我在我的主页上创建了一个登录页面,允许用户登录,然后将其重定向到用户页面。但是,我试图仅为管理员显示不同的页面?这是我登录的代码
shoeshomepage.php
// Check if we have already created a authenticated session
?><!doctype html>
<html lang="en">
<head>
<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<title>Sassy Shoes Homepage</title>
<link rel="stylesheet" href="gumby/css/gumby.css">
<link rel="stylesheet" href="custom.css">
</head>
<body>
<header>
<p><IMG class="displayed" src="heels.png" alt="Logo">
<div id="nav">
<ul>
<li><a href="shoeshomepage.php">HOME</a></li>
<li><a href="womens.php">HERS</a>
<li><a href="mens.php">HIS</a>
<li><a href="kids.html">KIDS</a>
<li><a href="contact_us.html">CONTACT US</a></li>
</ul>
</li>
<br class="clearboth"/>
</div>
<?php
if (isset($_SESSION["authenticatedUserEmail"])) {
echo "<br /><div id=\"container\"><div id=\"sidebar\"><h3><font color=red>".$_SESSION["message"] = "You are already logged in as ". $_SESSION['authenticatedUserEmail']."</font><br /><a href=\"loginadmin.php\">Edit Account |</a><a href=\"logout.php\"> Logout</a></h3></div></div>"; //Output any the error message
}else{
?><div id="container"><h3>
<div id="sidebar1">
<br />
<form action="loginaction.php" method="post">
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Log In" />
<a href="forgot.php">Forgot Password? |</a>
<a href="register.php">Register </a> <br />
<?php
echo "<h3><font color=red>".$_SESSION['message']."</font></h3>"; //Output any the error message -
?>
</form>
<?php
}
?>
loginaction.php
这是我的loginaction.php
<?php
session_start();
include_once ("connection.php");
// Get the data collected from the user
$email = trim($_POST["email"]);
$password = trim($_POST["password"]);
//Check for errors
if (empty($email) or empty($password)) {
$_SESSION["message"] = "Must enter Email and Password ";
header("Location: shoeshomepage.php"); //Redirection information
exit ;//Ends the script
}
$email = strip_tags($email);
$password = strip_tags($password);
//Create and run a query with the given details
$query = "SELECT * FROM users WHERE Email= '$email' AND Password = '$password' ";
$result = mysqli_query($connection,$query) or exit("Error in query: $query. " . mysqli_error());
// see if any rows were returned
if ($row = mysqli_fetch_assoc($result)) {//Then we have a successful login
//Create a session variable to store the user name.
$_SESSION["authenticatedUserEmail"] = $email;
//We could also use information drawn from the database eg ID
$_SESSION['id'] = $row['id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['username'] = $row['username'];
//This could be used later to get more information
// Relocate to the logged-in page
header("Location: loginadmin.php");
} else {//Login was unsuccesful
$_SESSION["message"] = "Could not login as $email";
header("Location: shoeshomepage.php");//Go back to the login pages
} //End else
?>
loginadmin.php
这是我的用户页面(不一定称为loginadmin.php)
// Check if we have established an authenticated
if (!isset($_SESSION["authenticatedUserEmail"])) {
$_SESSION["message"] = "You must be logged in to see this user page. Please Login";
header("Location: shoeshomepage.php");
//Go back and login
}
//If this page hasn't been redirected (we are allowed in) then we can display
?>
<!doctype html>
<html lang="en">
<head>
<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<title>Sassy Shoes Homepage</title>
<link rel="stylesheet" href="gumby/css/gumby.css">
<link rel="stylesheet" href="custom.css">
</head>
<body>
<header>
<p><IMG class="displayed" src="heels.png" alt="Logo">
<div id="nav">
<ul>
<li><a href="shoeshomepage.php">HOME</a></li>
<li><a href="women_shoes.php">HERS</a>
<li><a href="mens.php">HIS</a>
<li><a href="kids.html">KIDS</a>
<li><a href="contact_us.html">CONTACT US</a></li>
</ul>
</li>
<br class="clearboth"/>
</div>
<div id="container"><h3>
<div id="sidebar1" width="40%">
<?php
echo "Welcome to your profile, " . $_SESSION['username'] . ".";?>
<br />
<a href="logout.php">Logout</a></p>
</div></h3>
<br />
<h1>Your details</h1>
<br />
<table border= "3" style="width:60%; margin:auto">
<tr>
<td>Username</td>
<td><?php echo $_SESSION['username'] . "</p>";?></td>
</tr>
<tr>
<td>First Name</td>
<td><?php echo $_SESSION['first_name'] . "</p>";?></td>
</tr>
<tr>
<td>Last Name</td>
<td><?php echo $_SESSION['last_name'] . "</p>";?></td>
</tr>
<tr>
<td>Email Address</td>
<td><?php echo $_SESSION["authenticatedUserEmail"] . "</p>";?></td>
</tr>
</table>
</div>
<hr />
</body>
</html>
答案 0 :(得分:1)
您可以在数据库中存储用户类型,例如普通用户,管理员用户等
成功匹配电子邮件和密码后,请获取type of user
,如果是管理员,则使用header("Location: [page for admin].php");
将其重定向到管理页面
修改强>
在数据库中添加名为user_type
的列。为管理员用户添加0
,为普通用户添加1
。
在php
脚本中,您可以添加以下行:
$user_type = $row['user_type'];
后
$_SESSION['id'] = $row['id'];
获取所有会话变量后,您可以执行
if($user_type == 0)
header("Location: adminpage.php");
else
header("Location: adminpage.php");
答案 1 :(得分:0)
您必须将用户类型存储在数据库中,而不是使用if语句来显示正确的页面。像这样的东西:
$_SESSION['id'] = $row['id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['username'] = $row['username'];
$_SESSION['usertype'] = $row['usertype'];
if ($_SESSION['usertype'] == 'admin'){
header("Location: adminpage.php");
} else {
header("Location: loginadmin.php");
}
始终验证您网页中的$_SESSION['usertype']
,以确保没有常规用户可以访问管理页面。