Answer the question
In order to leave comments, you need to log in
A
A
asdasa212020-04-20 22:13:40
asdasa21, 2020-04-20 22:13:40
What's wrong with the code?
I'm trying to display a message during authorization that the user is blocked, but the window is not displayed:
<?php
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username='$username' and password='$password'";
$query2 = "SELECT * FROM users WHERE role = 'admin'";
$query3 = "SELECT * FROM users WHERE ban = '1'";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
$result2 = mysqli_query($connection, $query2) or die(mysqli_error($connection));
$result3 = mysqli_query($connection, $query3) or die(mysqli_error($connection));
$count = mysqli_num_rows($result);
$ban = [];
$role = [];
while ($row = mysqli_fetch_array($result3)) {
$ban[] = $row['username'];
}
if (in_array($username, $ban)){
$_SESSION['m'] = "Пользователь заблокирован";
} else {
header('Location: index.html');
echo "Вы вошли под пользователем ";
}
while ($row = mysqli_fetch_array($result2)) {
$role[] = $row['username'];
}
if (in_array($username, $role)) {
header('Location:admin.php');
$_SESSION['t'] = "Вы вошли под админом ";
} else {
header('Location: index.html');
echo "Вы вошли под пользователем ";
}
if ($count == 1) {
$_SESSION['username'] = $username;
} else {
$fsmsg = "Ошибка";
}
}
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
echo "Hello," . $username . "";
echo "<a href='logout.php' class='btn btn-lg btn-primary'>Выйти</a>";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link rel="stylesheet" href="style.css">
<title>Авторизация</title>
</head>
<body>
<div class="container">
<form class="form-signin" method="POST">
<h2>Авторизация</h2>
<input type="text" name="username" class="form-control" placeholder="Username" required>
<input type="password" name="password" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Авторизоваться</button>
<a href="index.php" class="btn btn-lg btn-primary btn-block">Зарегистрироваться</a>
</form>
</div>
</body>
</html>
<code> 2 answer(s)
@AUser0
PS Although... Teach you, don't teach - it's all for nothing, "yes, it's all local, but just show me, but I'll retrain later, really, really"... Yeah, yeah, we believe, we believe. Only one insulting question: are you studying to become a coder?
@SagePtr
A
AUser0, 2020-04-21 @AUser0
Mdaaaaa...
<?php
session_start();
require('connect.php');
$fsmsg = "";
if (!empty($_POST['username']) AND !empty($_POST['password'])) {
$username = mysqli_real_escape_string($connection, $_POST['username']);
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username='{$username}'";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
$row = mysqli_fetch_assoc($result);
if (isset($row['ban']) AND $row['ban'] == 1){
$fsmsg = "Пользователь заблокирован";
}
else if (isset($row['password']) AND $row['password'] == $password) {
$_SESSION['username'] = $username;
$fsmsg = "Вы вошли под пользователем";
if (isset($row['role']) AND $row['role'] == "admin") {
$fsmsg = "Вы вошли под админом";
}
} else {
$fsmsg = "Ошибка";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link rel="stylesheet" href="style.css">
<title>Авторизация</title>
</head>
<body>
<div class="container">
<?php
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
echo("Hello," . $username . ".<br>\n");
if(!empty($fsmsg)) echo("<h2>{$fsmsg}</h2><br>\n");
echo("<a href='logout.php' class='btn btn-lg btn-primary'>Выйти</a>");
}
else
{
?>
<form class="form-signin" method="POST">
<?php if(!empty($fsmsg)) echo("<h2>{$fsmsg}</h2><br>\n"); ?>
<h2>Авторизация</h2>
<input type="text" name="username" class="form-control" placeholder="Username" required>
<input type="password" name="password" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Авторизоваться</button>
<a href="index.php" class="btn btn-lg btn-primary btn-block">Зарегистрироваться</a>
</form>
</div>
<?php
}
?>
</body>
</html>PS Although... Teach you, don't teach - it's all for nothing, "yes, it's all local, but just show me, but I'll retrain later, really, really"... Yeah, yeah, we believe, we believe. Only one insulting question: are you studying to become a coder?
S
SagePtr, 2020-04-21 @SagePtr
Why these 3 requests? It is enough just to select one line with the required login and password, and then check the ban and admin fields in it.
And by the way, when you do header('Location: ...'), then the script continues to run further (in your case, to the end), you should not assume that it will stop there, just the user will not see what happened next . After that, you need to explicitly call exit if you want to interrupt the script at this point.
Similar questions
B
A
A
A
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question