再次美好的一天。我试图用不同的用户创建一个系统。客户,实验室助理,人员和管理员。我想要的是我想限制用户访问他们不属于的页面。 E.g(客户访问管理页面)。
以下是我尝试过每个页面的代码,但仍然可以访问每个页面。
session_start();
if($_SESSION['Classification'] == 'Client') {
header('Client-home.php');
} else if($_SESSION['Classification'] == 'Computer Laboratory Assistant') {
header('la-home.php');
}else if($_SESSION['Classification'] == 'Personnel') {
header('personnel-home.php');
}else {
header('admin.php'); }
非常感谢任何帮助。
<?php
session_start();
include("connect.php");
include("function.php");
$username = $_POST['username'];
$password = $_POST['password'];
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$idUser = $_SESSION['idUser'];
//$username = stripslashes($username);
//$password = stripslashes($password);
//$username = mysql_real_escape_string($username);
//$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM tbl_user WHERE username = '$username' and password = '$password'";
$SelQuery = $executeQuery = mysql_query($sql) or die(mysql_error());
$row_User = mysql_fetch_assoc($SelQuery);
$_SESSION['idUser'] = $row_User['idUser'];
$_SESSION['lName'] = $row_User['lName'];
$_SESSION['fName'] = $row_User['fName'];
if($row_User['Classification'] == 'Client'){
header("Location: client-home.php");
}elseif($row_User['Classification'] == 'Personnel'){
header("Location: personnel-home.php ");
}elseif($row_User['Classification'] == 'Administrator'){
header("Location: admin.php");
}else{
header("Location: login_error.php");
}
&GT;
这是我的登录页面。我想这会导致冲突
答案 0 :(得分:1)
在您的Client-home.php和其他文件上,您需要实现相同的...
Client-home.php
session_start();
if($_SESSION['Classification'] != 'Client')
{
header("Location : Noaccess.php");
exit;
}