管理员链接无法访问管理员链接,其显示给所有其他用户的onyl管理员角色可以看到管理员链接

时间:2017-04-26 16:18:09

标签: php mysql

第一个是panel.php文件,第二个是会话文件,第三个是login.php文件文件。我想只有当登录用户是管理员然后只显示管理员链接而其他人显示其他链接时才显示panel.php文件。我不知道我试过这个代码发生了什么,但它显示了所有用户的所有链接。请找到错误

panel.php文件

   <?php
   include('session.php');
   ?>
    <!DOCTYPE html>
   <html>
   <head>
    <title></title>
  </head>
     <body>
    <?php
          if($_SESSION['role']=='Administrator')
          { 
          ?>
       <li><a href="#">Add Publisher</a></li>
    <?php
          }else{ 
          ?>

    <li><a href="#">Mailbox</a></li>
    <?php
          } 
      ?>
     </body>
     </html>

session.php文件

   <?php

    $connection = mysql_connect("localhost", "root", "");
    $db = mysql_select_db("simple_db", $connection);
    session_start();// Starting Session
    // Storing Session
    $user_check=$_SESSION['login_user'];
    $role_check=$_SESSION['role'];

    // SQL Query To Fetch Complete Information Of User
    $ses_sql=mysql_query("SELECT * FROM simple_db WHERE email_n='$user_check' ", $connection);
    $row = mysql_fetch_assoc($ses_sql);
    $login_session =$row['email_n'];

    if(!isset($login_session)){
    mysql_close($connection); // Closing Connection
    header('Location: login.php'); // Redirecting To Home Page
     }
     ?>

login.php文件

<?php
            session_start(); // Starting Session
            $error=''; // Variable To Store Error Message
            if (isset($_POST['submit'])) {
            if (empty($_POST['email_n']) || empty($_POST['email_p'])) {
            $error = "Email or Password is invalid";
            }
            else
            {
            // Define $username and $password
            $email_n = $_POST['email_n'];
            $email_p = $_POST['email_p'];
            // Establishing Connection with Server by passing server_name, user_id and password as a parameter
            $connection = mysql_connect("localhost", "root", "");
            // To protect MySQL injection for Security purpose
            $email_n = stripslashes($email_n);
            $email_p = stripslashes($email_p);
            $email_n = mysql_real_escape_string($mail_n);
            $email_p = mysql_real_escape_string($email_p);
            // Selecting Database
            $db = mysql_select_db("simple_db", $connection);
            // SQL query to fetch information of registerd users and finds user match.
            $query = mysql_query("SELECT * FROM simple_db WHERE email_n='$email_n' AND email_p = '$email_p' ", $connection);
            $rows = mysql_num_rows($query);
            if ($rows == 1) {

            $_SESSION['login_user']=$email_n;
            $_SESSION['role']=$row->Role;

             // Initializing Session
            header("location: panel.php"); // Redirecting To Other Page
            } else {
            $error = "Email or Password is invalid";

            }
            mysql_close($connection); // Closing Connection
            }
            }
            ?>

0 个答案:

没有答案
相关问题
最新问题