Codeigniter - 仅允许特定用户编辑/删除帖子

时间:2014-12-18 07:43:57

标签: php mysql codeigniter

我试图这样做,只有帖子的作者可以编辑并从列表中删除它。

这是我的视图

<?php if (($this->session->userdata('logged_in')==TRUE)) { ?>
                <a href="<?php echo site_url("edit/$data[id_post]")?>" type="button">edit</a>
                <a href="<?php echo site_url("delete/$data[id_post]")?>" type="button">delete</a>
                <?php } ?>

上面的代码确保只有登录的用户才能真正编辑帖子,但是他们可以编辑所有帖子,而不仅仅是他们自己的帖子。在我的/ create中我创建了一个隐藏字段,以便我的帖子与作者的id一起保存,这样关系就可以了。不过我的问题是,如何确保作者只能编辑自己的帖子?

谢谢!

更新

这是控制器 

public function index()
{
    if (($this->session->userdata('id')!=NULL)) 
    {       
    $data['view'] = $this->home_model->list_data();
    $created_by_sql = $this->db->query('SELECT id FROM user JOIN post ON user.id=post.id_user');
    if ($created_by_sql->num_rows() > 0)
    {
      foreach ($created_by_sql ->result() as $row)
      {
         $user_id = $row->id;
      }
    }
    $data["user_id"] = $user_id;
    $this->load->view('home_table',$data);

这是模型 

public function list_data()
{   
    $this->db->select('*');
    $this->db->from('post as p');
    $this->db->join('user as u', 'p.id_user = u.id');
    $this->db->order_by("p.id_post", "desc");
    $query = $this->db->get(); 
    return $query->result_array();
}

这是我的查看 

<?php foreach($view as $data): ?>
<?php if (!empty($data['source'])) { ?>
     <div class="sumber">anda<?php echo $data['source'];?></div>
<?php } ?>
<?php if ($this->session->userdata('logged_in')==TRUE AND $user_id == $this->session->userdata('id')) { ?>
    <a href="<?php echo site_url("edit/$data[id_post]")?>" type="button">edit</a>
    <a href="<?php echo site_url("delete/$data[id_post]")?>" type="button">delete</a>
    <?php } else { echo 'id user not same with iduser_Login';} ?>`
<?php endforeach; ?>

2 个答案:

答案 0 :(得分:0)

首先,您应该将user的id放入会话中,并且您应该在第一个if子句中插入一个if子句,并检查文章的authorid是否等于会话中用户的id。

- 更新 -

根据上述评论,您应该:

控制器内部:

$created_by_sql = $this->db->query('SELECT id FROM user JOIN post ON user.id=post.id_user');
if ($created_by_sql->num_rows() > 0)
{
  foreach ($created_by_sql ->result() as $row)
  {
     $user_id = $row->id;
  }
}

$data["user_id"] = $user_id;

$this->load->view('home_table',$data);

在视图中:

if($user_id == $this->session->userdata('id'))
{
  //delete button
}

- 更新2 -

我们必须重组逻辑。首先,在控制器中:

//get the posts:
$posts = array();
$sql = $this->db->query("select id AS post_id, title as post_title, id_user as user_id from post"); //please edit query to fit your needs
foreach($sql->result() as $row)
{
  $posts[] = $row; //now, each post row carries user_id of its author.
}

//send data to view:
$data["posts"] = $posts;
$data["current_user_id"] = $this->session->userdata('id');


//load view
$this->load->view('home_table',$data);

在视图中,我们应该打印帖子如下:

<?php 
for($i = 0; $i < count($posts); $i++)
{ 
    echo $posts[$i]["post_title"]; echo " | ";

    //compare 
    if($post[$i]["user_id"] == $current_user_id)
    {
        echo "CAN DELETE";
    }
    echo "<br />";
}
?>

答案 1 :(得分:0)

希望它会有所帮助:)

<强>控制器: 

//DELETE
function delete($item, $user)
{
    $data['baseurl'] = $this->config->item('base_url');
    $logged_in = $this->session->userdata('logged_in');
    $logged_user = $this->session->userdata('logged_user');
    $user= $this->uri->segment(4);
    $item= $this->uri->segment(3);
    if (($logged_in == TRUE) && ($logged_user == $user)) {
        $data['user'] = $user;
        $data['item'] = $item;
        $result = $this->Model->delete($data);
        if(isset($result)) {
            $success_msg = "Deleted";
            $this->session->set_flashdata('success_msg', $success_msg);
        }
        redirect('admin/list');
    }
    else {
        redirect ('login');
    }
}
//EDIT
function edit($item, $user)
{
    $data['baseurl'] = $this->config->item('base_url');
    $logged_in = $this->session->userdata('logged_in');
    $logged_user = $this->session->userdata('logged_user');  
    $user= $this->uri->segment(4);
    $item= $this->uri->segment(3);      
    if (($logged_in == TRUE) && ($logged_user == $user)) {
        $data['info'] = $this->input->post('info');
        $data['user'] = $user;
        $data['item'] = $item;
        $update = $this->Model->edit($data);
        redirect ('admin/list);
    }
    else {
        redirect ('login');
    }
}

<强>型号: 

//DELETE
function delete($data)
{
    $sql = 'DELETE * FROM info WHERE user_id = '.$data['user'].' AND id = '.$data['item'].' ';
    $query = $this->db->query($sql);
    return $this->db->affected_rows();
}
//EDIT
function edit($data)
{
    $condition = array(
           'user' => $data['user'], 
           'item' => $data['item']
    );
    $update = array(
           'info' => $data['info']
    );
    $this->db->where($condition);
    $this->db->update('info', $update);
    return $this->db->affected_rows();
}

查看: 

<a href="<?php echo $baseurl; ?>/main/delete/<?php echo $item; ?>/<?php echo $user; ?>">DELETE</span></a>
<a href="<?php echo $baseurl; ?>/main/edit/<?php echo $item; ?>/<?php echo $user; ?>">EDIT</span></a>
相关问题
最新问题