if($row['level'] == 1 || $row['level'] == 2) {
//ALL GOOD
} else {
//UNAUTHORIZED
}
} else {
//WRONG USERNAME/PASSWORD
}
$result->close();
}
注意:当您确定其内容时,无需 mysql_real_escape_string 硬编码字符串:在您的示例中 'level' 将始终为“1”
please i want to make my login page to grant users access from level 1 and 2 here is the code .
我不知道从这里开始的下一步
$query = "SELECT * FROM affiliateuser WHERE (username = '" . mysqli_real_escape_string($con,$_POST['username']) . "') AND (password = '" . mysqli_real_escape_string($con,$_POST['password']) . "') AND (active = '" . mysqli_real_escape_string($con,"1") . "')";
if ($result = $mysqli->query($query)) {
if ($row = $result->fetch_assoc()) {
if($row['level'] == 1 || $row['level'] == 2) {
// Set username session variable
session_start();
$_SESSION['username'] = $username;
$errormsg= "
<div class='alert alert-warning' style='opacity: 0.5; background-color: rgb(51, 204, 102);'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'> <span aria-hidden='true'>×</span> </button> <strong>SUCCESS...</strong> Redirecting you to dashboard. </div>";
echo "<meta http-equiv='refresh' content='=2;dashboard' />";
}
else {
//UNAUTHORIZED
请问我该怎么做?
问题出在您的实际代码中,您只 selecting 级别为 1 的用户。
最简单的解决方案是将您的查询更新为select
的用户level IN (1,2)
另一种解决方案是删除您的 WHERE level = ... 子句并稍后在您的 PHP 代码中检查它。这样您就可以以不同的方式处理 WRONG PASSWORD 和 UNAUTHORIZED 错误
$query = "SELECT * FROM affiliateuser WHERE (username = '" . mysqli_real_escape_string($con,$_POST['username']) . "') AND (password = '" . mysqli_real_escape_string($con,$_POST['password']) . "') AND (active = '" . mysqli_real_escape_string($con,"1") . "')";
if ($result = $mysqli->query($query)) {
if ($row = $result->fetch_assoc()) {
if($row['level'] == 1 || $row['level'] == 2) {
//ALL GOOD
} else {
//UNAUTHORIZED
}
} else {
//WRONG USERNAME/PASSWORD
}
$result->close();
}
注意:当您确定其内容时,无需 mysql_real_escape_string 硬编码字符串:在您的示例中 'level' 将始终为“1”