ログイン前のユーザーの状態を確認する

Question

ユーザーの状態（アクティブ、非アクティブ、中断、禁止など）を確認しようとするうちに、自分のアカウントにログインできるように何時間もコーディングしていますが、

以下はそのコードです。

<?php 

if (!defined('included')){ 
die('You cannot access this file directly!'); 
} 

//log user in --------------------------------------------------- 
function login($user, $pass){ 

    //strip all tags from varible 

    $user = strip_tags(mysql_real_escape_string($user)); 
    $pass = strip_tags(mysql_real_escape_string($pass)); 
    $status = 'active'; 
    $salt = sha1('_wchs2242%..father%/**...mygreenparrot_password&username\--\__/heelo"@@@@@@.'); 
    $password = md5($pass.$salt); 


    //$pass = md5($pass); 

    // check if the user id and password combination exist in database 
    $sql = "SELECT * FROM panel_users WHERE username = '$user' AND password = '$password' "; 
    $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 


    if (mysql_num_rows($result) == 1) { 

     // the username and password match, 
     // set the session 
     $_SESSION['authorized'] = true; 
     $_SESSION['user'] = $user; 


     // direct to admin 
     header('Location: '.DIRADMIN); 
     exit(); 
    } else { 
    $cs = mysql_fetch_array($result); 
    $sta = $cs['status']; 
     if($sta == 'suspended'){ 
      $_SESSION['sus'] = 'Your account is being suspended'; 
     } 
     elseif($sta == "inactive"){ 
      $_SESSION['ina'] = 'You\'re not yet authorized.'; 
     }else{ 
    // define an error message 
    $_SESSION['error'] = 'Sorry, wrong username or password'; 
     } 
    } 
} 

// Authentication 
function logged_in() { 
    if($_SESSION['authorized'] == true) { 
     return true; 
    } else { 
     return false; 
    } 
} 

function login_required() { 
    if(logged_in()) { 
     return true; 
    } else { 
     header('Location: '.DIRADMIN.'login'); 
     exit(); 
    } 
} 

function logout(){ 
    unset($_SESSION['authorized']); 
    header('Location: '.SITEDIR.'login'); 
    exit(); 
} 

// Render error messages 
function messages() { 
    $message = ''; 
    if($_SESSION['success'] != '') { 
     $message = '<div class="alert-success">'.$_SESSION['success'].'</div>'; 
     $_SESSION['success'] = ''; 
    } 
    if($_SESSION['error'] != '') { 
     $message = '<div class="alert-warning">'.$_SESSION['error'].'</div>'; 
     $_SESSION['error'] = ''; 
    } 
    if($_SESSION['sus'] != '') { 
     $message = '<div class="alert-warning">'.$_SESSION['sus'].'</div>'; 
     $_SESSION['sus'] = ''; 
    } 
    if($_SESSION['ina'] != '') { 
     $message = '<div class="alert-warning">'.$_SESSION['ina'].'</div>'; 
     $_SESSION['ina'] = ''; 
    } 


    echo "$message"; 
} 

function errors($error){ 
    if (!empty($error)) 
    { 
      $i = 0; 
      while ($i < count($error)){ 
      $showError.= "<div class=\"msg-error\">".$error[$i]."</div>"; 
      $i ++;} 
      echo $showError; 
    }// close if empty errors 
} // close function 


?> 

私が間違っていると思われるものはありますか？ユーザー名とパスワードがそうでなければ$resultそれはそうするたびに、他のif (mysql_num_rows($result) == 1) {}else{} {}は仕事と私は考えてエラーを犯していないNULL をcontansます と一致した場合にのみ、

Answer 1

$result containt行。 このコードを試してください

if (mysql_num_rows($result) == 1) { 
    // if the username and login match 
    // so here we check the status before granting the user access 
    $cs = mysql_fetch_array($result); 
    $sta = $cs['status']; 
    if($sta == 'suspended'){ 
     $_SESSION['sus'] = 'Your account is being suspended'; 
    }elseif($sta == "inactive"){ 
     $_SESSION['ina'] = 'You\'re not yet authorized.'; 
    }else{ 
     // the username and password match, 
     // set the session 
     $_SESSION['authorized'] = true; 
     $_SESSION['user'] = $user; 
     // direct to admin 
     header('Location: '.DIRADMIN); 
    } 
    exit(); 
} else { 
    // define an error message 
    // if username and password don't match 
    $_SESSION['error'] = 'Sorry, wrong username or password'; 
}