检查用户的权限

时间:2013-10-26 19:47:20

标签: php

我正在尝试制作权限页面,您将检查用户是否具有完全访问权限,而不是某个选项允许此人。我有名为用户的表格,我有5列名称user_idusername,{ {1}},passwordemail 现在,我正在展示我所做的一切。

permissions.php 

permission

例如第一行的mysql结果:<?php include('db.php'); $result=mysql_query("SELECT permission,user_id FROM users"); while($test = mysql_fetch_array($result)) { $test['user_id']; $test['permission']; } ?> $test['user_id'] = 1

会话结果:$test['permission'] = full

那么我如何检查这个用户ID是否具有完全权限而不是一些人的想法。

我是php的新手,对不起我的不好解释。

3 个答案:

答案 0 :(得分:0)

如果用户拥有完全权限,则存储会话完全权限

 while($test = mysql_fetch_array($result))
 {                    
    $_SESSION['permission'] = $test['permission'];
  }

检查用户是否拥有完全权限

   if($_SESSION['permission'] == full){
    //do shomething
    }

答案 1 :(得分:0)

<?php
  include('db.php'); // though you should look in to "PDO"

  // default permission--disallowed
  $allowed = false;

  // get the permission for the current user (based on the username within
  // your session variable). also make sure to sanitize anything that's being
  // placed within a query to the database.
  $query = sprintf("SELECT permission "
                  ."FROM users "
                  ."WHERE username = '%s'",
                  mysql_real_escape_string($_SESSION['user_name']));
  $result = mysql_query($query);
  while (($test = mysql_fetch_array($result)) !== false){
    // we found the username, now check their access
    $allowed = $test['permission'] == 'full';
  }

  // if ($allowed){
  //   super secret area
  // } else {
  //   get out of here
  // }

答案 2 :(得分:0)

<?php
    include('db.php');
    $result = mysql_query("SELECT permission,user_id  FROM users WHERE username = '$_SESSION[user_name]'");
    if(mysql_num_rows($result)){
        $data = mysql_fetch_row($result); // fetch first row of result, we don't need a loop, as username should be unique
        $permission = $data['permision'];
        $user_id = $data['user_id'];
    }else{
        echo "Username not found.";
    }
?>
相关问题
最新问题