所以我有两个检查用户权限的函数,并检查用户是否可以查看该页面。但它不会按预期工作,我无法弄清楚原因。这可能是非常基本的,但我没有看到它。
在使用中:
if(!isAdmin() || !userCanAddCourses()) {
echo 'You dont have permissions to view this page';
die;
return false;
}
这是功能:
function userCanAddCourses(){
$ugarr = getUserGroup($_SESSION['userid']);
$dbtype = "mysql";
$dbhost = DB_HOST;
$dbname = DB_NAME;
$dbuser = DB_USER;
$dbpass = DB_PASS;
$var = explode(',', $ugarr);
foreach ($var as $ug){
$doclibperm ='0';
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$sql = "SELECT * from roles where id=:ug";
$stm = $conn->prepare($sql);
$stm->execute(array(':ug' => $ug));
$users = $stm->fetchAll();
foreach ($users as $row) {
$addcourses = $row['addcourse'];
if($addcourses=='1'){
return true;
}
}
}
}
function isAdmin() {
$userid = $_SESSION['userid'];
$dbtype = "mysql";
$dbhost = DB_HOST;
$dbname = DB_NAME;
$dbuser = DB_USER;
$dbpass = DB_PASS;
$network = getCurrentNetwork();
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$sql = "SELECT * from users where network=:network and id=:userid";
$stm = $conn->prepare($sql);
$stm->execute(array(':network' => $network, ':userid'=>$userid));
$users = $stm->fetchAll();
foreach ($users as $row) {
$moderator = $row['role'];
}
if($moderator >= '4'){
return true;
}
}
在上面的场景中,用户是管理员,但userCanAadCourses函数不会返回true。 我已经尝试删除die并返回false,然后它会显示页面以及“你没有权限”回显。 就像它运行条件两次而不是将两个参数作为一个条件运行..
下面的代码可行,但我认为我的第一种方法应该有用。
if(userCanAddCourses()){
$perm = 1;
}
if(isAdmin()){
$perm = 1;
}
if($perm != '1') {
echo 'You dont have permissions to view this page';
die;
return false;
}