我做了一个网站的注册登录系统,我想做一个管理员面板。我给了我的帐户管理用户类型(mysql),但我不知道如何检查登录时的用户类型。这是我的authenticate代码,检查登录(echos有匈牙利文的文本不关心这个)。
session_start();
$DATABASE_HOST = 'sql305.epizy.com';
$DATABASE_USER = 'epiz_25331636';
$DATABASE_PASS = 'q1SI3G8B0s';
$DATABASE_NAME = 'epiz_25331636_accounts';
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
if ( !isset($_POST['username'], $_POST['password']) ) {
exit('Felhasználónév és jelszó is szükséges!');
}
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
if (password_verify($_POST['password'], $password)) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
header('Location: home.php');
} else {
echo "<script type='text/javascript'>alert('Helytelen jelszó');
window.location='index.html';
</script>";
}
} else {
echo "<script type='text/javascript'>alert('Helytelen felhasználónév');
window.location='index.html';
</script>";
}
$stmt->close();
}
?>
假设你有一个 usertype
字段,其中包含管理员的 "admin",你可以做以下操作。
if ($stmt = $con->prepare('SELECT id, password, usertype FROM accounts WHERE username = ?')) {
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password, $usertype);
$stmt->fetch();
if (password_verify($_POST['password'], $password)) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
if($usertype == "admin"){
header('Location: adminpanel.html')
} else {
header('Location: home.php');
}
} else {
echo "<script type='text/javascript'>alert('Helytelen jelszó');
window.location='index.html';
</script>";
}
}
就像已经提到的那样,请尽快更改证书,如果它们还在使用的话。 And like already mentioned, please change the credentials as soon as possible, if they are in use.