K
K
killsxs2020-04-25 00:13:53
PHP
killsxs, 2020-04-25 00:13:53

How to display user instead of admin?

In general, such a problem, calculations and the name of the user who made the calculation are entered into the database, but such a problem is that when sending the calculation to the database and uploading it to the site in the form of a table, the calculation is always sent on behalf of the admin. What is wrong in the code, can anyone tell me? The calculation is sent from an authorized user. Here is the authorization code:

<?php

session_start();
require('connect.php');
$fsmsg = "";

if (!empty($_POST['username']) AND !empty($_POST['password'])) {
    $username = mysqli_real_escape_string($connection, $_POST['username']);
    $password = $_POST['password'];

    $query = "SELECT * FROM users WHERE username='{$username}'";

    $result = mysqli_query($connection, $query) or die(mysqli_error($connection));

    $row = mysqli_fetch_assoc($result);

    if (isset($row['ban']) AND $row['ban'] == 1){
        $fsmsg = "Пользователь заблокирован";
    }
    else if (isset($row['password']) AND $row['password'] == $password) {
        $_SESSION['username'] = $username;
        header('Location: index.html');
        $fsmsg = "Вы вошли под пользователем";
        
        if (isset($row['role']) AND $row['role'] == "admin") {
            header('Location:admin.php');
            $fsmsg = "Вы вошли под админом";
        }
    } else {
        $fsmsg = "Ошибка";
    }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
          integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
    <link rel="stylesheet" href="style.css">
    <title>Авторизация</title>
</head>
<body>

<div class="container">
<?php
if (isset($_SESSION['username'])) {
    $username = $_SESSION['username'];
    echo("Hello," . $username . ".<br>\n");
    if(!empty($fsmsg)) echo("<h2>{$fsmsg}</h2><br>\n");
    echo("<a href='logout.php' class='btn btn-lg btn-primary'>Выйти</a>");
}
else
{
?>
    <form class="form-signin" method="POST">
        <form class="form-signin" method="POST">
        <?php if(!empty($fsmsg)) echo("<h2>{$fsmsg}</h2><br>\n"); ?>
        <h2>Авторизация</h2>
        <input type="text" name="username" class="form-control" placeholder="Username" required>
        <input type="password" name="password" class="form-control" placeholder="Password" required>
        <button class="btn btn-lg btn-primary btn-block" type="submit">Авторизоваться</button>
        <a href="index.php" class="btn btn-lg btn-primary btn-block">Зарегистрироваться</a>
    </form>
</div>
<?php
}
?>
</body>
</html>


Here is the code for sending the calculation to the database:

<?php 
session_start();

  $connect = mysqli_connect('localhost', 'root', '', 'practice');

    if (!$connect) {
        die('Error connect to DataBase');
    }

$D_vn = trim($_POST['D_vn']);
$D_n = trim($_POST['D_n']);
$Nkt_vn = trim($_POST['Nkt_vn']);
$L_c = trim($_POST['L_c']);
$R_pl = trim($_POST['R_pl']);
$R_d = trim($_POST['R_d']);
$R_v = trim($_POST['R_v']);
$R_k = trim($_POST['R_k']);
$Q_st = trim($_POST['Q_st']);
$T_sr = trim($_POST['T_sr']);
$K_k = trim($_POST['K_k']);
$R_gst = trim($_POST['R_gst']);

$V_g = trim($_POST['V_g']);
$W_tg = trim($_POST['W_tg']);
$W_kzg = trim($_POST['W_kzg']);
$R_et = trim($_POST['R_et']);
$R_g = trim($_POST['R_g']);
$Re_kzg = trim($_POST['Re_kzg']);
$L_g = trim($_POST['L_g']);
$A_kzg = trim($_POST['A_kzg']);
$A_tg = trim($_POST['A_tg']);
$N_pr = trim($_POST['N_pr']);
$O_g = trim($_POST['O_g']);
$T_t = trim($_POST['T_t']);

$date = date("Y-m-d H:i:s");
if (isset($_POST['button'])) {
  $query = "SELECT * FROM users";

    $result = mysqli_query($connect, $query) or die(mysqli_error($connect));

    $row = mysqli_fetch_assoc($result);
    $username = $row['username'];

    mysqli_query($connect, "INSERT INTO `input`(`username`, `D_vn`, `D_n`, `Nkt_vn`, `L_c`, `R_pl`, `R_d`, `R_v`, `R_k`, `Q_st`, `T_sr`, `K_k`, `R_gst`) VALUES ('$username', '$D_vn', '$D_n', '$Nkt_vn', '$L_c', '$R_pl', '$R_d', '$R_v', '$R_k', '$Q_st', '$T_sr', '$K_k', '$R_gst')"); 

    mysqli_query($connect, "INSERT INTO `output`(`username`, `V_g`, `W_tg`, `W_kzg`, `R_et`, `R_g`, `Re_kzg`, `L_g`, `A_kzg`, `A_tg`, `N_pr`, `O_g`, `T_t`, `date`) VALUES ('$username', '$V_g', '$W_tg', '$W_kzg', '$R_et', '$R_g', '$Re_kzg', '$L_g', '$A_kzg', '$A_tg', '$N_pr', '$O_g', '$T_t', '$date')");

}



?>

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
Rsa97, 2020-04-25
@killsxs

Query all rows from the users table.
Read only the first one.
Accept that this is the desired user.
An interesting option, however, given that the username is stored in the session.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question