我正在尝试编写一个简单的脚本, 我创建了一个"管理面板" ,所以如果用户是admin(admin = 1),那么他可以通过并查看链接/文件 如果他不是(admin = 0)那么他应该被重定向到登录页面,如果不是会话['用户名']他应该回到登录页面, 但似乎我有这个代码的问题,在用户面板中它可以工作,但在管理面板中它没有
<?php
include './includes/db.php';
session_start();
// ADMIN CHECk
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND admin=1");
$count = mysql_num_rows($result);
if($count != 1) // make sure user is a admin
{
session_start();
session_destroy();
header("location: login.php");
die;
}
if(isset($_GET['act']))
{
if($_GET['act'] == "logout")
{
session_start();
session_destroy();
header("location: login.php");
}
}
?>
答案 0 :(得分:0)
好的,我首先看到的是你没有先声明会话。其次,不推荐使用mysql函数,mysqli会做你需要做的事情。此修复程序应该适合您。还有一个logout.php会更容易。
db.php中
<?php
$db = new mysqli(host, user, pass, database);
?>
然后,在您的页面中,您可以像这样运行查询:
<?php
session_start();
include './includes/db.php';
//check that the session exists
if(!isset($_SESSION['username'])
{
//the session does not exist, redirect
header("location: login.php");
}
// ADMIN CHECk
$username = $db->real_escape_string($_SESSION['username']);
$result = $db->query("SELECT * FROM users WHERE username='$username' AND admin='1'");
$count = $result->num_rows;
if($count != 1) // make sure user is a admin
{
header("location: login.php");
}
?>
然后在logout.php中,你应该记得实际取消设置会话变量
<?php
session_start();
//unset session variables
unset($_SESSION['username']);
session_destroy();
header("location: login.php");
?>