我现在有登录页面了。当我们以用户或管理员身份登录时,它会重定向到主页。我的问题是,当人登录作为一个管理员,我需要在主页上显示所有的按钮,当人登录作为一个用户,我需要禁用按钮。我怎么做????请帮帮我吧!下面是代码:
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "select * from tbl_login where username = '$username' and password = '$password' ";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_session["username"] = "username";
$_session["password"] = "password";
//$_SESSION['status'] = $var_value;
$info = mysql_fetch_array($result);
if($info['status'] == 1)
{
header("location:home.php");
}
elseif($info['status'] == 0)
header("location:home.php");
}
else {
echo "Wrong Username or Password";
}
?>
包含按钮的主页:
<form name="frm" method="post" action="" >
<tr>
<td><input name="delete" type="submit" id="delete" value="Delete" >
<td> <a href="insert.php?id=<?php echo $rows['id']?>"></a><input name="edit" type="submit" id="edit" value="edit" ></td>
<td><a href="insert.php?id=''" ><input type="button" value="Insert" /></a></td>
</tr>
</form>
您需要分配一个新的会话变量,如$_SESSION['is_admin_logged']
并将其设置为true。把它放在if($count==1)
语句中,然后从另一个页面(包含按钮),你可以使用会话变量来知道这个用户是否是管理员,并基于此做显示和隐藏的东西,更多的信息你的代码是脆弱的,可以很容易地被黑客攻击,你需要使用mysql_real_escape_string()
函数来过滤$_POST
变量和逃避sql注入。
下面是一个示例:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$sql = "select * from tbl_login where username = '$username' and password = '$password' ";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count==1)
{
$_SESSION["username"] = $username;
$info = mysql_fetch_array($result);
if($info['status'] == 1)
{
$_SESSION['admin_is_logged'] = true;
}
header("location:home.php");
}
else
{
echo "Wrong Username or Password";
}
在home.php中执行如下操作:
//this section will be shown to the logged in user only
if($_SESSION['admin_is_logged'])
{
echo "Hey I'm the admin and my username is: ".$_SESSION["username"]."<br />";
echo '<form name="frm" method="post" action="" >
<tr>
<td><input name="delete" type="submit" id="delete" value="Delete" ></td>
<td> <a href="insert.php?id='.$rows['id'].'"></a><input name="edit" type="submit" id="edit" value="edit" ></td>
<td><a href="insert.php?id=" ><input type="button" value="Insert" /></a></td>
</tr>
</form>';
}