多个用户级别的不同用户页面。 我应该在哪里将此代码重定向到每个用户级别的不同页面。 也许我有一些错误。怎么会这样?
$_SESSION['role'] = $row['role'];
if ($_SESSION['role'] == "normalUser")
{
//do stuff here for users
header('Location: memberpage.php');
}
else if ($_SESSION['role'] == "profesor" )
{
//do extra stuff here for only profesor
header('Location: profesori.php');
} else {
header('Location: admin.php');
这是user.php
<?php
include('password.php');
class User extends Password{
private $_db;
function __construct($db){
parent::__construct();
$this->_db = $db;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT * FROM members WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
return $stmt->fetch();
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$row = $this->get_user_hash($username);
if($this->password_verify($password,$row['password']) == 1){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['memberID'] = $row['memberID'];
$_SESSION['Fname'] = $row['Fname'];
$_SESSION['Lname'] = $row['Lname'];
$_SESSION['indeks'] = $row['indeks'];
$_SESSION['module'] = $row['module'];
$_SESSION['semester'] = $row['semester'];
$_SESSION['email'] = $row['email'];
$_SESSION['titula'] = $row['titula'];
$_SESSION['kabinet'] = $row['kabinet'];
return true;
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}
?>
这是login.php
<?php
session_start();
require_once('includes/config.php');
if( $user->is_logged_in() ){ header('Location: index.php');exit; }
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($row = $user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: memberpage.php');
exit;
} else {
$error[] = 'Погрешно корисничко име или лозинка, или вашиот акаунт не е активиран.';
}
}
$title = 'Најави се';
require('layout/header.php');
?>
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<form role="form" method="post" action="" autocomplete="off">
<h2>Ве молиме најавете се!</h2>
<p><a href='./'>Врати се на почетна!</a></p>
<hr>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p class="bg-danger">'.$error.'</p>';
}
}
if(isset($_GET['action'])){
//check the action
switch ($_GET['action']) {
case 'active':
echo "<h2 class='bg-success'>Вашиот акаунт е активиран, можете да се најавите.</h2>";
break;
case 'reset':
echo "<h2 class='bg-success'>Проверете го вашето сандаче за линкот за промена на лозинка.</h2>";
break;
case 'resetAccount':
echo "<h2 class='bg-success'>Лозинката е променета, можете да се најавите.</h2>";
break;
}
}
?>
<div class="form-group">
<input type="text" name="username" id="username" class="form-control input-lg" placeholder="Корисничко име" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="1">
</div>
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Лозинка" tabindex="3">
</div>
<div class="row">
<div class="col-xs-9 col-sm-9 col-md-9">
<a href='reset.php'>Ја заборавивте лозинката?</a>
</div>
</div>
<hr>
<div class="row">
<div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Најави се" class="btn btn-primary btn-block btn-lg" tabindex="5"></div>
</div>
</form>
</div>
</div>
</div>
<?php
require('layout/footer.php');
?>
答案 0 :(得分:1)
首先,我建议你改变角色管理员/教授的态度,其他一切应该是学生(它更安全,因为在你的情况下,如果你忘记添加角色,默认情况下用户将是管理员。)
我的第二个建议是你应该验证会话中的用户是否真的是用户对象,而不仅仅是登录值。这个验证也应该在User类中。
login.php文件代码看起来不对。您必须使用User类,并且您应该通过此对象专门进行登录,会话值管理和检查角色。
最后你的问题 - 重定向到特定页面应该在登录表单处理中。