1. 首页
  2. 问答
  3. 多用户登录不验证密码和会话

多用户登录不验证密码和会话

2017-02-22 127 views
0

以下我的代码给了我文件夹明智的登录,但没有验证我的密码和会话。多用户登录不验证密码和会话

不带开关的情况下,如果其他条件它的工作,但那么只有拖角色正在
我需要一个多角色

ob_start(); 
require_once 'dbconnect.php'; 
$userName = ''; 
$passError = ''; 
$error = false; 
if (isset($_POST['btn-login'])) { 
    $userName = trim($_POST['userName']); 
    $userName = strip_tags($userName); 
    $userName = htmlspecialchars($userName); 
    $pass = trim($_POST['pass']); 
    $pass = strip_tags($pass); 
    $pass = htmlspecialchars($pass); 
    if (empty($userName)) { 
     $error = true; 
     $userNameError = "Please enter your User Name."; 
    } 
    if (empty($pass)) { 
     $error = true; 
     $passError = "Please enter your password."; 
    } 
    if (!$error) { 
     $password = hash('sha256', $pass); 
     $res = mysqli_query($conn, "SELECT userId, userName, userPass, role FROM users1 WHERE userName='$userName'"); 
     $row = mysqli_fetch_array($res); 
     $count = mysqli_num_rows($res); 
     var_dump($count); 
     $count == 1 && $row['userPass'] == $password && $row['role'] == 'multirole'; 
     $multirole = $row['role']; 
     $row['userPass'] == ($password); 
     switch ($multirole) { 
      case "admin": 
       $_SESSION['user'] = $row['userName']; 
       $_SESSION['role'] = 'admin'; 
       header('Location: admin/home.php'); 
       break; 
      case "user": 
       $_SESSION['user'] = $row['userName']; 
       $_SESSION['role'] = 'user'; 
       header('Location: user/home.php'); 
       break; 
      default: 
       echo "No User Found ! Please Contact Admin"; 
     } 
    } 
}

你有什么建议吗?

来源

2017-02-22 Billy Barret

回答

0

好的,你的脚本格式化非常糟糕!

我觉得你的问题是在这个部分:

$计数== 1个& & $行[ '为userpass'] == $密码& & $行[ '角色'] ==”多用途“;

$ row ['role'] =='multirole'; //这不可能是真的!

我尝试重新编写脚本(通过使用+ - 你的逻辑是不是真的合适要么!):

ob_start(); 
require_once 'dbconnect.php'; 

if(isset($_POST['btn-login'])) 
{ 
$username = $_POST['userName']; 
$pass = $_POST['pass']; 

if(empty($userName)) 
{ 
    $error = true; 
    $userNameError = "Please enter your User Name."; 
} 
elseif(empty($pass)) 
{ 
    $error = true; 
    $userNameError = "Please enter your password."; 
} 
else 
{ 
    $password = hash('sha256', $pass); 

    $res = $db -> prepare ("SELECT * FROM users1 WHERE userName = :userName"); 

    $res -> execute (array (":userName" => $userName)); 

    $count = $res -> rowCount(); 

     if($count == 1) 
     { 
     $rows = $res -> fetchAll (PDO::FETCH_ASSOC); 

     foreach ($rows as $row) 
     { 
      $db_password= $row['userPass']; 
      $multirole = $row["role"]; 
     } 

       if($password == $db_password) 
       { 
       switch ($multirole) 
       { 
        case "admin": 
        $_SESSION['user'] = $row['userName']; 
        $_SESSION['role'] = 'admin'; 
        header('Location: admin/home.php'); 
        break; 
        case "user": 
        $_SESSION['user'] = $row['userName']; 
        $_SESSION['role'] = 'user'; 
        header('Location: user/home.php'); 
        break; 
        default: 
        echo "No User Found ! Please Contact Admin"; 
       } 
       } 
     } 
} 
}

来源

2017-02-22 09:23:25 Soheyl

+0

不行他们是somting在编码丢失可能是usname和密码的对象不正确设置 –

+0

@BillyBarret有可能,找到问题的最好方法是开始测试你的代码部分!它意味着只是测试你的数据是否与if和else一起发布并回显每个条件的消息!所以你会发现问题在哪里! – Soheyl

 相关问题

  • 暂无相关问题^_^