管理员登录时显示不同的页面

时间:2014-12-17 14:49:58

标签: php session login login-script

我在我的主页上创建了一个登录页面,允许用户登录,然后将其重定向到用户页面。但是,我试图仅为管理员显示不同的页面?这是我登录的代码

shoeshomepage.php 

// Check if we have already created a authenticated session 

?><!doctype html>
<html lang="en">
<head>
<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<title>Sassy Shoes Homepage</title>
<link rel="stylesheet" href="gumby/css/gumby.css">
<link rel="stylesheet" href="custom.css">
</head>
<body>
<header>
<p><IMG class="displayed" src="heels.png" alt="Logo">

<div id="nav">
<ul>
<li><a href="shoeshomepage.php">HOME</a></li>
<li><a href="womens.php">HERS</a>
<li><a href="mens.php">HIS</a>
<li><a href="kids.html">KIDS</a>
<li><a href="contact_us.html">CONTACT US</a></li>
</ul>
</li>
<br class="clearboth"/> 
</div>

<?php
if (isset($_SESSION["authenticatedUserEmail"])) { 

echo "<br /><div id=\"container\"><div id=\"sidebar\"><h3><font color=red>".$_SESSION["message"]           = "You are already logged in as ". $_SESSION['authenticatedUserEmail']."</font><br /><a     href=\"loginadmin.php\">Edit Account |</a><a href=\"logout.php\">  Logout</a></h3></div></div>"; //Output any the error message

}else{

?><div id="container"><h3>
<div id="sidebar1">


<br />

<form action="loginaction.php" method="post">
Email:  &nbsp; &nbsp; &nbsp; &nbsp;<input type="text" name="email" /><br />
Password: <input type="password" name="password" /><br />

<input type="submit" name="submit" value="Log In" />
<a href="forgot.php">Forgot Password? |</a>
<a href="register.php">Register </a> <br />
<?php 

echo "<h3><font color=red>".$_SESSION['message']."</font></h3>"; //Output any the error message - 
?>

</form>
<?php
}
?>

loginaction.php这是我的loginaction.php 

<?php 
session_start();

include_once ("connection.php");

// Get the data collected from the user

$email = trim($_POST["email"]);

$password = trim($_POST["password"]);


//Check for errors

if (empty($email) or empty($password)) {

$_SESSION["message"] = "Must enter Email and Password ";

header("Location: shoeshomepage.php");  //Redirection information

exit ;//Ends the script

}

$email = strip_tags($email);

$password = strip_tags($password);


//Create and run a query with the given details

$query = "SELECT * FROM users WHERE Email= '$email' AND  Password = '$password' ";

$result = mysqli_query($connection,$query) or exit("Error in query: $query. " . mysqli_error());


// see if any rows were returned

if ($row = mysqli_fetch_assoc($result)) {//Then we have a successful login

//Create a session variable to store the user name.

$_SESSION["authenticatedUserEmail"] = $email;

//We could also use information drawn from the database eg ID

$_SESSION['id'] = $row['id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['username'] = $row['username'];
//This could be used later to get more information

// Relocate to the logged-in page

header("Location: loginadmin.php");

} else {//Login was unsuccesful

$_SESSION["message"] = "Could not login as $email";

header("Location: shoeshomepage.php");//Go back to the login pages

} //End else
?>

loginadmin.php这是我的用户页面(不一定称为loginadmin.php)      

// Check if we have established an authenticated

if (!isset($_SESSION["authenticatedUserEmail"])) {

$_SESSION["message"] = "You must be logged in to see this user page. Please Login";

header("Location: shoeshomepage.php");

//Go back and login

}

//If this page hasn't been redirected (we are allowed in) then we can display

?> 

<!doctype html>
<html lang="en">
<head>
<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<title>Sassy Shoes Homepage</title>
<link rel="stylesheet" href="gumby/css/gumby.css">
<link rel="stylesheet" href="custom.css">
</head>
<body>
<header>
<p><IMG class="displayed" src="heels.png" alt="Logo">

<div id="nav">
<ul>
<li><a href="shoeshomepage.php">HOME</a></li>
<li><a href="women_shoes.php">HERS</a>

<li><a href="mens.php">HIS</a>
<li><a href="kids.html">KIDS</a> 
<li><a href="contact_us.html">CONTACT US</a></li>
                    </ul>
                </li>
<br class="clearboth"/>
</div>


<div id="container"><h3>
<div id="sidebar1" width="40%">&nbsp;
&nbsp;
<?php
echo "Welcome to your profile,  " . $_SESSION['username'] . ".";?>&nbsp;&nbsp;
<br />
&nbsp;&nbsp;&nbsp;
<a href="logout.php">Logout</a></p> 

</div></h3>
<br />
<h1>Your details</h1> 
<br />
<table border= "3" style="width:60%; margin:auto">
<tr>
<td>Username</td>
<td><?php echo $_SESSION['username'] . "</p>";?></td>       
</tr>
<tr>
<td>First Name</td>
<td><?php echo $_SESSION['first_name'] . "</p>";?></td>
</tr>
<tr>
<td>Last Name</td>
<td><?php echo $_SESSION['last_name'] . "</p>";?></td>
</tr>
<tr>
<td>Email Address</td>
<td><?php echo $_SESSION["authenticatedUserEmail"] . "</p>";?></td>
</tr>
</table>


</div>
<hr />
</body>

</html>

2 个答案:

答案 0 :(得分:1)

您可以在数据库中存储用户类型,例如普通用户,管理员用户等 成功匹配电子邮件和密码后,请获取type of user,如果是管理员,则使用header("Location: [page for admin].php");将其重定向到管理页面

修改

在数据库中添加名为user_type的列。为管理员用户添加0,为普通用户添加1。 在php脚本中,您可以添加以下行:

$user_type = $row['user_type'];

$_SESSION['id'] = $row['id'];

获取所有会话变量后,您可以执行

if($user_type == 0)
  header("Location: adminpage.php");

else
  header("Location: adminpage.php");

答案 1 :(得分:0)

您必须将用户类型存储在数据库中,而不是使用if语句来显示正确的页面。像这样的东西:

$_SESSION['id'] = $row['id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['username'] = $row['username'];
$_SESSION['usertype'] = $row['usertype'];

if ($_SESSION['usertype'] == 'admin'){
    header("Location: adminpage.php");
} else {
    header("Location: loginadmin.php");
}

始终验证您网页中的$_SESSION['usertype'],以确保没有常规用户可以访问管理页面。

相关问题
最新问题