提问人:game pro 提问时间:11/18/2023 最后编辑:ADysongame pro 更新时间:11/19/2023 访问量:85
如何编写语句来确定用户是否为管理员?在PHP中
how to write a statement to determine if the user is an admin? in php
问:
根据我的指示,我的问题
您需要向成员表添加一个附加字段,以指定谁是管理员。这将由数据库管理员(您)手动填充 在login.php文件中,您已为成功登录的成员分配了会话 ID。您需要编写一个 if 语句来确定用户是否为管理员,如果是,则也为此用户分配一个admin_id会话(按照 member_id 的示例进行操作) 未登录和已登录的导航栏是在index.php中创建的。由于管理员必须是登录用户,因此您将在拥有 $_SESSION['admin_id'] 的用户的“查看配置文件”链接之后添加另一个链接 (Admin)。此链接将打开myadminpage.php(稍后将创建)。index.php文件顶部已经有一个 session_start(),因此您不必启动新会话。
我觉得我遗漏了一些东西,并且似乎只有在管理员登录时才能显示管理员链接。
下面的代码是我login.php
<?php
ob_start();
session_start();
if(isset($_SESSION['member_id']) != "") {
// redirects to the home page
header("Location: index.php");
}
if(isset($_SESSION['admin_id']) != "") {
// redirects to the home page
header("Location: index.php");
}
?><!DOCTYPE html>
<?php
// require the connection script, end if connection fails
require_once('_connect.php');
if(isset($_POST['login']) && ($_POST['login'] !== "")) {
$email = $_POST['email'];
$password = $_POST['password'];
$select = "SELECT * FROM members WHERE email = '$email'";
$query = mysqli_query($DBConnect, $select);
if($query) {
$row = mysqli_fetch_assoc($query);
if(password_verify($password, $row['password'])) {
if($row['admin_id'] == 1){
$_SESSION['admin_id'] = $row['id'];
}
// Assign session Id to the unique primary key in the table row
$_SESSION['member_id'] = $row['id'];
$fname = $row['fname'];
$lname = $row['lname'];
$_SESSION['member_name'] = "$fname $lname";
header("Location: index.php");
}
else {
$errorMessage = "Incorrect email or password.";
}
}
}
?>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="description">
<title>Chinese Zodiac Social Networking</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<style type="text/css">
body {
background-color: rgba(235,244,251,1);
}
</style>
</head>
<body>
<?php require('includes/_site_nav.php'); ?>
<section class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<form role="form" action="login.php" method="post" name="login_form">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="email">Email</label>
<input type="email" name="email" placeholder="Your Email" required class="form-control">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control">
</div>
<div class="form-group">
<input type="submit" name="login" value="Log In" class="btn btn-info">
</div>
</fieldset>
</form>
<?php
if(isset($errorMessage)) echo "<span class='text-danger'>$errorMessage</span>";
?>
</div>
</div>
<div class="row">
<div class="col-md-4 col-md-offset-4 text-center">
<p>Need an account? <a href="register.php">Register here.</a></p>
</div>
</div>
</section>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous"></script>
<script src="js.bootstrap.min.js"></script>
</body>
</html>
下面的代码是我的index.php
<?php session_start(); ?><!DOCTYPE html>
<?php
require_once('_connect.php');
require_once("includes/_functions.php")
?>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<meta name="description" content="description">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title>Chinese Zodiac Social Networking</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/css/bootstrap.min.css" integrity="sha256-MfvZlkHCEqatNoGiOXveE8FIwMzZg4W85qfrfIFBfYc=" crossorigin="anonymous" />
<style type="text/css">
body {
background-color: rgba(235,244,251, 1);
}
</style>
<body>
<?php require('includes/_site_nav.php'); ?>
<div class="container">
<!-- start of dynamic section -->
<?php
if (isset($_SESSION['member_id'])) {
switch($_GET['page']) {
case 'member_profile':
include "includes/_view_member_profile.php";
break;
case 'update_profile':
include "includes/_update_member_profile.php";
break;
case 'login':
include "includes/login.php";
break;
case 'change_password':
include "includes/inc_change_password.php";
break;
default:
include "includes/inc_welcome.php";
break;
} //ends switch
} //ends if
else
{
// If the session id is not set, then display the default page
include "includes/inc_home.php"; // the default page
