似乎无法让 $_SESSION['user_level'] 以我需要的方式工作

Question

下面是我正在运行的代码。我正在尝试获取它，因此如果用户 user_level 低于 1，我的 CMS index.php 将拒绝访问。我正在使用 user_level 为 1 的测试帐户设置登录，但我没有任何运气。

我的 index.html 上的代码：

<?php

if($_SESSION['user_level'] == "1"){
   header("Location: index.php");
   exit;                                     
   }else{ header("Location: login.php"); 
      exit;                              
}

因此，如果 user_level 为 1 或更高，则继续 index.html（这是我的 CPanel 索引，而不是我的实际站点索引。

如果 user_level 低于 1，则重定向回登录。

这是我的 server.php 代码，点击登录后所有的魔法都会发生。

<?php
session_start();

// variable declaration
$fullname = "";
$useremail    = "";
$age    = "";
$igname    = "";
$profileurl    = "";
$errors = array(); 

// connect to database
$db = mysqli_connect('****', '****', '****', 
'****');

// REGISTER USER
if (isset($_POST['reg_user'])) {
  // receive all input values from the form
  $fullname = mysqli_real_escape_string($db, $_POST['fullname']);
  $useremail = mysqli_real_escape_string($db, $_POST['useremail']);
  $age = mysqli_real_escape_string($db, $_POST['age']);
  $igname = mysqli_real_escape_string($db, $_POST['igname']);
  $profileurl = mysqli_real_escape_string($db, $_POST['profileurl']);
  $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
  $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

  // form validation: ensure that the form is correctly filled
  if (empty($fullname)) { array_push($errors, "Full name is required"); }
  if (empty($useremail)) { array_push($errors, "Email is required"); }
  if (empty($age)) { array_push($errors, "Age is required"); }
  if (empty($igname)) { array_push($errors, "In game name is required"); }
  if (empty($profileurl)) { array_push($errors, "Truckers-MP Profile URL is required"); }
  if (empty($password_1)) { array_push($errors, "Password is required"); }
  if ($password_1 != $password_2) {
  array_push($errors, "The two passwords do not match");
}

// register user if there are no errors in the form
if (count($errors) == 0) {
 $password = md5($password_1);//encrypt the password before saving in the database
 $query = "INSERT INTO users (fullname, email, age, igname, profileurl, password) 
          VALUES('$fullname', '$useremail', '$age', '$igname', '$profileurl', '$password')";
mysqli_query($db, $query);
$_SESSION['useremail'] = $useremail;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
  echo '<script language="javascript">';
echo 'alert("Once an admin reviews your account, they will send you an email alerting you that you can login. Please be patient.")';
echo '</script>';
  }

}

// ... 



// LOGIN USER
if (isset($_POST['login_user'])) {
  $useremail = mysqli_real_escape_string($db, $_POST['useremail']);
  $password = mysqli_real_escape_string($db, $_POST['password']);

  if (empty($useremail)) {
    array_push($errors, "Email is required");
  }
  if (empty($password)) {
    array_push($errors, "Password is required");
  }

  if (count($errors) == 0) {
    $password = md5($password);
    $query = "SELECT * FROM users WHERE email='$useremail' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
    $_SESSION['user_level'] = $row['user_level'];
      $_SESSION['useremail'] = $useremail;
      $_SESSION['success'] = "You are now logged in";
      header('location: index.php');
    }else {
        array_push($errors, "Wrong username/password combination");
    }
  }
}

?>

我确定我做得不对，但至少我可以说我该死的尝试过。任何帮助将不胜感激。

Answer 1

有未定义的变量$row。首先定义它（fetch_assoc()），然后你可以将它分配到会话中。

if (mysqli_num_rows($results) == 1) {
    $row = mysqli_fetch_assoc($results);
    $_SESSION['user_level'] = $row['user_level'];
    $_SESSION['useremail'] = $useremail;
    ...
}

Answer 2

mysqli_num_rows 返回结果集中的行数。不是索引！您可以保留此代码并以这种方式分配 -> $_SESSION['user_level'] = $row[some index];（如果您的表像 id,user,pass,mail'some index 将是 1。

如果你想有一个文本索引，只需寻找mysqli_fetch_array