If和else声明，测试用户帐户状态

Question

我想测试用户帐户的状态。 如果该帐户是活动的我重定向他到用户页面 如果帐户是不活跃我重定向他有错误

这里再次登录网页是我的代码

<?php 

require('conexion.php'); 

$username = ''; 
$password = ''; 

if (isset($_POST['username']) || !empty($_POST['username'])) 
    $username = $_POST['username']; 
if (isset($_POST['password']) || !empty($_POST['password'])) 
    $password = $_POST['password']; 

$q1 = "select * from user where username='" . $username . "' and password='" . $password . "' "; 
$r1 = $db->query($q1); 
$i = 0; 
echo $q1; 

while ($d1 = $r1->fetch()) { 
    $i++; 
    //$id_perso = $d1['id_perso']; 
    $type = $d1['type']; 
    $nom = $d1['nom']; 
    $prenom = $d1['prenom']; 
    $statut = $d1['statut']; 
    $user_id = $d1['id_user']; 
} 

if ($i == 1) { // START IF 
    session_start(); 
    $_SESSION['username'] = $_POST['username']; 
    $_SESSION['password'] = $_POST['password']; 
    $_SESSION['type'] = $type; 
    $_SESSION['nom'] = $nom; 
    $_SESSION['prenom'] = $prenom; 
    $_SESSION['statut'] = $statut; 
    $_SESSION['user_id'] = $user_id; 

    if ($statut = 'actif') { 
     if ($_SESSION['type'] == 'admin') { 
      $path = "admin/index.php"; 
     } 
     if ($_SESSION['type'] == 'professeur') { 
      $path = "professeur/index.php"; 
     } 
     if ($_SESSION['type'] == 'doctorant') { 
      $path = "doctorant/index.php"; 
     } 

     header("Location:".$path); 
    } elseif ($statut = 'inactif') { 
     header("location:login.php?inactif"); 
    } 
} else { 
    header("location:login.php?error=1"); 
} 

?> 

Answer 1

何不你是否使用布尔值，应该会更容易。

/* 
1. Get Status from Database 
2. When the user is active, you set the boolean true, else false. */ 
$booleanVar = false; 

if($booleanVar) { 
// user is active 
} else { 
// user is inactive 
} 

编辑： 用头重定向工作原理是这样的，我认为它不区分大小写：

header('Location: somesite.php?abc'); 

你也有检查值“==”（平等）或“=== “（对于相同）

Answer 2

你可以简单地得到同样的结果，如果你这样做了简单的查询：

您检查密码和用户名的比赛，并检查了ACCO unt已被激活。

$sql = 'SELECT `id` FROM `user` WHERE `username` = '$username' AND `password` = '$password' AND `statut` = 1' 

然后，您可以运行查询和检查的行数大于0

$sql = $db->query($sql); 
$results = $sql->fetch(); 

if (count($results) > 0) { 
    // Account is activated 
} else { 
    header("location: login.php"); 
    exit; 
} 

你也容易受到SQL-注入直接插入你的变量到你的查询，至极Edhurtig注意！预先注入SQL注入的最好方法是使用PDO准备好的语句。

Answer 3

首要的是：不要存储密码。对安全散列算法（而不是md5）或使用Google，Facebook，Github等第三方认证服务进行一些研究。

二：此代码是容易通过$ _ POST [“用户名”]和$ _ POST [“密码”]

而且SQL注入，这是一个有点不清楚什么是被问，但我觉得这是很重要指出上述问题，因为它们非常关键。

这是我能够清理的东西。我强烈建议使用第三方认证服务，尽管

<?php 
require('conexion.php'); 
$salt = "random_string"; 

$username=''; 
$password=''; 
if (isset($_POST['username'])||!empty($_POST['username']))  $username = $_POST['username']; 
if (isset($_POST['password'])||!empty($_POST['password']))  $password = $_POST['password']; 

$hashed_password = some_hashing_function_1000_times($password, $salt); 

$q1="SELECT * FROM user WHERE `user`.`username` = '%s' AND `user`.`password` = '%s' LIMIT 1"; 

// I hope that $db has a prepare function, it prevents SQL injections from $_POST['username'] and $_POST['password'] 
$sql = $db->prepare($q1, $username, $hashed_password); 

$r1= $db->query($q1); 

$user = $r1->fetch(); 

if($user) { // START IF 
    session_start(); 
    $_SESSION['username'] = $_POST['username']; 
    $_SESSION['password'] = $_POST['password']; 
    $_SESSION['type'] = $type; 
    $_SESSION['nom'] = $nom; 
    $_SESSION['prenom'] = $prenom; 
    $_SESSION['statut'] = $statut; 
    $_SESSION['user_id'] = $user_id; 

    if($statut == 'actif'){ 
    if($_SESSION['type']=='admin') { $path="admin/index.php"; } 
    if($_SESSION['type']=='professeur'){ $path="professeur/index.php"; } 
    if($_SESSION['type']=='doctorant') { $path="doctorant/index.php"; } 
    header("Location: " . $path); 
    exit(); 
    } 
    else if ($statut == 'inactif') { 
    header("Location: login.php?inactif"); 
    exit(); 
    } 
} 

header("Location: login.php?error=1"); 
exit(); 

// No Closing PHP tag at end of file