我是php和sql的新手 我有两个用户角色,一个是admin,另一个是订阅者,我想阻止订阅者更新订阅admin的用户角色。其他是如何允许他们更改密码,如果我从配置文件更改密码,则无法使用更改后的密码再次登录 代码是从“ https://github.com/mindaras/PHP-custom-CMS-for-simple-blog”下载的
<?php
if (isset($_SESSION['username'])) {
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM users WHERE user_id = '{$user_id}'";
$result = mysqli_query($connection, $query);
if (!$result) {
die(mysqli_error($connection));
}
$row = mysqli_fetch_assoc($result);
$username = $row['username'];
$user_firstname = $row['user_firstname'];
$user_lastname = $row['user_lastname'];
$user_role = $row['user_role'];
$user_password = $row['user_password'];
$user_email = $row['user_email'];
$user_image = $row['user_image'];
}
?>
<?php
if (isset($_POST['update_profile'])) {
$user_id = $_SESSION['user_id'];
$username = $_POST['username'];
$user_firstname = $_POST['user_firstname'];
$user_lastname = $_POST['user_lastname'];
$user_role = $_POST['user_role'];
$user_password = $_POST['user_password'];
$user_email = $_POST['user_email'];
$user_image = $_FILES['image']['name'];
$user_image_temp = $_FILES['image']['tmp_name'];
move_uploaded_file($user_image_temp, "../images/{$user_image}");
$query = "UPDATE `users` SET ";
$query .="username = '{$username}', ";
$query .="user_firstname = '{$user_firstname}', ";
$query .="user_lastname = '{$user_lastname}', ";
$query .="user_role = '{$user_role}', ";
$query .="user_password = '{$user_password}', ";
$query .="user_email = '{$user_email}', ";
$query .="user_image = '{$user_image}' ";
$query .="WHERE user_id = {$user_id}";
$result = mysqli_query($connection, $query);
if (!$result) {
die(mysqli_error($connection));
}
}
?>