我正在使用一种旧的PHP版本,即5.4。如果条件不仅仅显示给员工用户类型,我已经在PHP中覆盖了一些HTML内容。问题是当我以管理员身份登录时,我会看到管理员内容。在注销后,我以员工身份登录,我仍然可以在页面中看到管理员内容,但不应该是这种情况。
该页面是这样的:
Header.php + content.php + footer.php
的header.php
<?php
session_start();
//print_r($_SESSION); for debugging purpose
if(!isset($_SESSION['uname'])){
header("Location:index.php");
}
$baseurl = "http://localhost/yauwana-fyp-hrm/trunk/";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Rising Logistics</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/styles.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"> </script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"> </script>
<![endif]-->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/styles.css" rel="stylesheet">
<!-- suggession text box -->
<script type="text/javascript"
src="js/jquery.min.js"></script>
<script type="text/javascript"
src="js/jquery-ui.min.js"></script>
<link rel="stylesheet" type="text/css"
href="css/jquery-ui.css" />
</head>
<body>
<header>
<div class="container padded-top">
<div class="row">
<div class="col-md-6">
<div class="logo">
<a href="#" title="Rising Logistics">
<img src="<?php echo $baseurl; ?>images/logo.jpg" class="img-responsive"/>
</a>
</div>
</div>
<div class="col-md-6">
<div class="dropdown pull-right admin-area">
<button class="btn btn-default dropdown-toggle" type="button" id="login-menu" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
<span class="glyphicon glyphicon-user" aria-hidden="true"></span>
Welcome <strong><?php echo $_SESSION['uname']; ?></strong>
<span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="login-menu">
<li><a href="#">About</a></li>
<li><a href="includes/logout.php">Log Out</a></li>
</ul>
</div>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-12 col-lg-12 col-xs-12 col-sm-12 col-ms-12">
<div class="navbar navbar-default top-navbar" role="navigation">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav">
<li class="active"><a href="./" class="dropdown-toggle" data-toggle="dropdown">Recruitement</a>
<ul class="dropdown-menu multi-level">
<li><a href="template1.php?tab=home">Vacancies</a></li>
<li><a href="template1.php?tab=vacancies">Listed Candidates</a></li>
<li><a href="template1.php?tab=add_vac">Add Candiate</a></li>
</ul>
</li>
<li><a href="./" class="dropdown-toggle" data-toggle="dropdown">Performance</a>
<ul class="dropdown-menu multi-level">
<li><a href="template1.php?tab=kpi_list">KPI List</a></li>
<li><a href="template1.php?tab=add_kpi">Add KPI</a></li>
<li><a href="template1.php?tab=add_reviews">Add Reviews</a></li>
<li><a href="template1.php?tab=reviews">Reviews</a></li>
</ul>
</li>
<li><a href="./" class="dropdown-toggle" data-toggle="dropdown">Leave</a>
<ul class="dropdown-menu multi-level">
<li><a href="template1.php?tab=add_leave">Add Leave</a></li>
<li><a href="template1.php?tab=leave_entitlement">Leave Entitlement</a></li>
<li><a href="template1.php?tab=leave_summary">Leave Summary </a></li>
</ul>
</li>
<li><a href="./" class="dropdown-toggle" data-toggle="dropdown">PIM</a>
<ul class="dropdown-menu multi-level">
<?php if($_SESSION['ut'] != "Employee"){?>
<li><a href="template1.php?tab=employee_list">Employee List</a></li>
<?php } ?>
<li><a href="template1.php?tab=add_employee">Add Employee</a></li>
<li><a href="template1.php?tab=reports">Reports</a></li>
</ul>
</li>
<li><a href="./" class="dropdown-toggle" data-toggle="dropdown">Admin</a>
<ul class="dropdown-menu multi-level">
<li><a href="template1.php?tab=termionation_reason">Termination Reason</a></li>
<li><a href="template1.php?tab=job_titles">Job Titles</a></li>
<li><a href="template1.php?tab=user_create">Add Users</a></li>
<li><a href="template1.php?tab=user_list">User List</a></li>
</ul>
</li>
<li><a href="./">Help</a></li>
</ul>
</div>
<!--/.nav-collapse -->
</div>
</div>
</div>
</div>
</header>
<div class="clearfix"></div>
Content.php
<!-- delete ajax function begin -->
<script type="text/javascript">
function showUser(p)
{
//alert (p);
//if (str=="")
//{
// document.getElementById("txtHint").innerHTML="";
// return;
// }
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
//delete table row
var tr = document.getElementById(p).parentNode.parentNode;
tr.parentNode.removeChild(tr);
location.reload();
}
}
var full = "?s="+p;
xmlhttp.open("GET","menu/KPI list/kpi_delete.php"+full,true);
xmlhttp.send();
}
</script>
<!-- delete ajax function end -->
<div class="body-div container padded-bottom">
<?php
$database->getConnection();
/*
Place code to connect to your DB here.
