PHP Mysql 多用户登录表单

Question

如何检测用户是管理员还是客户？下面显示的代码有一个 if else 语句，该语句被认为是错误的，因为我不知道它的代码是什么，请问你们可以帮助我吗？我想检查 $confirmation 变量。如果包含 1，则用户将转到管理页面。如果没有，则转到客户页面。我该怎么做？顺便说一句，if else 语句中的 if 是管理员，第一个 else 是客户。

PHP 代码:

<?php
session_start();

include("dbcon.php");
$username = $_POST['username'];
$password = $_POST['password'];
$qry="SELECT * FROM admininfo WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
    if($result) {
    if(mysql_num_rows($result) == 1) {
        session_regenerate_id();
        $user = mysql_fetch_assoc($result);
        //$_SESSION['fname'] = $user['fname'];
        //$_SESSION['lname'] = $user['lname'];
        //$_SESSION['username'] = $user['username'];
        //$_SESSION['password'] = $user['password'];
        $_SESSION['confirmation'] = $user['confirmation'];

        session_write_close();
        header("Location:menu.php");
        exit();
    }else {
        header("Location:menu1.php");
        exit();
    }
}else {
    die("Query failed");
}
?>

Answer 1

您可以做的是为您的admininfo表添加另一个字段，并在此处声明用户是否是管理员。例如，您的 admininfo 中有 status 字段，您的查询将如下所示(这只是一个示例):

$yourconnection=mysqli_connect("YourHost","YourUsername","YourPassword","NameOfYourDatabase");

if(mysqli_connect_errno()){

echo "Error".mysqli_connect_error();
}

$username = mysqli_real_escape_string($yourconnection,$_POST['username']); /* prevents a bit of SQL injection */
$password = mysqli_real_escape_string($yourconnection,$_POST['password']); /* prevents a bit of SQL injection */

$qry=mysqli_query($yourconnection,"SELECT * FROM admininfo WHERE username='$username' AND password='$password' AND status='customer'");
$qryadmin=mysqli_query($yourconnection,"SELECT * FROM admininfo WHERE username='$username' AND password='$password' AND status='administrator'");

if(mysqli_num_rows($qry)==1){
header("LOCATION:CustomerPage.php");
}

else if(mysqli_num_rows($qryadmin)==1){
header("LOCATION:AdminUserPage.php");
}

else {
echo "Error! No user found.";
}

并尝试使用 MySQLi 而不是其前身 MySQL。