我正在尝试使用用户和管理员设置不同的访问权限,但我无法弄清楚如何使它们看起来不同,我尝试在数据库上设置 tinyint,其中 1 是管理员,0 是用户,但我认为我做得不对。(你在其他地方找到了它的代码)所以如果有更好的方法,将不胜感激。提前谢谢你。
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Homeowners Association</title>
</head>
<?php
if ($_SESSION['validUser'] == "yes")
//is this already a valid user?
{
//turn off PHP and turn on HTML
?>
<h1>Display Events Admin Options</h1>
<p><a href="insertEvent.html">Input New Events</a></p>
<p><a href="selectEventsProtected.php">List of Events</a></p>
<p><a href="logout.php">Logout</a></p>
<?php //turn off HTML and PHP
}
else
{
if (isset($_POST['submitLogin']) )
//Was this page called from a submitted form?
{
$inUsername = $_POST['loginUsername'];
//pull the username from the form
$inPassword = $_POST['loginPassword'];
//pull the password from the form
include ('dbConnect.php');
//Connect to the database
$sql = "SELECT * FROM homeowners WHERE username = '" . $inUsername . "' AND password = '" . $inPassword . "'";
//this SQL command will only work if BOTH the username and password on the table
$result = mysqli_query($link,$sql) or die("SQL Error " . mysqli_error($link) . "<p>SQL String: $sql</p>" );
if (mysqli_num_rows($result) == 1 )
//If this is a valid user there should be ONE row only
{
$_SESSION['validUser'] = "yes";
//this is a valid user so set your SESSION variable
//turn off PHP and begin HTML
?>
<h1>Display Events Admin Options</h1>
<p><a href="insertEvent.html">Input New Event</a></p>
<p><a href="selectEventsProtected.php">List of Events</a></p>
<p><a href="logout.php">Logout</a></p>
<?php //turn off HTML and turn on PHP
}
else
//This is an invalid user not in the database
{
echo "<h3>Invalid username or password. Please try again.</h3>"; //sets error message
//display login form again with the error message.
//turn off PHP and begin HTML
?>
<form method="post" name="login" action="login.php" >
<p>Username: <input name="loginUsername" type="text" /></p>
<p>Password: <input name="loginPassword" type="password" /></p>
<p><input name="submitLogin" value="Login" type="submit" /> <input name="" type="reset" /> </p>
</form>
<?php //turn off HTML and turn on PHP
}//end of checking for a valid user
}//end of checking for a submitted page
else //This page was not submitted so the user needs to se the sign on form to continue
{
//display the login form in the area below
//turn off PHP and begin HTML
?>
<h1>Login to access website</h1>
<form method="post" name="loginForm" action="login.php">
<p>Username: <input name="loginUsername" type="text" /></p>
<p>Password: <input name="loginPassword" type="password" /></p>
<p><input name="submitLogin" value="Login" type="submit" /> <input name="" type="reset" /> </p>
</form>
<?php //turn off HTML and turn on PHP
}//ends if statement to check for form submit
}//end if checking for a valid user
//turn off PHP and begin HTML
?>
</body>
</html>
我尝试使用:
$query = mysqli_query("SELECT type FROM homeowners WHERE username = '$user'");
$gettype = mysqli_fetch_assoc($query);
if($gettype["type"] == 0){
echo("user");
}
elseif($gettype["type"] == 1){
echo("admin");
}
但我对tinyint(我已设置为键入)了解不够
如果您
使用 tinyint,没问题,但我更喜欢枚举来确定用户访问权限,因为它会直接显示用户访问权限。 不仅仅是数字,我必须再次记住 1、2、3 或其他什么的含义。
要显示管理页面或用户页面,您只需要再$_SESSION一个变量来存储用户访问权限。
include 'dbConnect.php';
$query = mysqli_query($con, "SELECT type FROM homeowners WHERE username = '$user'");
$gettype = mysqli_fetch_assoc($query);
if($gettype["type"] == 0){
$_SESSION["userAccess"] = "user"
}
elseif($gettype["type"] == 1){
$_SESSION["userAccess"] = "admin"
}
并将其添加到您的 if 中
if ($_SESSION["validUser"] == "yes") {
if($_SESSION["userAccess"] == "admin") {
//show admin stuff or admin page
} elseif ($_SESSION["userAccess"] == "user") {
//show user stuff or user page
}
}
如果您想使用$_SESSION,请不要忘记在login.php和其他文件中的代码顶部使用 session_start()
更新
请参阅我更新的答案。你在mysqli_query()上犯了错误,该方法需要 2 个参数,如下所示:
$query = mysqli_query($con, "YOUR_QUERY");
$con来自YOUR_DB_CONFIG_FILE.php。在您的情况下,dbConnect.php