用于区分用户的PHP gobal变量(登录)

时间:2015-12-02 10:41:08

标签: php html mysql

我想为我的朋友写一个登录页面。我想拥有对/root/root.php的唯一访问权限。登录表单等工作正常,但登录用户只需输入url即可进入root.php。我怎么能创建一个变量或类似的东西来阻止访问?这是我的代码:

的login.php 

<?php
session_start();
$hostname = 'localhost';
$dbname   = 'XXX';
$username = 'XXX';
$password = 'XXX';
mysql_connect($hostname, $username, $password) or DIE('Connection to host isailed, perhaps the service is down!');
mysql_select_db($dbname) or DIE('Database name is not available!');

$userName=mysql_real_escape_string($_POST['Name']);
$passWord=mysql_real_escape_string($_POST['Password']);
$query = mysql_query("SELECT id, server FROM admins WHERE Name='$userName' AND  Password='$passWord'");
$rows = mysql_num_rows($query);
$test =  mysql_fetch_row($query);


if ($rows==1)
{
    $_SESSION['userName'] = $_POST['Name'];
    if($test[1] == "Root") {
        header("Location: root/root.php");
    } else if($test[1] == "Minecraft"){
        header("Location: minecraft/minecraft.php");
    } else {
        echo "<center><h1>No database-entry!</h1></center>";
    }
}
else
{
    echo "<div class='login'>
            <table class='loginwindow'>
                <tr>
                    <td><h3>Wrong Password!</h3></td>
                </tr>
                <tr>
                    <td><a href='index.php'><button class='loginlogout'>To Login</button></a></td>
                </tr>
        </div>";
    //header("Location: login.html");
}?>

因此,root.php代码如下:

    <html>
<head>
    <title>Root</title>
<?php
   session_start();

   if(!isset($_SESSION['userName']))
    {
        //exit(header("location: ../login.html"));
        echo "You need to login first!<br />";
        echo "<a href='../index.php'>To Login</a>";
        exit();
    }
?>

<link href="../style.css" type="text/css" rel="stylesheet" />

</head>

<body>
<?php
    echo "Welcome " . $_SESSION['userName'];
 ?>
</body>
</html>

我只想让用户在数据库中使用“root”条目来访问root.php。我试过了,但是不行。 有什么想法吗?

祝你好运

1 个答案:

答案 0 :(得分:1)

首先,您需要在 login.php 中的$_SESSION['root'] = $test[1];行下方设置会话变量$_SESSION['userName'] = $_POST['Name'];,然后只需检查if($_SESSION['root'] == "Root") > root.php

<强>的login.php      

$userName=mysql_real_escape_string($_POST['Name']);
$passWord=mysql_real_escape_string($_POST['Password']);
$query = mysql_query("SELECT id, server FROM admins WHERE Name='$userName' AND  Password='$passWord'");
$rows = mysql_num_rows($query);
$test =  mysql_fetch_row($query);


if ($rows==1)
{
    $_SESSION['userName'] = $_POST['Name'];
    $_SESSION['root'] = $test[1]; // Add this line here
    if($test[1] == "Root") {
        header("Location: root/root.php");
    } else if($test[1] == "Minecraft"){
        header("Location: minecraft/minecraft.php");
    } else {
        echo "<center><h1>No database-entry!</h1></center>";
    }
}
else
{
    echo "<div class='login'>
            <table class='loginwindow'>
                <tr>
                    <td><h3>Wrong Password!</h3></td>
                </tr>
                <tr>
                    <td><a href='index.php'><button class='loginlogout'>To Login</button></a></td>
                </tr>
        </div>";
    //header("Location: login.html");
}?>

<强> Root.php 

<html>
<head>
    <title>Root</title>
<?php
   session_start();

   if(!isset($_SESSION['userName']))
    {
        //exit(header("location: ../login.html"));
        echo "You need to login first!<br />";
        echo "<a href='../index.php'>To Login</a>";
        exit();
    }
    // Add below if condition
    if($_SESSION['root'] != "Root"){
        //exit(header("location: ../login.html"));
        echo "You are not allowed to access root!<br />";
        echo "<a href='../index.php'>To Login</a>";
        exit();
    }
?>

<link href="../style.css" type="text/css" rel="stylesheet" />

</head>

<body>
<?php
    echo "Welcome " . $_SESSION['userName'];
?>
</body>
</html>
相关问题
最新问题