*/
//include('config.php'); // include your code to connect to DB.
$tbl_name="kpi"; //your table name
// How many adjacent pages should be shown on each side?
$adjacents = 1;
/*
First get total number of rows in data table.
If you have a WHERE clause in your query, make sure you mirror it here.
*/
$emp_id=$_SESSION['emp_id'];
if($_SESSION['ut'] == "Employee")
{
$query = "SELECT COUNT(*) as num FROM $tbl_name WHERE emp_id = $emp_id ";
}
else{
$query = "SELECT COUNT(*) as num FROM $tbl_name";
}
$total_pages = mysql_fetch_array(mysql_query($query));
$total_pages = $total_pages['num'];
/* Setup vars for query. */
$targetpage = "template1.php?tab=kpi_list"; //your file name (the name of this file)
$limit = 1;
//how many items to show per page
if(isset($_GET['page'])){
$page = $_GET['page'];
$start = ($page - 1) * $limit; //first item to display on this page
}else{
$start = 0;
$page=0; //if no page var is given, set start to 0
}
/* Get data. */
$sql = "SELECT * FROM $tbl_name order by kpi_no desc LIMIT $start, $limit ";
$result = mysql_query($sql);
/* Setup page vars for display. */
if ($page == 0) $page = 1; //if no page var is given, default to 1.
$prev = $page - 1; //previous page is page - 1
$next = $page + 1; //next page is page + 1
$lastpage = ceil($total_pages/$limit); //lastpage is = total pages / items per page, rounded up.
$lpm1 = $lastpage - 1; //last page minus 1
/*
Now we apply our rules and draw the pagination object.
We're actually saving the code to a variable in case we want to draw it more than once.
*/
$pagination = "";
if($lastpage > 1)
{
$pagination .= "<div class=\"pagination-new\">";
//previous button
if ($page > 1)
$pagination.= "<a href=\"$targetpage&page=$prev\">« previous</a>";
else
$pagination.= "<span class=\"disabled\">« previous</span>";
//pages
if ($lastpage < 7 + ($adjacents * 2)) //not enough pages to bother breaking it up
{
for ($counter = 1; $counter <= $lastpage; $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage&page=$counter\">$counter</a>";
}
}
elseif($lastpage > 5 + ($adjacents * 2)) //enough pages to hide some
{
//close to beginning; only hide later pages
if($page < 1 + ($adjacents * 2))
{
for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage&page=$counter\">$counter</a>";
}
$pagination.= "...";
$pagination.= "<a href=\"$targetpage?page=$lpm1\">$lpm1</a>";
$pagination.= "<a href=\"$targetpage?page=$lastpage\">$lastpage</a>";
}
//in middle; hide some front and some back
elseif($lastpage - ($adjacents * 2) > $page && $page > ($adjacents * 2))
{
$pagination.= "<a href=\"$targetpage&page=1\">1</a>";
$pagination.= "<a href=\"$targetpage&page=2\">2</a>";
$pagination.= "...";
for ($counter = $page - $adjacents; $counter <= $page + $adjacents; $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage&page=$counter\">$counter</a>";
}
$pagination.= "...";
$pagination.= "<a href=\"$targetpage&page=$lpm1\">$lpm1</a>";
$pagination.= "<a href=\"$targetpage&page=$lastpage\">$lastpage</a>";
}
//close to end; only hide early pages
else
{
$pagination.= "<a href=\"$targetpage&page=1\">1</a>";
$pagination.= "<a href=\"$targetpage&page=2\">2</a>";
$pagination.= "...";
for ($counter = $lastpage - (2 + ($adjacents * 2)); $counter <= $lastpage; $counter++)
{
if ($counter == $page)
$pagination.= "<span class=\"current\">$counter</span>";
else
$pagination.= "<a href=\"$targetpage&page=$counter\">$counter</a>";
}
}
}
//next button
if ($page < $counter - 1)
$pagination.= "<a href=\"$targetpage&page=$next\">next »</a>";
else
$pagination.= "<span class=\"disabled\">next »</span>";
$pagination.= "</div>\n";
}
?>
<!-- end of the pagination -->
<div class="row">
<div class="col-xs-12 col-ms-12 col-sm-12 col-md-12 col-lg-12">
<h1>KPI List</h1>
<form action="menu/KPI list/kpi_search.php" method="post" name="testform">
<div class="well well-sm">
<div class="pull-left">
<select name="com" class="form-control">
<option value="f_name">First Name</option>
<option value="l_name">Last Name</option>
<option value="date">Date</option>
</select>
<div class="gap clearfix"></div>
<!-- <div id="testform_com_errorloc" class="alert alert-danger">Error message</div> -->