} //ends else
?>
</div>
<!--Start Bootstrap scripts--->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js" integrity="sha256-Sk3nkD6mLTMOF0EOpNtsIry+s1CsaqQC1rVLTAy+0yc=" crossorigin="anonymous"></script>
<!--End Bootstrap scripts-->
</body>
</head>
</html>
下面的代码是我的_site_nav.php(在我的包含文件中)
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#cz_navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="index.php">Chinese Zodiac Social Networking</a>
</div>
<div class="collapse navbar-collapse" id="cz_navbar">
<ul class="nav navbar-nav navbar-right">
<?php if (empty($_SESSION['member_id']) === FALSE && empty($_SESSION['member_name']) === FALSE) : ?>
<li class="navbar-text">Signed in as <?= $_SESSION['member_name']; ?></li>
<li><a href="logout.php">Log Out</a></li>
<li><a href="view_member_list.php">View Profiles
<?php elseif (empty($_SESSION['admin_id']) === FALSE) : ?>
<li><a href="myadminpage.php">Admin</a></li>
<?php else : ?>
<li><a href="login.php">Login</a></li>
<li><a href="register.php">Register</a></li>
<li><a href="view_member_list.php">View Profiles</a></li>
<?php endif; ?>
</ul>
</div>
</div>
</nav>
我的数据库数据库映像的映像
导航栏的输出应显示为:
Signed in as [user signed in] Log Out View Profiles Admin
如上所述,我无法让管理员仅在管理员登录时显示。我反复获得的当前输出是常规成员导航栏。
答:
1赞
Barmar
11/18/2023
#1
两大问题:
login.php需要检查是否找到了电子邮件。改变
if(password_verify($password, $row['password'])) {
自
if($row && password_verify($password, $row['password'])) {
index.php不显示管理页面链接,因为您只检查是否未设置。但是,当用户是管理员时,会设置这两个变量。所以改变$_SESSION['admin_id']$_SESSION['user_id']
<?php elseif (empty($_SESSION['admin_id']) ===FALSE ): ?>
自
<?php if (isset($_SESSION['admin_id'])): ?>
评论
0赞
ZeNix
11/18/2023
如果数据库中没有电子邮件与输入中的电子邮件匹配,则查询值将为 ,因此它将落入 中的 else 中,并且已经为此目的进行了检查。falseif($query)
0赞
Barmar
11/18/2023
不,不会。只有在出现错误时才会发生这种情况。
0赞
ZeNix
11/18/2023
如果没有数据与查询中的子句匹配,则会出现错误。如果没有数据与子句的预期值匹配,则返回 false。WHEREWHEREmysqli_query()
0赞
Barmar
11/18/2023
不,与子句匹配的任何内容都不是错误。错误类似于 SQL 中的语法错误。WHERE
0赞
Barmar
11/18/2023
试试看,你就会明白。
0赞
ZeNix
11/18/2023
#2
检查此方法。我将假设列中的值是一个布尔值,用于检查用户是否是管理员,对于管理员,对于普通用户。执行登录时,可以检查该值,并使用用户更新列:admin10admin_idid
if(password_verify($password, $row['password'])) {
if($row['admin'] == 1 && $row['admin_id'] == '0'){
// I will not use prepared statements since i think you're doing a learning exercise, but this is not the way to do it, you'll learn after.
mysqli_query($DBConnect, "UPDATE members SET admin_id = {$row['id']} WHERE id = {$row['id']}");
$_SESSION['admin_id'] = $row['id'];
}
// Assign session Id to the unique primary key in the table row
$_SESSION['member_id'] = $row['id'];
//Check if the admin_id row is set to different value than 0 and if not already set on the $_SESSION superglobal for the next time the user logs in again.
if (!isset($_SESSION['admin_id']) && $row['admin_id'] != 0) {
$_SESSION['admin_id'] = $row['admin_id'];
}
$fname = $row['fname'];
$lname = $row['lname'];
$_SESSION['member_name'] = $fname . " " . $lname; //Concatenate a space in middle of first name and last name for better readability.
header("Location: index.php");
} else {
$errorMessage = "Incorrect email or password.";
}
然后,要在导航中显示链接,可以通过以下方式执行此操作:
<ul class="nav navbar-nav navbar-right">
<?php if (isset($_SESSION['member_id']) && isset($_SESSION['member_name'])) : ?>
<li class="navbar-text">Signed in as <?= $_SESSION['member_name']; ?></li>
<li><a href="logout.php">Log Out</a></li>
<li><a href="view_member_list.php">View Profiles</a></li>
<?php if (isset($_SESSION['admin_id']) && $_SESSION['admin_id'] != 0) : ?>
<li><a href="myadminpage.php">Admin</a></li>
<?php endif; ?>
<?php else : ?>
<li><a href="login.php">Login</a></li>
<li><a href="register.php">Register</a></li>
<li><a href="view_member_list.php">View Profiles</a></li>
<?php endif; ?>
</ul>
评论
elseif (empty($_SESSION['admin_id']) ===FALSE )if$_SESSION['admin_id']empty($_SESSION['admin_id']) ===FALSEecho "<pre>"; print_r($_SESSION); echo "</pre>";member_id并且不是互斥的会话变量。所有成功的登录都设置了 。管理员另外设置。admin_idmember_idadmin_id$row