Question

我正在建立一个网站，其中我有一个管理员和用户页面。我有一个问题，即使我以用户身份登录，我也可以通过URL访问管理页面。我在登录页面上进行了验证检查，但是如果我已经以用户或管理员身份登录，我可以访问所有页面。我想将页面限制为他们的角色。这是我的代码。

MY_Controller：

function __construct()
{
    parent::__construct();
    $this->is_logged_in();

    $session_admin = $this->session->userdata('isAdmin');
    $method = $this->router->fetch_method();

    if(($session_admin == FALSE) && $method != 'login')
    {
      $this->session->set_flashdata( 'message', 'You need to login to access this location' );
      redirect('user_home');
    }
    else
    {
        redirect('admin_ticketing/new_tickets');
    }
}

function is_logged_in()
{
    $is_logged_in = $this->session->userdata('is_logged_in');

    if(!isset($is_logged_in) || $is_logged_in != true) {
        redirect('login');
        die();
    }
}

型号：

function validate()
{
    $this->db->where('username', $this->input->post('username'));
    $this->db->where('password', $this->input->post('password'));
    $query = $this->db->get('accounts');
    $result = $query->row();

    if($query->num_rows() == 1)
    {
        return true;
    }
    else
    {
        return false;
    }
}

function check_role()
{
    $this->db->where('username', $this->input->post('username'));
    $this->db->where('password', $this->input->post('password'));
    $this->db->where('role', 1);
    $query = $this->db->get('accounts');
    $result = $query->row();

    if($query->num_rows() == 1)
    {
         $data = array(
            'userid' => $result->userid,
            'username' => $result->username,
            'password' => $result->password,
            'firstname' => $result->firstname,
            'lastname' => $result->lastname,
            'email' => $result->email,
            'address' => $result->address,
            'monthly_dues' => $result->monthly_dues,
            'arrears' => $result->arrears,
            'isAdmin' => true,
            'contactnum' => $result->contactnum,
            'role' => $result->role,
            'is_logged_in' => true
        );
        $this->session->set_userdata($data);
        return true;
    }
    else
    {
        return false;
    }
}

function check_user()
{
    $this->db->where('username', $this->input->post('username'));
    $this->db->where('password', $this->input->post('password'));
    $this->db->where('role', 0);
    $query = $this->db->get('accounts');
    $result = $query->row();

    if($query->num_rows() == 1)
    {
         $data = array(
            'userid' => $result->userid,
            'username' => $result->username,
            'password' => $result->password,
            'firstname' => $result->firstname,
            'lastname' => $result->lastname,
            'email' => $result->email,
            'address' => $result->address,
            'monthly_dues' => $result->monthly_dues,
            'arrears' => $result->arrears,
            'isAdmin' => false,
            'contactnum' => $result->contactnum,
            'role' => $result->role,
            'is_logged_in' => true
        );
        $this->session->set_userdata($data);
        return true;
    }
    else
    {
        return false;
    }
}

function check_active()
{
    $this->db->where('username', $this->input->post('username'));
    $this->db->where('password', $this->input->post('password'));
    $this->db->where('isActive', 1);
    $query = $this->db->get('accounts');
    $result = $query->row();

    if($query->num_rows() == 1)
    {
        return true;
    }
    else
    {
        return false;
    }
}

控制器：

function validate_login()
{
    $this->load->model('model_accounts');
    $valid = $this->model_accounts->validate();
    $isAdmin = $this->model_accounts->check_role();
    $isUser = $this->model_accounts->check_user();
    $isActive = $this->model_accounts->check_active();

    if($valid && $isAdmin && $isActive) // Active Admin
    {
        redirect('admin_ticketing/new_tickets');
    }
    else if($valid && $isActive && $isUser)  // Active User
    {
        redirect('user_home');
    }
    else if(($valid && $isAdmin) && $isActive == false)  //Deactivated Admin
    {
        redirect('login/admindeact');
    }
    else if($valid && ($isActive && $isAdmin) == false) //Deactivated User
    {
        redirect('login/userdeact');
    }
    else if($valid == false) //Invalid Account
    {
        $data['message'] = "Sorry, the username and password you entered did not match our records. Please double-check and try again. ";
        $this->template->load('template', 'view_login', $data);
    }
}

Answer 1

您可以在控制器中查看，请参阅此代码，

function __construct()
{
    parent::__construct();

    $session_admin = $this->session->userdata('admin'); //getting admin session
    $method = $this->router->fetch_method(); // get the current method

    if(empty($session_admin) && $method != 'login'){ // check for admin session and methos is login
        $this->session->set_flashdata( 'message', 'You need to login to access this location' );
        redirect('admin/users/login');
    }
}

Answer 2

如果您只想在登录时为admin和front-user设置角色，请设置会话值'is_admin'

然后你可以检查是否（$ is_admin）。

Codeigniter通过URL限制管理页面

2 个答案: