这个问题在这里已有答案:
您好,我有一个简单的MySQL / PHP登录系统,几乎都是从本指南中复制的:https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php
我在users表user.admin中添加了一个布尔字段
我连接到各种类似的数据库(“config.php”):
<?php
/* Database credentials */
define('SERVER', 'localhost');
define('GUEST_USERNAME', 'guest');
define('GUEST_PASSWORD', '');
define('ADMIN_USERNAME', 'root');
define('ADMIN_PASSWORD', 'pw');
define('USERS_DATABASE_NAME', 'users');
define('OTHER_DB_NAME', 'db');
//is an admin logged in?
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true && $_SESSION["admin"] === 1){
/* Attempt to connect to MySQL database */
$link = mysqli_connect(SERVER, ADMIN_USERNAME, ADMIN_PASSWORD, USERS_DATABASE_NAME);
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
/* Attempt to connect to MySQL database */
$db = mysqli_connect(SERVER, ADMIN_USERNAME, ADMIN_PASSWORD, OTHER_DB_NAME);
// Check connection
if($db === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
}else{
/* Attempt to connect to MySQL database */
$link = mysqli_connect(SERVER, GUEST_USERNAME, GUEST_PASSWORD, USERS_DATABASE_NAME);
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
/* Attempt to connect to MySQL database */
$db = mysqli_connect(SERVER, GUEST_USERNAME, GUEST_PASSWORD, OTHER_DB_NAME);
// Check connection
if($db === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
}
?>
我在页面顶部有 require_once "config.php";
并尝试运行插入查询(允许root @ localhost执行此操作但guest @ localhost不允许) .
我确定管理会话变量设置正确(我在IF块中添加了一个调试行来重定向,如果它到达该行并且它工作)但是当我以admin身份登录时,任何insert命令都会返回此错误:
INSERT command denied to user 'guest'@'localhost' for table 'blabla'
.
以下是使用Insert查询的示例注册页面:
<?php
// Include config file
require_once "../scripts/config.php";
// Initialize the session
session_start();
// Check if the user is admin otherwise banish from this page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true && $_SESSION["admin"] === 1){
// Processing form data when form is submitted
// Scaled down for this example
if($_SERVER["REQUEST_METHOD"] == "POST"){
$username = $_POST["username"];
$password = $_POST["password"]);
$admin = (ISSET($_POST["admin_check"])?"'1'":"'0'");
// Prepare an insert statement
$sql = "INSERT INTO users (username, password, admin) VALUES ('".$username."', '".$password."', ".$admin.")";
if (mysqli_query($link, $sql)) {
echo "New record created successfully";
} else {
//THIS LINE SHOWS THE ERROR
echo "Error: " . $sql . "<br>" . mysqli_error($link);
}
// Close connection
mysqli_close($link);
}
}else{
header("location: login.php");
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Sign Up</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="wrapper">
<h2>Sign Up</h2>
<p>Please fill this form to create an account.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username</label>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password</label>
<input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
<label>Confirm Password</label>
<input type="password" name="confirm_password" class="form-control" value="<?php echo $confirm_password; ?>">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<label>Admin?</label>
<input type="checkbox" name="admin_check">
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-default" value="Reset">
</div>
<p>Already have an account? <a href="login.php">Login here</a>.</p>
</form>
</div>
</body>
</html>
当我说 require_once
时,配置页面的链接是什么?内存中是否有 $link
和 $db
变量的版本没有被覆盖?如果是,如何在管理员登录时将用户更改为root?
1 回答
好吧,吹我 . 我刚刚交换了前两行:
变为:
瞧!