尝试存储用户的角色
$_SESSION['role'] == $row['role'];
当用户名'admin'登录时,它会在SQL中检查用户角色Admin,如果Admin存在,则将用户重定向到admin.php
但是,当重定向到admin.php时,页面会显示出来
$_SESSION['role']
在该页面上未定义。
我以为我用它来定义它
$_SESSION['role'] == $row['role']
在login_action.php上并在login_action.php和admin.php中使用start_session()
有什么问题?
login_action.php
<?php
session_start();
include("connect.php");
$tbl_name="users";
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn,$username);
$password = mysqli_real_escape_string($conn,$password);
$password = sha1($password);
$result = mysqli_query($conn, "SELECT * FROM $tbl_name WHERE user='$username' AND password='$password'");
if(mysqli_num_rows($result) != 1){
echo "<script>alert(' Wrong Username or Password Access Denied !!! Try Again');
window.location='index.php';
</script>";
}else{
$row = mysqli_fetch_assoc($result);
$_SESSION['role'] == $row['role'];
if($row['role'] == 'Admin'){
header('location: admin.php');
exit;
else{
echo "<script>alert('Wrong username or password. Try again');
window.location='index.php';
</script>";
}
}
admin.php的
<?php
session_start();
if (isset($_SESSION['role']) != 'Admin') {
echo "You are not the admin";
}
?>
<html>
<head>
<title> Administrator Page </title>
<head>
<body><br>
<h1 align="center">
Welcome To Administrator Page <br>
<a href='logout.php'>Click here to log out</a>
</h1>
</body>
</html>
答案 0 :(得分:2)
:
更改$ _SESSION ['role'] == $ row ['role'];到$ _SESSION ['role'] = $ row ['role'];
admin.php文件中的:
isset($ _ SESSION ['role'])!='Admin'
isset($ var):如果设置了$ var且不为null,则返回true。
解决方案是:
<?php
session_start();
if (isset($_SESSION['role']) && strtolower($_SESSION['role']) != 'admin') {
echo "You are not the admin";
}
?>
<html>
<head>
<title> Administrator Page </title>
<head>
<body><br>
<h1 align="center">
Welcome To Administrator Page <br>
<a href='logout.php'>Click here to log out</a>
</h1>
</body>
</html>
答案 1 :(得分:0)
错误在于:
<强> login_action.php
else{
$row = mysqli_fetch_assoc($result);
$_SESSION['role'] = $row['role']; // <--- Notice only one equal
if($row['role'] == 'Admin'){ // = inside if statement is always true
header('location: admin.php');
exit;