我正在尝试编写一个仅允许具有管理员权限的用户(在数据库中记录为管理员角色)的页面。如果他们是管理员,则从数据库中提取照片以供批准。如果不是管理员,则他们将被重定向到管理页面并且看不到图像。
此时,任何登录的人都可以查看该页面并显示图像。我做错了什么?
谢谢
<?php
session_start();
$isLoggedIn = isset($_SESSION['first_name']) && isset($_SESSION['username']);
$username = $_SESSION['username'];
if ($isLoggedIn && $_SESSION['username']){
echo "Welcome ".$_SESSION['first_name']."<br><a href='login/logged_out.php'>log
out</a>";
}
$username = $_SESSION['username'];
//var_dump($username);
include("..'connection'connection.php");
// Connect to server and select database.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name) or die("cannot select DB");
$query=mysql_query("SELECT * FROM users WHERE username = '$username' AND role =
'admin'");
echo(mysql_error());
$num_rows = mysql_num_rows($query);
if ($num_rows =1){
include("..'connection'connection.php");
// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name) or die("cannot select DB");
$photo=mysql_query("SELECT * FROM images WHERE approved='N'");
echo(mysql_error());
$numrows = mysql_num_rows($photo);//counts the number or rows returned from database
matching the mysql_query.
if ($numrows==0){
echo "There are no images awaiting approval.";
}
while($get_photo=mysql_fetch_array($photo)){?>
<a href="approve_image_submit.php?images=<?php echo $get_photo['big_images']; ?>"
target=""><img src="<? echo $get_photo['url']; ?>" title="">
<? } ?>
<?
}else{
die ("You do not have permission to view this page. Redirect to index.phph Click <a
href='login/login_page.php'>here</a> to log in.");
//
}
?>
if ($num_rows =1){
应该是
if ($num_rows==1){
所以你的脚本可能有问题
一个。 username与database用户名冲突B.所以设置了$_SESSION变量C. 无效logic
我可以继续说下去
我可以帮助重写代码,但您需要用相关信息替换
session_start ();
include ("..'connection'connection.php");
$username = @$_SESSION ['username'];
$rowPhoto = array ();
$dbHost = "";
$dbUser = "";
$dbPass = "";
$dbName = "";
if ($_SESSION ['AUTH'] == true && ! isset ( $_SESSION ['username'] )) {
echo "Welcome " . $_SESSION ['first_name'] . "<br><a href='login/logged_out.php'>log out</a>";
exit ();
}
$mysqli = new mysqli ( $dbHost, $dbUser, $dbPass, $dbName ); // Replace with relevant information
$result = $mysqli->query ( "SELECT * FROM users WHERE username = '$username' AND role = 'admin'" );
if ($result->num_rows == 1) {
$userInfo = $result->fetch_assoc ();
$photoResult = $mysqli->query ( "SELECT * FROM images WHERE approved='N'" );
$_SESSION ['AUTH'] = true;
$_SESSION ['first_name'] = $userInfo ['first_name']; // Replace With
$_SESSION ['username'] = $username ;
// Information
if ($photoResult->num_rows == 0) {
echo "There are no images awaiting approval.";
} else {
$rowPhoto = "";
while ( $rowPhoto = $photoResult->fetch_assoc () ) {
echo "<a href='"approve_image_submit.php?images={$rowPhoto['big_images']}'" target='"><img src='"{$rowPhoto['url']}'" title='"'">";
}
}
} else {
die ( "You do not have permission to view this page. Redirect to index.phph Click <a
href='login/login_page.php'>here</a> to log in." );
}
我希望这有帮助
谢谢