【问题标题】:enter webpage only with adminright code fail仅使用管理员代码进入网页失败
【发布时间】:2014-04-05 16:43:45
【问题描述】:

这是我的授权文件 我有一个数据库

用户名 密码 电子邮件 positief(这里是“1”或“0”,如果您有管理员权限,则为“1”)

我希望我的代码能够识别“1”,如果您有 1“”,则可以让您访问页面 不输入就进不去。

<html>
<body>

<?php
session_start();    // Create the session, Ready for our login data.

$username = $_POST['username']; // Gets the username from the login.php page.
$password = $_POST['password']; // Gets the plain text password.
$database = "cmict_test";

// Connect to your database
mysql_connect("","","") or die(mysql_error());
mysql_select_db("$database");

$query = "SELECT * FROM users WHERE password = '$password' LIMIT 1"; 

$username = mysql_real_escape_string($username); // just to be sure.

$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){
    $resusername = $row['username']; // username from DB
    $respassword = $row['password']; // password from DB
    $resemail = $row['email']; // email from db
    $admin = $row['positief'];
}

// Are they a valid user?

if ($resusername == $username && $respassword == $password) {
    // Yes they are.
    // Lets put some data in our session vars and mark them as logged in.
    $_SESSION['loggedin'] = "1";
    $_SESSION['email'] = $resemail;
    $_SESSION['username'] = $resusername;

    header("location:navigra.php");
}else{
    // No, Lets mark them as invalid.
    $_SESSION['loggedin'] = "0";
    echo "Sorry, Invalid details.<br>";
    die ('klik <a href="testlogin.php">hier</a> om opnieuw te proberen.');
}

if ($admin == 1) {
$_SESSION['logadmin'] = "1";
} else {
$_SESSION['logadmin'] = "0"
echo "You are no admin";
die ('klik <a href = "index.html">hier</a>');
}


?>

</body>
</html>

这就是我放在页面顶部的内容 检查您是否已登录以及您是否拥有管理员权限

<?php
session_start(); // Start the session
$loggedin = $_SESSION['loggedin']; // Are they loggedin?
$logadmin = $_SESSION['logadmin']; // Are they admin?

// They are not logged in, Kill the page and ask them to login.
if ($loggedin != "1") {
die('Sorry you are not logged in, please click <a href="adminlogin.php">Here</a> to    
login');}

if ($logadmin != "1") {
die ('You have no POWER here');}

?>

有人可以帮我解决这个问题吗?我会很感激的。

提前谢谢你!

您好,

DTcodedude

【问题讨论】:

  • 请注意,您的查询应包括用户名,如下所示:SELECT * FROM users WHERE username = '$username' and password = '$password' LIMIT 1

标签: php html authentication rights rights-management


【解决方案1】:
<html>
<body>

<?php
session_start();    // Create the session, Ready for our login data.

$username = addslashes($_POST['username']); // Gets the username from the login.php page.
$password = addslashes($_POST['password']); // Gets the plain text password.
$database = "cmict_test";

// Connect to your database
mysql_connect("","","") or die(mysql_error());
mysql_select_db("$database");

$query = "SELECT * FROM users WHERE username = '$username' and password = '$password' LIMIT 1"; 

$username = mysql_real_escape_string($username); // just to be sure.

$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){
    $resusername = $row['username']; // username from DB
    $respassword = $row['password']; // password from DB
    $resemail = $row['email']; // email from db
    $admin = $row['positief'];
}

// Are they a valid user?

if ($resusername == $username && $respassword == $password) {
    // Yes they are.
    // Lets put some data in our session vars and mark them as logged in.
    $_SESSION['loggedin'] = "1";
    $_SESSION['email'] = $resemail;
    $_SESSION['username'] = $resusername;
    $_SESSION['logadmin'] = $admin;

    header("location:navigra.php");

}else{
    // No, Lets mark them as invalid.
    $_SESSION['loggedin'] = "0";
    echo "Sorry, Invalid details.<br>";
    die ('klik <a href="testlogin.php">hier</a> om opnieuw te proberen.');
}



?>

</body>
</html>

编辑:

-在 sql 查询中添加了对用户名的检查(如 Jason 建议的那样)

- 添加斜线以防止 SQL 注入。

【讨论】:

  • 好的,谢谢,但我并不是真的在寻找这个,它只是一个公司网站。代码有效我只需要它来识别您是否拥有管理员权限。如果您不这样做,则网页不会显示。如果你有的话。
  • 是的,这也是固定的。
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2017-08-02
  • 2016-03-21
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2019-08-29
相关资源
最近更新 更多