我在我的主页上创建了一个登录名,允许用户登录,然后将他们重定向到他们的用户页面。但是,我尝试仅为管理员显示不同的页面?这是我登录的代码
shoeshomepage.php
// Check if we have already created a authenticated session
?><!doctype html>
<html lang="en">
<head>
<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<title>Sassy Shoes Homepage</title>
<link rel="stylesheet" href="gumby/css/gumby.css">
<link rel="stylesheet" href="custom.css">
</head>
<body>
<header>
<p><IMG class="displayed" src="heels.png" alt="Logo">
<div id="nav">
<ul>
<li><a href="shoeshomepage.php">HOME</a></li>
<li><a href="womens.php">HERS</a>
<li><a href="mens.php">HIS</a>
<li><a href="kids.html">KIDS</a>
<li><a href="contact_us.html">CONTACT US</a></li>
</ul>
</li>
<br class="clearboth"/>
</div>
<?php
if (isset($_SESSION["authenticatedUserEmail"])) {
echo "<br /><div id='"container'"><div id='"sidebar'"><h3><font color=red>".$_SESSION["message"] = "You are already logged in as ". $_SESSION['authenticatedUserEmail']."</font><br /><a href='"loginadmin.php'">Edit Account |</a><a href='"logout.php'"> Logout</a></h3></div></div>"; //Output any the error message
}else{
?><div id="container"><h3>
<div id="sidebar1">
<br />
<form action="loginaction.php" method="post">
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Log In" />
<a href="forgot.php">Forgot Password? |</a>
<a href="register.php">Register </a> <br />
<?php
echo "<h3><font color=red>".$_SESSION['message']."</font></h3>"; //Output any the error message -
?>
</form>
<?php
}
?>
loginaction.php 这是我的登录操作.php
<?php
session_start();
include_once ("connection.php");
// Get the data collected from the user
$email = trim($_POST["email"]);
$password = trim($_POST["password"]);
//Check for errors
if (empty($email) or empty($password)) {
$_SESSION["message"] = "Must enter Email and Password ";
header("Location: shoeshomepage.php"); //Redirection information
exit ;//Ends the script
}
$email = strip_tags($email);
$password = strip_tags($password);
//Create and run a query with the given details
$query = "SELECT * FROM users WHERE Email= '$email' AND Password = '$password' ";
$result = mysqli_query($connection,$query) or exit("Error in query: $query. " . mysqli_error());
// see if any rows were returned
if ($row = mysqli_fetch_assoc($result)) {//Then we have a successful login
//Create a session variable to store the user name.
$_SESSION["authenticatedUserEmail"] = $email;
//We could also use information drawn from the database eg ID
$_SESSION['id'] = $row['id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['username'] = $row['username'];
//This could be used later to get more information
// Relocate to the logged-in page
header("Location: loginadmin.php");
} else {//Login was unsuccesful
$_SESSION["message"] = "Could not login as $email";
header("Location: shoeshomepage.php");//Go back to the login pages
} //End else
?>
loginadmin.php这是我的用户页面(它并不意味着被称为登录管理员.php)
// Check if we have established an authenticated
if (!isset($_SESSION["authenticatedUserEmail"])) {
$_SESSION["message"] = "You must be logged in to see this user page. Please Login";
header("Location: shoeshomepage.php");
//Go back and login
}
//If this page hasn't been redirected (we are allowed in) then we can display
?>
<!doctype html>
<html lang="en">
<head>
<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<title>Sassy Shoes Homepage</title>
<link rel="stylesheet" href="gumby/css/gumby.css">
<link rel="stylesheet" href="custom.css">
</head>
<body>
<header>
<p><IMG class="displayed" src="heels.png" alt="Logo">
<div id="nav">
<ul>
<li><a href="shoeshomepage.php">HOME</a></li>
<li><a href="women_shoes.php">HERS</a>
<li><a href="mens.php">HIS</a>
<li><a href="kids.html">KIDS</a>
<li><a href="contact_us.html">CONTACT US</a></li>
</ul>
</li>
<br class="clearboth"/>
</div>
<div id="container"><h3>
<div id="sidebar1" width="40%">
<?php
echo "Welcome to your profile, " . $_SESSION['username'] . ".";?>
<br />
<a href="logout.php">Logout</a></p>
</div></h3>
<br />
<h1>Your details</h1>
<br />
<table border= "3" style="width:60%; margin:auto">
<tr>
<td>Username</td>
<td><?php echo $_SESSION['username'] . "</p>";?></td>
</tr>
<tr>
<td>First Name</td>
<td><?php echo $_SESSION['first_name'] . "</p>";?></td>
</tr>
<tr>
<td>Last Name</td>
<td><?php echo $_SESSION['last_name'] . "</p>";?></td>
</tr>
<tr>
<td>Email Address</td>
<td><?php echo $_SESSION["authenticatedUserEmail"] . "</p>";?></td>
</tr>
</table>
</div>
<hr />
</body>
</html>
您可以将用户类型存储在数据库中,例如普通用户、管理员用户等。成功匹配电子邮件和密码后,获取type of user,如果是管理员,请使用header("Location: [page for admin].php");将其重定向到管理页面
编辑
在数据库中添加一个名为 user_type 的列。为管理员用户添加0,为普通用户添加1。在php脚本中,可以添加以下行:
$user_type = $row['user_type'];
后
$_SESSION['id'] = $row['id'];
获取所有会话变量后,您可以执行
if($user_type == 0)
header("Location: adminpage.php");
else
header("Location: adminpage.php");
您必须将用户类型存储在数据库中,而不是可以使用 if 语句来显示正确的页面。 像这样:
$_SESSION['id'] = $row['id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['username'] = $row['username'];
$_SESSION['usertype'] = $row['usertype'];
if ($_SESSION['usertype'] == 'admin'){
header("Location: adminpage.php");
} else {
header("Location: loginadmin.php");
}
始终验证页面中的$_SESSION['usertype'],以确保没有 commom 用户可以访问管理页面。