Question

我是php PDO的初学者，请使用不同用户登录的不同页面重定向来帮助了解不同用户级别的位置和方式。谢谢

这是我的登录代码

  <?php
  session_start();
  require_once("user.php");
  $login = new USER();

  if($login->is_loggedin()!="")
  {
    $login->redirect('database.php');
  }

  if(isset($_POST['btn-login']))
  {
   $uname = strip_tags($_POST['txt_uname_email']);
   $umail = strip_tags($_POST['txt_uname_email']);
   $upass = strip_tags($_POST['txt_password']);

  if($login->doLogin($uname,$umail,$upass)) 
  {
    $login->redirect('database.php');
 }
   else
   {
    $error = "Invalid Username/Email !!!";
   }    
 }
?>

这是我使用PDO登录时的条件

 <?php

require_once('login_db.php');

class USER
{
private $conn;

public function __construct()
{
    $database = new DatabaseLogin();
    $db = $database->dbConnection();
    $this->conn = $db;
}

public function runQuery($sql)
{
    $stmt = $this->conn->prepare($sql);
    return $stmt;
}

public function register($uname,$umail,$upass)
{
    try
    {
        $new_password = password_hash($upass, PASSWORD_DEFAULT);

        $stmt = $this->conn->prepare("INSERT INTO tbl_user(user_name,user_email,user_pass) 
                                                   VALUES(:uname, :umail, :upass)");

        $stmt->bindparam(":uname", $uname);
        $stmt->bindparam(":umail", $umail);
        $stmt->bindparam(":upass", $new_password);                                        

        $stmt->execute();   

        return $stmt;   
    }
    catch(PDOException $e)
    {
        echo $e->getMessage();
    }               
}

public function doLogin($uname,$umail,$upass)
{
    try
    {
        $stmt = $this->conn->prepare("SELECT user_id, user_name, user_email, user_pass FROM tbl_user WHERE user_name=:uname OR user_email=:umail ");
        $stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
        $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
        if($stmt->rowCount() == 1)
        {
            if(password_verify($upass, $userRow['user_pass']))
            {
                $_SESSION['user_session'] = $userRow['user_id'];
                return true;
            }
            else
            {
                return false;
            }
        }
    }
    catch(PDOException $e)
    {
        echo $e->getMessage();
    }
}

public function is_loggedin()
{
    if(isset($_SESSION['user_session']))
    {
        return true;
    }
}

public function redirect($url)
{
    header("Location: $url");
}

public function doLogout()
{
    session_destroy();
    unset($_SESSION['user_session']);
    return true;
}
}
?>

Answer 1

准备一组用户角色，您可以根据这些角色将用户重定向到特定页面管理员经理主持人

决定保留用户角色的位置，您可以保留在tbl_user中，也可以使用tbl_user_role创建一个表来跟踪用户ID和角色。

登录后，根据您保留角色名称的位置获取用户角色。现在使用此角色名称，重定向用户

如果您决定将用户角色保留在tbl_user中，请添加一列user_role 现在修改函数do_login

public function doLogin($uname, $umail, $upass)
{
    try
    {
        //If you are keeping user role in tbl_user modify like this
        $stmt    = $this->conn->prepare("SELECT user_id, user_name, user_email, user_pass, user_role FROM tbl_user WHERE user_name=:uname OR user_email=:umail ");
        $stmt->execute(array(':uname' => $uname, ':umail' => $umail));
        $userRow = $stmt->fetch(PDO::FETCH_ASSOC);


        if ($stmt->rowCount() == 1)
        {
            if (password_verify($upass, $userRow['user_pass']))
            {
                $_SESSION['user_session'] = $userRow['user_id'];
                $_SESSION['user_role'] = $userRow['user_role'];
                return true;
            }
            else
            {
                return false;
            }
        }
    }
    catch (PDOException $e)
    {
        echo $e->getMessage();
    }
}

如果您使用单独的表格tbl_user_role来保存用户角色信息，请使用以下版本的doLogin函数

public function doLogin($uname, $umail, $upass)
{
    try
    {
        //If you are keeping user role in tbl_user modify like this
        $stmt    = $this->conn->prepare("SELECT user_id, user_name, user_email, user_pass FROM tbl_user WHERE user_name=:uname OR user_email=:umail ");
        $stmt->execute(array(':uname' => $uname, ':umail' => $umail));
        $userRow = $stmt->fetch(PDO::FETCH_ASSOC);

        $stmt    = $this->conn->prepare("SELECT user_role FROM tbl_user_role WHERE user_id=:uid ");
        $stmt->execute(array(':uid' => $userRow['user_id']));
        $userRole = $stmt->fetch(PDO::FETCH_ASSOC);
        if ($stmt->rowCount() == 1)
        {
            if (password_verify($upass, $userRow['user_pass']))
            {
                $_SESSION['user_session'] = $userRow['user_id'];
                $_SESSION['user_role'] = $userRole['user_role'];
                return true;
            }
            else
            {
                return false;
            }
        }
    }
    catch (PDOException $e)
    {
        echo $e->getMessage();
    }
}

现在你必须在类User

中创建一个函数redirectByRole

public function redirectByRole()
{
    $role = !empty($_SESSION['user_role']) ? $_SESSION['user_role'] : false;
    switch ($role)
    {
        case 'admin':
            $login->redirect('admin.php');
            break;
        case 'manager':
            $login->redirect('manager.php');
            break;
        default :
            $login->redirect('logout.php');
            break;
    }
}

现在修改您的代码如下

<?php
  session_start();
  require_once("user.php");
  $login = new USER();

  if($login->is_loggedin()!="")
  {
    $login->redirectByRole();
  }

  if(isset($_POST['btn-login']))
  {
   $uname = strip_tags($_POST['txt_uname_email']);
   $umail = strip_tags($_POST['txt_uname_email']);
   $upass = strip_tags($_POST['txt_password']);

   if($login->doLogin($uname,$umail,$upass)) 
   {
       $login->redirectByRole();
   }
   else
   {
       $error = "Invalid Username/Email !!!";
   }    
 }

有人可以帮助我为不同的用户级别添加一些条件

1 个答案: