我对php编码来说还很陌生,我已经为网站设置了一个有效的注册/登录系统,但是现在我想创建一个可以编辑/上传图片至该网站的管理员用户。我只是不知道该怎么做,到目前为止,我刚刚在phpmyadmin中添加了一列,即usertype和一个带有两个变量admin和users的枚举,并且我将默认值设置为user,所以当有人注册时默认为用户。因此任何帮助将不胜感激。
这是我的登录php
if (isset($_POST['login-submit'])) {
#
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header("Location: ../index.php?error=emptyfields");
exit();
}else {
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}else{
mysqli_stmt_bind_param($stmt, "s", $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpassword");
exit();
}elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?error=nouser");
exit();
}
}
}
}else {
header("Location: ../index.php");
exit();
}
这是我的注册php
<?php
if (isset($_POST['signup-sumbit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invaildmailuid");
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invaildmail&uid=".$username);
exit();
}elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invailduid&mail=".$email);
exit();
}elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror1");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken&mail=".$email);
exit();
} else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}else {
header("Location: ../signup.php");
exit();
}
这是我添加的新列的图片 Picture of phpmyadmin
答案 0 :(得分:1)
这是您要检查用户是否具有管理员权限并存储在会话中的代码
if($row['user_type'] == 'Admin'){
$_SESSION['isAdmin'] = true;
}else{
$_SESSION['isAdmin'] = false;
}
之后,您可以根据需要使用$_SESSION['isAdmin']授予特权
if($_SESSION['isAdmin']){
//code for uploading pictuers ..
}