我创建了两个页面。一个用于管理员和一个用户。但登录时有单独的访问权限。我想在用户页面上授予对admin的访问权限。我无法找到解决方案。
现在,如果我以管理员身份登录并尝试访问用户页面,它会将我重定向到登录页面,同样的情况是针对用户的。那部分没问题。
在我的登录表单中,我检查用户的角色,并根据该角色将其重定向到各自的页面。在管理员和用户页面中,我首先检查用户的角色,如果不一样,则将其重定向到登录页面。
现在我尝试的是在user_page.php中我添加了两个角色user和administrator来检查登录用户是管理员还是用户。但那部分我无法弄明白。
<?php
ob_start();
session_start();
include("db.php");
?>
<!DOCTYPE html>
<html lang="">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title></title>
<style type="text/css">
.box {
border: #666666 solid 1px;
}
label {
font-weight: bold;
width: 100px;
font-size: 12px;
}
</style>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
</head>
<body bgcolor="#FFFFFF">
<div align="center">
<div style="width:350px; border: solid 2px #333333; " align="left">
<div style="background-color:#333333; color:#FFFFFF; padding:4px;"><b>Login</b></div>
<div style="margin:25px">
<form method="post" action="">
<?php
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$myusername1=mysqli_real_escape_string($con,$_POST['username']);
$mypassword1=mysqli_real_escape_string($con,$_POST['password']);
$mypassword=MD5($mypassword1);
$sql="SELECT * FROM finforex_users WHERE username='$myusername1' and password='$mypassword1'";
$result=mysqli_query($con,$sql);
$row=mysqli_fetch_array($result);
$_SESSION['userid']=$row['userid'];
$_SESSION['role']=$row['role'];
$count=mysqli_num_rows($result);
if($count==1)
{
if ($row['role']=="administrator")
{
header ("location: admin_page.php");
}
else if ($row['role']=="user")
{
$_SESSION['role']=$row['role'];
header ("location: user_page.php");
}
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
<label>UserName :</label><input type="text" name="username" class="box" /><br /><br />
<label>Password :</label><br/><input type="password" name="password" class="box" /><br/><br />
<input type="submit" value=" Submit " /><br />
</form>
<div style="font-size:11px; color:red; margin-top:100px">
<?php
$error;
?>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
ob_start();
session_start();
include 'db.php';
if(isset($_SESSION['role'])=='administrator')
{
$query1= mysqli_query($con,"SELECT * FROM `finforex_users` WHERE `userid`='".$_SESSION['userid']."' AND `role`='administrator' ");
$arr1 = mysqli_fetch_array($query1);
$num1 = mysqli_num_rows($query1);
if($num1==1)
{
?>
<html>
<head>
<style>
body{
width:80%;
margin: 0 auto;
padding: 0;
font-family: 'Open Sans', Tahoma, Arial, helvetica, sans-serif;
}
</style>
</head>
<body>
<br>
<h1 style="font-weight: 400;">Set Margins- Administrator</h1>
<div style="float:right;"><a href="login.php">Logout</a></div>
<a href="user_page.php">page 2</a>
<?php
}
else
{
header ("location:login.php");
}
}
else
header ("location:login.php");
?>
</body>
</html>
<?php
session_start();
include 'db.php';
if(isset($_SESSION['role'])=='user')
{
$query= mysqli_query($con,"SELECT * FROM `finforex_users` WHERE `userid`='".$_SESSION['userid']."' AND `role`='user' ");
$arr = mysqli_fetch_array($query);
$num = mysqli_num_rows($query);
if($num==1)
{
?>
<style>
{
width:80%;
margin: 0 auto;
padding: 0;
font-family: 'Open Sans', Tahoma, Arial, helvetica, sans-serif;
}
</style>
<body>
<h1 style="font-weight: 400;">Welcome User</h1>
<div style="float:right;"><a href="logout.php">Logout</a></div>
<?php
}
else
{
header ("location:login.php");
}
}
else
header ("location:login.php");
?>
</body>
答案 0 :(得分:0)
设置角色条件,如
if(isset($_SESSION['role'])=='user' || isset($_SESSION['role'])=='administrator'){
// User Page
// ....code ....
}