Login3.php
include 'init.php';
include 'functions.php';
$username = $_POST['Username'];
$password = $_POST['Password'];
$username = clean_string($username);
$password = clean_string($password);
$error_check = array();
if (empty($username)) {
$error_check[] = 'Please enter a username';
}
if (empty($password)) {
$error_check[] = 'Please enter a password';
}
if (empty($error_check)) {
$query = "SELECT * FROM Users WHERE Username='$username' AND Password='$password' ";
$result = mysqli_query($connection, $query);
if ($row = mysqli_fetch_assoc($result)) {
$_SESSION['user'] = $username;
$_SESSION['UserID'] = $row['UserID'];
if ($row['UserID'] == 1) {
header('Location:admin.php');
} else {
header('location:login.php');
}
} else {
$error_check[] = 'Please enter correct details';
$_SESSION['errors'] = $error_check;
header('location:login.php');
}
} else {
$_SESSION['errors'] = $error_check;
header('location:login.php');
}
?>
admin.php的
<?php
ob_start();
include 'connected.php';
var_dump($_SESSION);
if (isset($_SESSION['UserID']) && $_SESSION['UserID'] == 1){
echo "Welcome. Accessed";
} else {
header('location:login.php');
//exit();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>My first Web page</title>
<meta charset="utf-8" />
<link href="css/bootstrap.css" rel="stylesheet" type="text/css" />
<link href="css/final_index.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container">
<div class="header">
<div class="span1"> </div>
<header>
<img id="banner" src="images/safc.banner.PNG" alt="banner">
</header>
</div>
<div class="banner1">
</div>
</br>
<div class="navbar">
<div class="navbar-inner">
<a class="brand" href="#">Sunderland</a>
<ul class="nav">
<li class="active">
<a href="final_index.php">Home</a>
</li>
<li>
<a href="shop.php">Shop</a>
</li>
<li>
<a href="login.php">Login</a>
</li>
<li>
<a href="reg.php">Register</a>
</li>
<li>
<a href="protect.php">Protected Page</a>
</li>
<li>
<a href="admin.php">Admin</a>
</li>
</ul>
</div>
</div>
<div class="login1">
<div id="login1"
<div class="grid20">
<h2>Admin</h2>
<h4>Edit Users Details</h4>
<form method="post" action="">
<lable for ="Username" > Username: </lable> </br>
<input type="text" name="Username" value=''/> </br>
<lable for ="Password" > Password: </lable> </br>
<input type="password" name="Password" /> </br>
<lable for ="Email" > Email: </lable> </br>
<input type="email" name="Email" /> </br>
<input type="submit" name="submit" value="submit" />
<input type="reset" value="clear" />
</form>
<h4>Add User </h4>
<form method="post" action="">
<lable for ="Username" > Username: </lable> </br>
<input type="text" name="Username" value=''/> </br>
<lable for ="Password" > Password: </lable> </br>
<input type="password" name="Password" /> </br>
<lable for ="Email" > Email: </lable> </br>
<input type="email" name="Email" /> </br>
<input type="submit" name="submit" value="submit" />
<input type="reset" value="clear" />
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
此代码应该检查用户是否为管理员或一般用户,因为管理员将带您进入管理页面,如果不是管理员将带您进入用户帐户页面,当我以管理员身份登录时,它始终需要我用户帐户不是管理员页面
答案 0 :(得分:3)
在您的代码中设置:
$_SESSION['User_ID']
但是,你正在检查:
$_SESSION['UserID']
答案 1 :(得分:0)
您似乎正在使用 $ _ SESSION ['User_ID'] 设置用户ID会话变量,然后在没有下划线的管理员屏幕上对其进行测试。