PHP login script - If statements and arrays

StackOverflow https://stackoverflow.com/questions/14034255

  •  12-12-2021
  •  | 
  •  

Hello fellow programmers and coders. I am developing an enhanced login script based on the already great login script by zubrag.

What i am trying to achieve: If the user is an admin, he will be logged in. If the user is a regular user, he will not be logged in.

What happens: The user gets logged in, even if he is not an admin.

Here is a snippet of the code:

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $users)
  || (USE_USERNAME && ( !array_key_exists($login, $users) || $users[$login] != $pass ) ) 
  ) {
      showLoginPasswordProtect("Incorrect username or password.");
  }

The Part that i am having trouble with:

  elseif (array_key_exists($login, $admins)) {
  showLoginPasswordProtect("User not an admin.");
  }

Rest of the code:

  else {
      // set cookie if password was validated
      setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
      setcookie("user", $login, 0, '/');
      // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
      // So need to clear password protector variables
      unset($_POST['access_login']);
      unset($_POST['access_password']);
      unset($_POST['Submit']);
  }

}

Username and password array:

$users = array(
  'username' => 'password',
  'administrator' => 'administrator-password'
);

Admin array:

$admins = array(
  'administrator'
);

Now picture all of that together, and what would the problem be? (It's probably really easy, i'm just not a professtional coder.)

有帮助吗?

解决方案

Are you sure that admins can login?

Here you are saying that if the username is in the admin array, deny the acces:

elseif (array_key_exists($login, $admins)) {
  showLoginPasswordProtect("User not an admin.");
}

  What you probably want to do is deny the acces for users not in the admin array:

elseif (!array_key_exists($login, $admins)) {
  showLoginPasswordProtect("User not an admin.");
}
许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top