我将用户权限存储在与用户信息相同的表中,以便三个权限级别有三个布尔条目。登录后,来自该用户行的数据将使用以下代码插入到会话变量中:
private function loginWithPostData($user_name, $user_password, $user_rememberme)
{
if (empty($user_name)) {
$this->errors[] = MESSAGE_USERNAME_EMPTY;
} else if (empty($user_password)) {
$this->errors[] = MESSAGE_PASSWORD_EMPTY;
// if POST data (from login form) contains non-empty user_name and non-empty user_password
} else {
// user can login with his username or his email address.
// if user has not typed a valid email address, we try to identify him with his user_name
if (!filter_var($user_name, FILTER_VALIDATE_EMAIL)) {
// database query, getting all the info of the selected user
$result_row = $this->getUserData(trim($user_name));
// if user has typed a valid email address, we try to identify him with his user_email
} else if ($this->databaseConnection()) {
// database query, getting all the info of the selected user
$query_user = $this->db_connection->prepare('SELECT * FROM users WHERE user_email = :user_email');
$query_user->bindValue(':user_email', trim($user_name), PDO::PARAM_STR);
$query_user->execute();
// get result row (as an object)
$result_row = $query_user->fetchObject();
}
// if this user not exists
if (! isset($result_row->user_id)) {
// was MESSAGE_USER_DOES_NOT_EXIST before, but has changed to MESSAGE_LOGIN_FAILED
// to prevent potential attackers showing if the user exists
$this->errors[] = MESSAGE_LOGIN_FAILED;
} else if (($result_row->user_failed_logins >= 3) && ($result_row->user_last_failed_login > (time() - 30))) {
$this->errors[] = MESSAGE_PASSWORD_WRONG_3_TIMES;
// using PHP 5.5's password_verify() function to check if the provided passwords fits to the hash of that user's password
} else if (! password_verify($user_password, $result_row->user_password_hash)) {
// increment the failed login counter for that user
$sth = $this->db_connection->prepare('UPDATE users '
. 'SET user_failed_logins = user_failed_logins+1, user_last_failed_login = :user_last_failed_login '
. 'WHERE user_name = :user_name OR user_email = :user_name');
$sth->execute(array(':user_name' => $user_name, ':user_last_failed_login' => time()));
$this->errors[] = MESSAGE_PASSWORD_WRONG;
// has the user activated their account with the verification email
} else if ($result_row->user_active != 1) {
$this->errors[] = MESSAGE_ACCOUNT_NOT_ACTIVATED;
} else {
// write user data into PHP SESSION [a file on your server]
$_SESSION['user_id'] = $result_row->user_id;
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_logged_in'] = 1;
$_SESSION['user_first_name'] = $result_row->user_first_name;
$_SESSION['user_last_name'] = $result_row->user_last_name;
$_SESSION['user_address_line_1'] = $result_row->user_address_line_1;
$_SESSION['permission_1'] = $result_row->permission_1;
$_SESSION['permission_2'] = $result_row->permission_2;
$_SESSION['permission_3'] = $result_row->permission_3;
// declare user id, set the login status to true
$this->user_id = $result_row->user_id;
$this->user_name = $result_row->user_name;
$this->user_email = $result_row->user_email;
$this->user_is_logged_in = true;
现在,当我使用PHP告诉我哪一列有1时,我得到的数据不正确,但对所有其他数据(名字,电子邮件地址等)使用相同的方法效果很好。这就是代码我用它:
if($_SESSION['permission_1'] = 1){
echo "ADMIN";
} else {
if($_SESSION['permission_2'] = 1){
echo "MANAGEMENT COMPANY";
} else {
if($_SESSION['permission_3'] = 1){
echo "USER";
} else {
echo "You do not currently have any permissions. Please wait for a member of the management team to verify you.";
}
}
}
我做了什么才能使布尔值在会话结束时不被销毁或报告不准确?
答案 0 :(得分:2)
我认为您错过了=尝试在所有if()中更改它:
$_SESSION['permission_3'] == 1
=分配一个值,==检查它(同时===检查比较中的类型是否相同)