我创建了一个简单的PHP脚本来获取用户的等级,然后确定他们是否有权查看该页面的内容。
然而,它不起作用。无论用户的等级是什么,它仍然显示内容。这是我的剧本:
<?php
include "db_connect.php";
include "auth.php";
$username = $_SESSION['username'];
$getrank = "SELECT rank FROM users WHERE username = '$username'";
$result = mysqli_query($con, $getrank);
if ($result == 3) {
echo 'You do not have permission to view this page. Redirecting you...';
header( "Refresh:5; url=index.php", true, 303);
} else {
echo 'you can view'; //just a text placeholder for debugging purposes
}
?>
我的MySQL数据库中的排名设置为1,2或3,我只希望允许访问排名为1和2的用户。
我意识到这种排名认证方法并不理想,用户可以在重定向之前按ESC键轻松绕过这种方法。
提前致谢。
答案 0 :(得分:0)
你想要这样的代码试试这个。
<?php
include "db_connect.php";
include "auth.php";
$username = $_SESSION['username'];
$getrank = "SELECT rank FROM users WHERE username = '$username'";
$result = mysqli_query($con, $getrank);
$row = mysqli_fetch_assoc($result);
if ($row['rank'] == 3) {
echo 'You do not have permission to view this page. Redirecting you...';
header( "Refresh:5; url=index.php", true, 303);
} else {
echo 'you can view'; //just a text placeholder for debugging purposes
}
?>