我想根据登录用户的访问级别保护"显示"页面
函数 protect_page() 不起作用,它以任何访问级别访问任何用户
我在两个表之间使用关系,它们是:特权表
+----------------------------------+
| AccessLevel | login_id | pre_id|
|----------------------------------|
| 1 | 1 | 1 |
| 2 | 1 | 2 |
| 4 | 2 | 4 |
+----------------------------------+
这是login_pre表:
+----------------------------------+
| username| userpass | login_id |
|----------------------------------|
| a | 123 | 1 |
| a | 123 | 1 |
| b | 1234 | 2 |
+----------------------------------+
和权限代码页面
ob_start();
session_start();
include 'C:'xampp'htdocs'database'agtdatabase'agt_site'connection'connect.php';
$query ="SELECT * FROM privilege " ;
$result = mysqli_query($link,$query) or die('');
if(isset($_SESSION['sessionloginid']))// point to id of user logged in
{
$query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
$result = mysqli_query($link,$query) or die('');
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
{
$access = $row['AccessLevel'];
$_SESSION['sessionloginid'];
echo $_SESSION['sessionaccess'];// output: 1
}
}
ob_end_flush();
和保护页面的代码:
include_once('C:'xampp'htdocs'database'agtdatabase'agt_site'login2'privilege.php');
function login()
{
return (isset($_SESSION['sessionloginid'])) ? true:false ;
echo $_SESSION['sessionloginid'];
}login();
function privilege()
{
return $_SESSION['sessionaccess'];
}
function protect_page(){
if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){
header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');
//echo $_SESSION['sessionaccess']; output nothing when user a logged in
exit();
}
}
似乎有很多事情需要解决,这里有一些:
//the if statement will only be entered if sessionloginid is set, only set inside the statement, which will never be entered
if(isset($_SESSION['sessionloginid'])) {
//you should use prepared statements. Query will never run here, since the sessionloginid is never set.
$query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
//your login_id used above is not unique. It should be a key, and autoincremented
$result = mysqli_query($link,$query) or die('');
//since login_id is not unique, this while loop will replace the session variables you will set with the last row returned.
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
//storing access level, but never used again
$access = $row['AccessLevel'];
//the following two lines don't do anything
$_SESSION['sessionloginid'];
$_SESSION['sessionaccess'];
//Example replacement: $_SESSION['sessionloginid'] = $row['login_id'];
}
}
下一期:
function login() {
//this function will return true or false, but does not set or do anything. Intentional?
return (isset($_SESSION['sessionloginid'])) ? true:false ;
//this echo will not run, since the function stops on return
echo $_SESSION['sessionloginid'];
}
//calling login here does nothing, since login only returns a Boolean value.
login();
保护永远不会运行 header(),因为会话登录 ID 永远不会设置为 true,并且也永远不会设置会话访问。
function protect_page(){
//sessionloginid is never set, so will never be true
if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){
header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');
//echo $_SESSION['sessionaccess']; output 12 when user a logged in
exit();
}
}
我知道这并不能完全回答这个问题,但我希望它应该让你朝着正确的方向前进。 修复这些问题,让我知道你得到了什么。 旁注:我认为login_id应该是表键。 它应该是自动递增且唯一的。 否则,您可能会获得多个结果,而不是唯一的用户登录。 例如,login_id 1 可以授予 1 或 2 的访问级别,因为每个访问级别都有 1 login_id。