管理员权限无效

时间:2012-12-04 11:52:36

标签: php mysql phpmyadmin

我有这个代码,它必须过滤管理员的权限,我甚至做了一个双重检查。 但它似乎没有用。

代码:

<?php
    include("db.php");
    $result=mysql_query("SELECT * FROM members where admin='true' AND admincheck='1'");
    while($test = mysql_fetch_array($result)) {
        echo"<li><a href='archief.php'><span>archief</span></a></li>";
    }
    mysql_close($conn);
?>

数据库:

CREATE TABLE `members` (
`member_id` int(11) unsigned NOT NULL,
`admin` varchar(5) NOT NULL default 'false',
`admincheck` int(1) NOT NULL default '0',
`firstname` varchar(100) default NULL,
`lastname` varchar(100) default NULL,
`mail` varchar(150) NOT NULL,
`login` varchar(100) NOT NULL default '',
`passwd` varchar(32) NOT NULL default '',
PRIMARY KEY  (`member_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1;


INSERT INTO `members` (`member_id`, `admin`, `admincheck`, `firstname`, `lastname`,   `mail`, `login`, `passwd`) VALUES 
(607, 'true', 1, '---', '----', '---', '---', '---'),

1 个答案:

答案 0 :(得分:1)

您需要将当前登录的成员ID放入查询中,因此假设您将登录用户存储在会话中:

$member_id = (int)$_SESSION['member_id'];
$result=mysql_query("SELECT * FROM members where member_id = '$member_id' AND admin='true' AND admincheck='1' LIMIT 1");

if($result && mysql_num_rows($result) == 1)
{
    // user is an admin, show secret links
    echo "<li><a href='archief.php'><span>archief</span></a></li>";
}