</div>
<div class="pull-left">
<input id="firstname" type="text" name="firstname" value="" class="required comment form-control" data-validation="required" data-validation-error-msg-required="This field is required"/>
<div class="gap clearfix"></div>
<!-- <div id="testform_firstname_errorloc" class="alert alert-danger">Error message</div> -->
</div>
<div class="pull-left"><input name="submit" type="submit" value="Search" class="btn btn-default"/></div>
</div>
</form>
<div class="gap"></div>
<table class="table table-striped">
<tr>
<th>Employee First Name</th>
<th>Employee Last Name</th>
<th>Job Title</th>
<th>Date</th>
<th>KPI given by</th>
<?php if($_SESSION['ut'] != "Employee"){ ?>
<th>Edit</th>
<th>Delete</th>
<th>Give Marks</th>
<?php } ?>
<th>View</th>
</tr>
<tr>
<?php
while($row = mysql_fetch_array($result))
{
$p = $row["kpi_no"];
$value = "1";
?>
<td><?php echo $row['e_f_name'];; ?></td>
<td><?php echo $row['e_l_name']; ?></td>
<td><?php echo $row['vac_name']; ?></td>
<td><?php echo $row['date']; ?></td>
<td><?php echo $row['kpi_given']; ?></td>
**<?php if($_SESSION['ut'] != "Employee"){ ?>**
<td class="text-center">
<a href="menu/KPI list/kpi_edit_details.php?x=<?php echo $p; ?>&v=<?php echo $page; ?>&val=<?php echo $value; ?>">
<!--<img width="15" height="15" src="http://localhost/project_2012/images/edit-icon.png"/>-->
<span class="glyphicon glyphicon-edit"></span>
</a>
</td>
<td class="text-center">
<div id="<?php echo $p; ?>" style="width:50px; "><a href="javascript:showUser(<?php echo $p; ?>)" onclick="return confirm('Are you sure you want to delete?')"></div>
<span class="glyphicon glyphicon-trash"></span>
</a>
</td>
<td class="text-center">
<a href="menu/KPI list/give_marks.php?x=<?php echo $p; ?>&v=<?php echo $page;?>">
<span class="glyphicon glyphicon glyphicon-certificate"></span>
</a>
</td>
**<?php }?>**
<td class="text-center">
<a href="view_vac.php?x=<?php echo $p; ?>" target="_blank">
<span class="glyphicon glyphicon-zoom-in"></span>
</a>
</td>
</tr>
<?php } // End of while loop
?>
</table>
<!--end of table -->
<br/><br/>
<?php echo $pagination; ?>
</div>
</div>
</div>
</body>
</html>
Footer.php
<footer>
<center>
Rising Logistics<br/>
© <?php date("Y") ?> Rising Logistics, Inc. All rights reserved.
</center>
</footer>
<!-- <script src="js/jquery.min.js"></script> -->
<script src="js/bootstrap.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.2.8/jquery.form-validator.min.js"></script>
<script src="js/common.js"></script>
Logout.php:
<?php
session_start();
session_destroy();
header("Location:../index.php");
?>
Login_validaton.php
<?php
include('database.php');
include('loghis.php');
$con = $database->getConnection();
$time = mktime(date('H')+5,date('i')+30,date('s'),date('m'),date('d'),date('Y'));
$hourr = date('H',$time);//current time hour
$minn =date('i',$time);//current time min
$secc = date('s',$time);//current time seconds
$year = date('Y',$time);//current year
$month = date('m',$time);//current month
$date = date('d',$time);//current day
$b=$year."-".$month."-".$date;
$intime = $hourr.":".$minn.":".$secc;
$username = addslashes($_POST['username']);
$password = md5(addslashes($_POST['password']));
$msg = "username or password incorrect";
$result = mysql_query("SELECT * FROM users WHERE user_name='$username' and password ='$password'");
//echo $username;
$row=mysql_num_rows($result);
//echo "1";
if($row==1){//begin of $row count
session_start();
$_SESSION['uname']=$username;
$res = mysql_fetch_array($result);
$_SESSION['ut']=$res['emp_division'];
$use = $res['user_name'];
$pass = $res['password'];
$_SESSION['emp_id'] = $res['emp_id'];
$_SESSION['emp_division'] = $res['emp_division'];
$logh = new loginHis;
$logh->his($username,$b,$intime);
header("Location:../../trunk/template1.php");
}//end of $row count
else {
header("Location:../../trunk/index.php?err=$msg");
}
?>
我在content.php文件中加粗了PHP行。希望这很清楚,并帮助我解决问题。
答案 0 :(得分:1)
您可以尝试更改'Logout.php'中的标题语句
header("Location:../index.php?logedout");
避免缓存页面
答案 1 :(得分:0)
此案例的最佳解决方案是在您的数据库中定义“user_type”列,并通过用户类型将值返回到您的会话对象,您可以将管理员用户和普通用户从不同的内容中分离出来。
现在您没有分离,这就是普通用户可以看到管理员内容的原因。