0
我有以下字段的MySQL表:PHP登录不工作
ID 用户名 密码 作用
管理有一定的作用1号和普通用户有一定的作用2号
<?php
// we must never forget to start the session
session_start();
$errorMessage = '';
if (isset($_POST['username']) && isset($_POST['password'])) {
include 'library/connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
// check if the user id and password combination exist in database
$sql = "SELECT role FROM user WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
$row = mysql_fetch_array($result);
if (mysql_num_rows($result) == 1 AND $row['role']==2) {
// the user id and password match,
// set the session
$_SESSION['userame'] = true;
// after login we move to the main page
header('Location: login_success.php');
exit;
}
elseif (mysql_num_rows($result) == 1 AND $row['role']== 1) {
// the user id and password match,
// set the session
$_SESSION['admin'] = true;
$_SESSION['username'] = true;
// after login we move to the main page
header('Location: admin.php');
exit;
}
else {
$errorMessage = 'Sorry, wrong user id/password <a href="login.html">Go Back</a>';
}
include 'library/closedb.php';
}
?>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
当管理员日志,它工作正常并且被重定向到admin.php的,而当在正常用户登录,什么都不会发生在所有的页面只是得到刷新。我究竟做错了什么?
**警告**此代码易受** [SQL注入](http://en.wikipedia.org/wiki/SQL_injection)**影响。 – mellamokb
我知道,不专注于secuirty atm – Jahed
这是一个错字在这里或在您的代码? '$ _SESSION ['userame'] = true;'不应该是$ _SESSION ['username']? –