首先,我搜索了一个与我的问题相同的问题,遗憾的是我无法理解答案。它说使用Auth等... bla bla bla。到目前为止我只知道基础知识。
所以这是我的问题:如何检查当前登录的用户及其角色?
我认为我可以这么容易地做到,实际上我做了,但我正在建设的网站的用户应该只有一个。大声笑。我有两列名为session和membership。无论如何,我的代码写在下面(这绝对是错误的,我只是在凌晨2点才意识到这一点。如果该方的用户只有一个,它将100%工作。
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
header("Location: http://localhost/se/");
}
//if(!empty($_SESSION['user']) )
else
{
//This following codes are for checking the session in DB
$query = "
SELECT
id,
password,
emailAddress,
membership
FROM memberlist
WHERE
session = :var_val
";
// The parameter values
$query_params = array(
':var_val' => 'True'
);
try
{
// Execute the query against the database
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ( $row['membership'] == 'Officer' || $row['membership'] == 'Member' )
{
header("Location: http://localhost/memberdir/index.php");
}
}
如果用户的成员资格== 1,则转到管理目录。 否则转到会员目录。
请帮助:(
答案 0 :(得分:0)
当用户登录成功时,您可以这样做:
if(login success)
{
$_SESSION['user']=array('id'=>$id,
'emailAddress'=>$emailAddress,
'membership'=>$membership);//the three values are selected from database when login in
}else
{
// do some thing
}
然后当您检查用户时,您可以使用:
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
header("Location: http://localhost/se/");
}else
{
//get user info from session
}
答案 1 :(得分:0)
开始用户会话:
session_start();
要向该会话添加参数:
$_SESSION['parameter'] = $parameter;
获取该参数:
$getParameter = $_SESSION['parameter'];
因此,请确保在页面输出之前放置session_start();
(在打印任何内容之前):
if ( $row['membership'] == 'Officer' || $row['membership'] == 'Member' )
{
session_start();
$_SESSION['membership'] = $row['membership'];
include('memberdir/index.php');
//or header("Location: http://localhost/memberdir/index.php");
}
因此,在您的成员文件中,您显示特定用户(或只有一个用户,没有区别),您检查会话参数是否存在以及如何处理它:
if (isset($_SESSION['membership'])) {
//membership parameter is set
if($_SESSION['membership'] == 'Officer') {
echo "Hey, your membership is Officer, here is your page";
} else if ($_SESSION['membership'] == 'Member') {
echo "Hey your membership is Member, here is your page";
}
}
这可以帮助您理解基础知识,并且可以从那里开始。