会话变量被覆盖php

时间:2011-09-18 16:01:43

标签: php mysql session-variables

我做了一个登录页面,根据他们是否使用正确的详细信息登录,应该为会话['级别'指定不同的组。说管理员登录他得到会话['admin']会话['成员']和会话['理事会'],这些都依赖于他在数据库中的用户级别。 但当我检查会话数组时,我得到: id,username,admin,admin,admin而不是 id,username,admin,council,member。 我用于查询的代码是

//normal user
$queryN= mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='member' LIMIT 1");
//normal council member
 $queryC = mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='council' LIMIT 1");
//normal admin
$queryA = mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='admin' LIMIT 1");
//Check whether the query was successful or not      
//normal user
if(mysql_num_rows($queryN) == 1)
{session_regenerate_id();
$resultN = mysql_fetch_assoc($queryN);  
$_SESSION['user_id'] = $resultN['id'];
$_SESSION['username'] = $resultN['username'];       
$_SESSION['member'] = $resultN['level']; 
session_write_close();
redirect_to("../public/index.php");
}
//admin user
elseif(mysql_num_rows($queryA) == 1){
session_regenerate_id();
$resultA = mysql_fetch_assoc($queryA);   
$_SESSION['user_id'] = $resultA['id'];
$_SESSION['username'] = $resultA['username']; 
$_SESSION['admin'] = $resultA['level']; 
$_SESSION['member'] = $resultA['level'];
$_SESSION['council'] = $resultA['level']; 
session_write_close();
redirect_to("../public/staff.php");
}

//council user
elseif(mysql_num_rows($queryC) == 1){
session_regenerate_id();
$resultC = mysql_fetch_assoc($queryC);  
$_SESSION['user_id'] = $resultC['id'];
$_SESSION['username'] = $resultC['username'];  
$_SESSION['council'] = $resultC['level']; 
$_SESSION['member'] = $resultC['level'];
session_write_close();
redirect_to("../public/index.php");
}else{
//Login failed
redirect_to("../public/login.php");
}

以及检查每个用户凭据的功能是:

    session_start();
    $_SESSION['ERRMSG_ARR'] = array(); 
    function logged_in() {
        return isset($_SESSION['level']);
    }

    function confirm_logged_in() {
if(!isset ($_SESSION['member']) || (trim($_SESSION['member']) == '')) {
$_SESSION['ERRMSG_ARR'][] = 'You were not Authorised to view that page';
            redirect_to("login.php");
        }
    }
function confirm_login_council() {
if(!isset ($_SESSION['council']) || (trim($_SESSION['council']) == '')) {
        $_SESSION['ERRMSG_ARR'][] = 'Sorry but you were not Authorised to view that page';
        redirect_to("login.php");
        }
    }
function confirm_login_admin(){
if(!isset($_SESSION['admin']) || (trim($_SESSION['admin']) == '')) {
    $_SESSION['ERRMSG_ARR'][] = 'Unfortunately for you; You were not Authorised to view that page';
            redirect_to("login.php");
        }
    }

并检查我使用的会话数组值:

  foreach($_SESSION as $value){
        echo $value . " | ";
    }

1 个答案:

答案 0 :(得分:1)

您正在设置" admin","会员"和"理事会"会话变量为相同的值:

$_SESSION['admin'] = $resultA['level']; 
$_SESSION['member'] = $resultA['level'];
$_SESSION['council'] = $resultA['level'];

尝试使用密钥进行打印,以更清楚地了解正在进行的操作:

foreach($_SESSION as $key => $value){
  echo $key, ':', $value , ' | ';
}