登錄之前檢查用戶狀態

Question

在他/她可以登錄到他/她的帳戶之前，我一直編碼數小時試圖檢查用戶狀態（活動，非活動，暫停，禁止等），但似乎沒有任何工作。

下面是該代碼。

<?php 

if (!defined('included')){ 
die('You cannot access this file directly!'); 
} 

//log user in --------------------------------------------------- 
function login($user, $pass){ 

    //strip all tags from varible 

    $user = strip_tags(mysql_real_escape_string($user)); 
    $pass = strip_tags(mysql_real_escape_string($pass)); 
    $status = 'active'; 
    $salt = sha1('_wchs2242%..father%/**...mygreenparrot_password&username\--\__/heelo"@@@@@@.'); 
    $password = md5($pass.$salt); 


    //$pass = md5($pass); 

    // check if the user id and password combination exist in database 
    $sql = "SELECT * FROM panel_users WHERE username = '$user' AND password = '$password' "; 
    $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 


    if (mysql_num_rows($result) == 1) { 

     // the username and password match, 
     // set the session 
     $_SESSION['authorized'] = true; 
     $_SESSION['user'] = $user; 


     // direct to admin 
     header('Location: '.DIRADMIN); 
     exit(); 
    } else { 
    $cs = mysql_fetch_array($result); 
    $sta = $cs['status']; 
     if($sta == 'suspended'){ 
      $_SESSION['sus'] = 'Your account is being suspended'; 
     } 
     elseif($sta == "inactive"){ 
      $_SESSION['ina'] = 'You\'re not yet authorized.'; 
     }else{ 
    // define an error message 
    $_SESSION['error'] = 'Sorry, wrong username or password'; 
     } 
    } 
} 

// Authentication 
function logged_in() { 
    if($_SESSION['authorized'] == true) { 
     return true; 
    } else { 
     return false; 
    } 
} 

function login_required() { 
    if(logged_in()) { 
     return true; 
    } else { 
     header('Location: '.DIRADMIN.'login'); 
     exit(); 
    } 
} 

function logout(){ 
    unset($_SESSION['authorized']); 
    header('Location: '.SITEDIR.'login'); 
    exit(); 
} 

// Render error messages 
function messages() { 
    $message = ''; 
    if($_SESSION['success'] != '') { 
     $message = '<div class="alert-success">'.$_SESSION['success'].'</div>'; 
     $_SESSION['success'] = ''; 
    } 
    if($_SESSION['error'] != '') { 
     $message = '<div class="alert-warning">'.$_SESSION['error'].'</div>'; 
     $_SESSION['error'] = ''; 
    } 
    if($_SESSION['sus'] != '') { 
     $message = '<div class="alert-warning">'.$_SESSION['sus'].'</div>'; 
     $_SESSION['sus'] = ''; 
    } 
    if($_SESSION['ina'] != '') { 
     $message = '<div class="alert-warning">'.$_SESSION['ina'].'</div>'; 
     $_SESSION['ina'] = ''; 
    } 


    echo "$message"; 
} 

function errors($error){ 
    if (!empty($error)) 
    { 
      $i = 0; 
      while ($i < count($error)){ 
      $showError.= "<div class=\"msg-error\">".$error[$i]."</div>"; 
      $i ++;} 
      echo $showError; 
    }// close if empty errors 
} // close function 


?> 

任何一個有我可能做錯什麼的想法？只有

Answer 1

$result containt行，如果用戶名和密碼相匹配 否則$result將contans NULL 所以每次if (mysql_num_rows($result) == 1) {}else{}其他{}不工作，使錯誤，我認爲。 所以請嘗試此代碼

if (mysql_num_rows($result) == 1) { 
    // if the username and login match 
    // so here we check the status before granting the user access 
    $cs = mysql_fetch_array($result); 
    $sta = $cs['status']; 
    if($sta == 'suspended'){ 
     $_SESSION['sus'] = 'Your account is being suspended'; 
    }elseif($sta == "inactive"){ 
     $_SESSION['ina'] = 'You\'re not yet authorized.'; 
    }else{ 
     // the username and password match, 
     // set the session 
     $_SESSION['authorized'] = true; 
     $_SESSION['user'] = $user; 
     // direct to admin 
     header('Location: '.DIRADMIN); 
    } 
    exit(); 
} else { 
    // define an error message 
    // if username and password don't match 
    $_SESSION['error'] = 'Sorry, wrong username or password'; 
}