我认为这可以简单地通过权限完成,但我似乎无法让它工作。我试图让页面使用下面的代码检查用户的权限,否则它会重定向到home。它总是重定向,我不知道为什么。
<?php
if(!isset($_SESSION))
{
session_start();
}
if ($_SESSION['permission'] == 0) {
header("Location: ./index.php");
exit;
} else {
if (!isset($_SESSION['authemail'])) {
header("Location: ./index.php");
exit;//Redirect to the index
}
编辑:我添加了会话转储,userID和权限都为null。我在这里想念的是什么,因为我无法弄明白?
<?php
session_start();
include ('../config/config.php');
/* basic field validation */
$email = trim($_POST["email"]);
$password = trim ($_POST["password"]);
/* check if details are empty, redirect if they are */
if (empty($email) or empty($password)) {
$_SESSION["message"] = "You must enter your email and password";
//Redirect to index
header("Location: ../index.php");
exit;
}
/* sanitise the input */
$email = strip_tags($email);
$password = strip_tags($password);
/* SQL user selection query, with error handling for the SQL */
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$result = mysqli_query($mysqli,$query) or exit("Error in query: $query. " . mysqli_error());
/* on query success, set sessions for email and userid */
if ($row = mysqli_fetch_assoc($result)) {
$_SESSION["authemail"] = $email;
$_SESSION["userid"] = $id;
$_SESSION["permission"] = $permission;
/* redirect the user to the secured page */
header("Location: ../loggedin.php");
} else {
/* display error if login was not successful and redirect to index */
$_SESSION["message"] = "Could not log in as $email - $query";
header("index.php");
}
?>
答案 0 :(得分:1)
尝试在数据库中为管理员设置一个标志。然后,在只有管理员可以访问的任何特定页面上,您应该检查此用户变量。
if(!$user->isAdmin()){
header("Location: ./login.php");
exit;
}
如果您没有可用的$ user对象,只需调用一个可以在数据库中查询所需变量的函数。
if(!isUserAdmin()){
header("Location: ./login.php");
exit;
}
此外,由于您的两个案例都重定向到index.php,您可以合并语句:
if($_SESSION['permission'] == 0 || !isset($_SESSION['authemail'])){
header("Location: ./index.php");
exit;
}
确保您正在调试以确保按预期设置/获取SESSION值。您的代码重定向,因为其中一个条件为真。调试并找到错误。