我只是新的PHP,幾個星期自自學,使各種項目來學習如何做的事情......PHP會話(用戶/管理員)的用戶級別
我目前正在由基礎工程的... 指數(登錄頁) 寄存器 家(用戶級) 管理(管理水平) 註銷 DBCONNECT
我有我的數據庫列名爲用戶級0爲默認,我將改變1用於管理帳戶....
目前,任何登錄用戶都可以訪問home.php頁面,因爲會話變量是'user',所以只要任何用戶登錄,他們就會返回home.php,否則返回索引如果登錄無效....就像我說的我很新的PHP,並且今天才開始學習會話,所以它有點壓倒性的...基本上我只是從家裏粘貼相同的頁面到管理員開始編輯會話的詳細信息,以便它會只允許用戶與用戶級1訪問管理別人回到指數....我的相關網頁代碼如下.....
的index.php(登錄頁)
<?php
\t ob_start();
\t session_start();
\t require_once 'dbconnect.php';
\t
\t // it will never let you open index(login) page if session is set
\t if (isset($_SESSION['user'])!="") {
\t \t header("Location: home.php");
\t \t exit;
\t }
\t
\t $error = false;
\t
\t if(isset($_POST['btn-login'])) { \t
\t \t
\t \t // prevent sql injections/ clear user invalid inputs
\t \t $email = trim($_POST['email']);
\t \t $email = strip_tags($email);
\t \t $email = htmlspecialchars($email);
\t \t
\t \t $pass = trim($_POST['pass']);
\t \t $pass = strip_tags($pass);
\t \t $pass = htmlspecialchars($pass);
\t \t // prevent sql injections/clear user invalid inputs
\t \t
\t \t if(empty($email)){
\t \t \t $error = true;
\t \t \t $emailError = "Please enter your email address.";
\t \t } else if (!filter_var($email,FILTER_VALIDATE_EMAIL)) {
\t \t \t $error = true;
\t \t \t $emailError = "Please enter valid email address.";
\t \t }
\t \t
\t \t if(empty($pass)){
\t \t \t $error = true;
\t \t \t $passError = "Please enter your password.";
\t \t }
\t \t
\t \t // if there's no error, continue to login
\t \t if (!$error) {
\t \t \t
\t \t \t $password = hash('sha256', $pass); // password hashing using SHA256
\t \t
\t \t \t $res=mysql_query("SELECT id, fname, pass FROM project WHERE email='$email'");
\t \t \t $row=mysql_fetch_array($res);
\t \t \t $count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
\t \t \t
\t \t \t if($count == 1 && $row['pass']==$password) {
\t \t \t \t $_SESSION['user'] = $row['id']; \t
\t \t \t \t header("Location: home.php");
\t \t \t } else {
\t \t \t \t $errMSG = "Incorrect Credentials, Try again...";
\t \t \t }
\t \t \t \t
\t \t }
\t \t
\t }
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sign In</title>
</head>
<body>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<input type="email" name="email" placeholder="Enter Your Email" value="<?php echo $email; ?>" maxlength="40" />
<?php echo $emailError; ?><br>
<br>
<input type="password" name="pass" placeholder="Enter Your Password" maxlength="15" />
<?php echo $passError; ?><br>
<br>
<button type="submit" name="btn-login">Sign In</button><br>
<br>
<br>
<a href="register.php">Register</a> <a href="index.php">Sign in</a> <a href="admin.php">Admin</a>
<br>
<?php
if (isset($errMSG)) {
?>
<?php echo $errMSG; ?>
<?php
}
?>
</body>
</html>
<?php ob_end_flush(); ?>
home.php
<?php
\t ob_start();
\t session_start();
\t require_once 'dbconnect.php';
\t
\t // if session is not set this will redirect to login page
\t if(!isset($_SESSION['user'])) {
\t \t header("Location: index.php");
\t \t exit;
\t }
\t // select loggedin users detail
\t $res=mysql_query("SELECT * FROM project WHERE id=".$_SESSION['user']);
\t $userRow=mysql_fetch_array($res);
\t
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome - <?php echo $userRow['fname']; ?></title>
</head>
<body>
Hello <?php echo $userRow['fname']; ?> you are sucessfully logged in!
<br>Your last name is <?php echo $userRow['lname']; ?>
<br>Your email address is <?php echo $userRow['email']; ?>
<br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br>
<a href="logout.php?logout"></span>Sign Out</a></li>
<br>
<br>
<a href="register.php">Register</a> <a href="index.php">Sign in</a> <a href="admin.php">Admin</a>
</body>
</html>
<?php ob_end_flush(); ?>
admin.php的
<?php
\t ob_start();
\t session_start();
\t require_once 'dbconnect.php';
\t
\t
\t // if session is not set this will redirect to login page
\t if(!isset($_SESSION['user'])) {
\t \t header("Location: index.php");
\t \t exit;
\t }
\t // select loggedin users detail
\t $res=mysql_query("SELECT * FROM project WHERE id=".$_SESSION['user']);
\t $userRow=mysql_fetch_array($res);
\t
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome - <?php echo $userRow['fname']; ?></title>
</head>
<body>
Hello <?php echo $userRow['fname']; ?> you are sucessfully logged in!
<br>Your last name is <?php echo $userRow['lname']; ?>
<br>Your email address is <?php echo $userRow['email']; ?>
<br><br><br><br><br><br><br><br><br><br>
<h1><?php echo $userRow['userlevel']; ?></h1>
<br><br><br><br><br><br><br><br><br><br>
<a href="logout.php?logout"></span>Sign Out</a></li>
<br>
<br>
<a href="register.php">Register</a> <a href="index.php">Sign in</a> <a href="admin.php">Admin</a>
</body>
</html>
<?php ob_end_flush(); ?>
如果有人能告訴我如何使會話查找到用戶級行數據庫拉存儲的信息(0或1爲用戶或admin)以及如何相應地修改index.php(登錄)頁面,以及如何編輯admin.php以僅允許具有userlevel 1的登錄用戶查看頁面?
很抱歉,如果這是含糊不清或所有的地方,我仍然只有找出新的東西,每天
感謝
如果您保存用戶ID在Cookie中,如果ID是可以預見的話,我可能會成爲只是改變了我的Cookie進行任何用戶。因爲這個原因,而不是存儲用戶ID,您通常會存儲一些大的隨機會話ID。 – Bemmu
注意,你會想停止使用'mysql_ *'庫。它從PHP 7中刪除,並被某些版本的PHP5 *棄用(儘管我不記得哪個版本的PHP5,它是無關緊要的)*。查看使用綁定參數切換到'mysqli_ *'或'PDO'以避免數據庫操作/銷燬。 – Rasclatt