我目前正在为我的任务工作。我需要在登录页面上区分用户和管理员。我应该对登录页面做出哪些更改,以区分用户和管理员?这些代码工作正常。
<?php
require_once 'php_action/db_connect.php';
session_start();
if(isset($_SESSION['userId'])) {
header('location: http://localhost/managementsystem/dashboard.php');
}
$errors = array();
if($_POST) {
$username = $_POST['username'];
$password = $_POST['password'];
if(empty($username) || empty($password)) {
if($username == "") {
$errors[] = "Username is required";
}
if($password == "") {
$errors[] = "Password is required";
}
} else {
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $connect->query($sql);
if($result->num_rows == 1) {
$password = md5($password);
// exists
$mainSql = "SELECT * FROM users WHERE username = '$username' AND password='$password'";
$mainResult = $connect->query($mainSql);
if($mainResult->num_rows == 1) {
$value = $mainResult->fetch_assoc();
$user_id = $value['user_id'];
//set session
$_SESSION['userId'] = $user_id;
header('location: http://localhost/managementsystem/dashboard.php');
} else {
$errors[] = "Incorrect Username or Password combination";
}
}else {
$errors[] = "Username does not exists";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Log-in Page</title>
<!-- bootstrap -->
<link rel="stylesheet" type="text/css" href="assets/bootstrap/css/bootstrap.min.css">
<!-- bootstrap theme -->
<link rel="stylesheet" type="text/css" href="assets/bootstrap/css/bootstrap-theme.min.css">
<!-- font awesome -->
<link rel="stylesheet" type="text/css" href="assets/font-awesome/css/font-awesome.min.css">
<!-- custom css -->
<link rel="stylesheet" href="custom/css/custom.css">
<!-- jquery -->
<script type="text/javascript" src="assets/jquery/jquery.min.js"></script>
<!-- jquery ui -->
<link rel="stylesheet" href="assets/jquery-ui/jquery-ui.min.css">
<script src="assets/jquery-ui/jquery-ui.min.js"></script>
<!-- bootstrap js -->
<script src="assets/bootstrap/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="row vertical">
<div class="col-md-5 col-md-offset-3">
<div class="panel panel-default">
<div class="panel-info">
<div class= "panel-heading text-center">
<h3 class= "panel-title">MH ALLIM Management System</h3>
</div>
<div class="panel-body">
<div class="messages">
<?php if($errors) {
foreach ($errors as $key => $value) {
echo '<div class="alert alert-warning" role="alert">
<i class="glyphicon glyphicon-exclamation-sign"></i>
'.$value.'</div>';
}
} ?>
</div>
<form class="form-horizontal" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" id="loginForm">
<div class="form-group">
<label for="inputUser3" class="col-sm-2 control-label">Username</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="username" name="username" placeholder="Username">
</div>
</div>
<div class="form-group">
<label for="password" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="password" name="password" placeholder="Password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default"> <i class="glyphicon glyphicon-log-in"></i>
Sign in</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
session_start();
require_once 'db_connect.php';
//echo $_SESSION['userId'];
if(!$_SESSION['userId']) {
header('location: http://localhost/managementsystem/index.php');
}
?>
我应该修改会话,以便普通用户无法访问管理页面吗? 谢谢:))
答案 0 :(得分:0)
你应该有一些让用户和管理员与众不同的东西。因此,您只需在表中添加一个名为&#34; role&#34; (例如)。如果用户是用户,那么该角色将是&#34; user&#34;。与任何管理员相同,角色将是&#34; admin&#34;。
您可以将以下代码写入管理员页面,以防止未经授权的用户登录。在用户的页面上使用相同的代码,以防止任何管理员登录到用户的页面,并将此部分更改为:$ _SESSION [&#39; role&#39;]!= &#39;用户&#39;)&#34;
<?php
session_start();
require_once 'db_connect.php';
if( (empty($_SESSION['userId'])) || ($_SESSION['role'] != 'admin') ) {
echo "<script>window.open('index.php','_self');</script>";
}
else {
$userId = $_SESSION['userId'];
}
?>
答案 1 :(得分:0)
使用if和else将其分开:
if(type="admin")
{
do somethg
}
else
{
do somethg
}