登录时验证两个会话变量

时间:2015-02-25 19:55:14

标签: php session login

我必须登录需要登录的页面。 admin.php和rehab.php。登录时我设置了两个会话变量:

if($row[2]=='Admin'){
    // Initializing Session
    session_start();
    $_SESSION['user']=$username; // Initializing Session user
    $_SESSION['dept']='Admin'; // Initializing Session dept.

    header('location: admin.php');
}
    else if($row[2]=='Rehabilitation Services'){
        $_SESSION['user']=$username; // Initializing Session
        $_SESSION['dept']='Rehabilitation Services';

   header('location: rehab.php');
}

这两个页​​面都包含header.php(可以看到用户名)。我决定将会话验证放在header.php中:

   session_start();
      if (!(isset($_SESSION['user']) && $_SESSION['user'] != '')) {
        header ("Location: login.php");
      }

所以只要有人通过在浏览器中输入(../admin.php)或(../rehab.php)来访问管理页面,它就会被重定向到登录页面。

我的问题是,如果REHAB用户现在已登录。 (../rehab.php)每当我尝试将rehab.php更改为admin.php时,仍然可以访问它!我试着将它放在admin.php的顶部,但它似乎不起作用。

if ((isset($_SESSION['dept'])) && $_SESSION['dept']!='Admin'){
    session_destroy();
}

2 个答案:

答案 0 :(得分:1)

在rehab.php页面中,如果您只想限制登录并指定“康复服务”部门的人员,您应该使用:

session_start();
if(!isset($_SESSION['user']) || 
   (isset($_SESSION['dept']) && $_SESSION['dept']!='Rehabilitation Services')){
       header ("Location: login.php");
 }

答案 1 :(得分:0)

这应该有用;我注意到了一些事情,你的代码结构对于你想要完成的事情是好的:

session_start(); // Have this as the first thing on the script 
                 // at the top before anything else above it 
if($row[2]=='Admin'){
    // Initializing Session
    session_start(); // Remove this; you need to put session_start 
                     // at the top of the script

    $_SESSION['user'] = $username; // Is the $username coming in 
                                   // from $_POST? Should this be 
                                   // $_POST['username'] unless you 
                                   // defined it beforehand 

    $_SESSION['dept'] = "Admin"; // Initializing Session dept. 
                                 // This is ok. 

    header('location: admin.php');

} elseif($row[2] == "Rehabilitation Services"){ //Keep this in one line
        $_SESSION['user'] = $username; // Initializing Session
        $_SESSION['dept'] = "Rehabilitation Services";

   header('location: rehab.php');
}

   session_start();
      if (!(isset($_SESSION['user']) && $_SESSION['user'] != '')) {
      if (!isset($_SESSION['user']) && $_SESSION['user'] != '') { 
      // corrected line above, you can also use empty() function  

        header ("Location: login.php");
      }


if ((isset($_SESSION['dept'])) && $_SESSION['dept']!='Admin'){
if (isset($_SESSION['dept']) && $_SESSION['dept'] != 'Admin'){
//Corrected line above
    session_destroy();
}
相关问题
最新问题