Localhost将您重定向了太多次。如何防止用户从管理员访问页面

时间:2018-11-23 03:35:06

标签: php session

所以我想防止用户无法从管理页面访问页面。

用户页面= index.php

管理页面= indexp.php

如果会话用户尝试打开indexp.php,我希望将其重定向到index.php 如果会话管理员尝试打开index.php,我希望将其重定向到index.php

indexp.php 

<?php 
 if(isset($_SESSION['access']) != 'admin'){
  header('location:index.php');
 }
if(isset($_SESSION['username']) && isset($_SESSION['kelass'])){
    $user = $_SESSION['username'];     
    $kelas = $_SESSION['kelass']; 
    $query = mysqli_query($con,"SELECT * FROM piket WHERE 
kelas = '$kelas' ORDER BY tgl_piket DESC");

}else {
header('location:login.php');
}
?>

index.php 

if(isset($_SESSION['access']) != 'user'){
    header('location:indexp.php');
  }

if(isset($_SESSION['username']) && isset($_SESSION['kelass'])){
    $user = $_SESSION['username'];
    $kelas = $_SESSION['kelass'];
    if (date('D')=='Mon') {
      $query = mysqli_query($con,"SELECT * FROM siswa where hari='senin' and kelas='$kelas' ORDER BY no ASC");
      $haridb="senin";
    }

    elseif (date('D')=='Tue') {
      $query = mysqli_query($con,"SELECT * FROM siswa where hari='selasa' and kelas='$kelas' ORDER BY no ASC");
      $haridb="selasa";
    }

    elseif (date('D')=='Wed') {
      $query = mysqli_query($con,"SELECT * FROM siswa where hari='rabu' and kelas='$kelas' ORDER BY no ASC");
      $haridb="rabu";
    }

    elseif (date('D')=='Thu') {
      $query = mysqli_query($con,"SELECT * FROM siswa where hari='kamis' and kelas='$kelas' ORDER BY no ASC");
      $haridb="kamis";
    }

    elseif (date('D')=='Fri') {
      $query = mysqli_query($con,"SELECT * FROM siswa where hari='jumat' and kelas='$kelas' ORDER BY no ASC");
      $haridb="jumat";
    }


    }else {
      header('location:login.php');
    }

loginproc.php 

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $query = mysqli_query($con, "SELECT * FROM users WHERE username = '$username' and password = '$password'");
    $gettype = mysqli_fetch_assoc($query);

    echo $gettype['access'];
    $check = mysqli_num_rows($query);

    if ($check > 0) {
        if($gettype['access']=='user'){
            $_SESSION['access'] = 'user';
            $_SESSION['username'] = $gettype['username'];
            header('location:index.php');


        }
        else if ($gettype['access']=='admin') {
            $_SESSION['access']== 'admin';
            $_SESSION['username'] = $gettype['username'];
            $_SESSION['admin'] = 1;
            header('location:indexp.php');


        }
     }
    }

该代码无法使用

如果我用admin登录,它说localhost将您重定向了太多次 如果我用用户登录,我仍然可以访问indexp.php

预先感谢

1 个答案:

答案 0 :(得分:1)

  

isset($ _ SESSION ['access'])!='admin'

此行将始终为true,因为isset()返回一个布尔值

它将被解释为:

false != 'admin'true != 'admin',在文学上:假与“ admin”一词有区别吗?与“管理员”一词真的不同吗?在两种情况下都是: true

您应该这样比较:

if(isset($_SESSION['access']) && $_SESSION['access'] != 'admin')
{
//other codes...
}

index.php 内,检查这种方式:

if(isset($_SESSION['access']) && $_SESSION['access']!= 'user'){
    header('location:indexp.php');
  }

祝你好运

相关问题
最新问题