我创建了一个登录/注销页面,但现在我想在管理员登录时将其与常规用户分开。我想要做的是让普通用户只查看可用文件,而管理员当然他们将能够查看和编辑这些文件。
现在我的设置:
登录 .PHP
<?php
session_start();
include("password.php");
require_once "config.php";
/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
$mode = $_GET["mode"];
/* Template */
require_once $TEMPLATE_PATH."header.php";
if ($mode == "login") { /// do after login form is submitted
if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
$_SESSION["login"]=$_POST["username"];
header("location:index.php");
} else {
echo "Incorrect username/password. Please, try again.";
};
} else if ($mode == "logout") {
session_start();
unset($_SESSION["login"],$USERS);
header("location: login.php");
exit(0);
};
echo <<< XHTML
<h1>$TITLE</h1>
<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
<label id="username_label" for="username" class="normal">Username</label> :<br />
<input id="username" name="username" type="text" value="" class="half" /><br />
<label id="password_label" for="password" class="normal">Password</label> :<br />
<input id="password" name="password" type="password" value="" class="half" /><br />
<input id="submits" type="submit" value="Login" />
</form>
XHTML;
require_once $TEMPLATE_PATH . "footer.php";
?>
密码 .php(验证用户和密码)
<?php
$USERS["drodrig1"] = "pwd1";
$USERS["jsutta"] = "pwd2";
$USERS["username3"] = "pwd3";
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION["login"],$USERS)) {
header("Location: login.php");
exit(0);
};
};
?>
配置 .php
<?php
$ASSETS_URL = "https://url-link/formationXX/assets/";
$ASSETS_PATH = "serverpath/formationXX/assets/";
$TEMPLATE_URL = "https://url-link/formationXX/assets/template/";
$TEMPLATE_PATH = "serverpath/formationXX/assets/template/";
$LOGIN_URL = "https://url-link/formationXX/login.php";
$LOGIN_PATH = "serverpath/formationXX/login.php";
?>
索引 .php(登录后,我希望管理员与常规用户区分开来。管理员应该能够看到并编辑以下内容:CSS,JS,电子邮件,PDF和Spread Sheet。同时用户可以仅查看除了以外的所有内容:CSS,JS)
<?php
require_once "config.php";
session_start(); /// initialize session
include("password.php");
check_logged(); /// function checks if visitor is logged.
/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
/* Template */
require_once $TEMPLATE_PATH."header.php";
echo <<< XHTML
<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
<div class="full row column">
<h1>{$TITLE}</h1>
</div>
<div class="full row column">
<div class="half column small">
<p>Logged in as: <strong>{$_SESSION["login"]}</strong> | <a href="{$LOGIN_URL}?mode=logout" class="small">Logout</a></p><br />
Add Form | Delete Selected Form(s)
</div>
</div>
<div class="full row column">
<table id="formslist" cellpadding="0" cellspacing="0">
<th>
<tr>
<td class="form_select">
<input id="selectallforms" name="selectallforms" type="checkbox" value="Select All Forms" />
</td>
<td class="form_id">
ID
</td>
<td class="form_url">
URL
</td>
<td class="form_dates">
Launch Date
</td>
<td class="form_dates">
Expiration Date
</td>
<td class="form_autofill">
Autofill
</td>
<td class="form_save">
**CSS**
</td>
<td class="form_save">
**JS**
</td>
<td class="form_save">
Email
</td>
<td class="form_save">
PDF
</td>
<td class="form_dates">
Spread sheet
</td>
</tr>
</th>
</table>
</div>
</form>
XHTML;
require_once $TEMPLATE_PATH . "footer.php";
?>
答案 0 :(得分:1)
当登录的用户尝试编辑某些内容时,您应该检查该用户是否具有足够的权限来执行此操作。
例如,以下是您的用户:
$USERS["drodrig1"]['passw'] = "pwd1";
$USERS["jsutta"]['passw'] = "pwd2";
$USERS["username3"]['passw'] = "pwd3";
$USERS["drodrig1"]['level'] = 0;
$USERS["jsutta"]['level'] = 1;
$USERS["username3"]['level'] = 0;
以下是我们检查用户是否可以做某事的方法:
if ($_GET['action'] === 'edit' && $USERS[$_SESSION["login"]]['level'] === 1) {
// Go to function where users changes gets saved to files or db:
saveChanges($_POST);
} else {
die("<h1>Sorry, you cant do that!</h1>");
}