最受欢迎

如何保护“显示”页面

how to protect "display" page?

本文关键字:显示 页面 保护 何保护 | 更新日期: 2023-09-27

我想根据登录用户的访问级别保护"显示"页面

函数 protect_page() 不起作用,它以任何访问级别访问任何用户

我在两个表之间使用关系,它们是:特权表 

    +----------------------------------+
    |  AccessLevel | login_id  | pre_id|
    |----------------------------------|
    |      1       |    1     |   1    |
    |      2       |    1     |   2    | 
    |      4       |    2     |   4    |
    +----------------------------------+

这是login_pre表:

    +----------------------------------+
    |  username| userpass | login_id   |
    |----------------------------------|
    |      a   |    123   |   1        |
    |      a   |    123   |   1        | 
    |      b   |   1234   |   2        |
    +----------------------------------+

和权限代码页面 

ob_start();
session_start();
include 'C:'xampp'htdocs'database'agtdatabase'agt_site'connection'connect.php';
$query ="SELECT * FROM privilege " ;
$result = mysqli_query($link,$query) or die('');    
             if(isset($_SESSION['sessionloginid']))// point to id of user logged in
        {  
        $query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
        $result = mysqli_query($link,$query) or die('');
        while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
                {
        $access = $row['AccessLevel'];
            $_SESSION['sessionloginid'];
             echo $_SESSION['sessionaccess'];// output:  1
                }
        }
    ob_end_flush();

和保护页面的代码:

include_once('C:'xampp'htdocs'database'agtdatabase'agt_site'login2'privilege.php');
function login()
    {
return (isset($_SESSION['sessionloginid'])) ? true:false ;
echo $_SESSION['sessionloginid'];
    }login();

function privilege()
            {
                return $_SESSION['sessionaccess'];
                }
function protect_page(){
    if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){

header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');    
//echo $_SESSION['sessionaccess']; output nothing when user a logged in
exit();             
    }
}

似乎有很多事情需要解决,这里有一些:

//the if statement will only be entered if sessionloginid is set, only set inside the statement, which will never be entered
if(isset($_SESSION['sessionloginid'])) {  
    //you should use prepared statements.  Query will never run here, since the sessionloginid is never set.
    $query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
    //your login_id used above is not unique.  It should be a key, and autoincremented
    $result = mysqli_query($link,$query) or die('');
    //since login_id is not unique, this while loop will replace the session variables you will set with the last row returned.
    while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
        //storing access level, but never used again
        $access = $row['AccessLevel'];
        //the following two lines don't do anything
        $_SESSION['sessionloginid'];
        $_SESSION['sessionaccess'];
        //Example replacement: $_SESSION['sessionloginid'] = $row['login_id'];
    }
}

下一期:

function login() {
    //this function will return true or false, but does not set or do anything.  Intentional?
    return (isset($_SESSION['sessionloginid'])) ? true:false ;
    //this echo will not run, since the function stops on return
    echo $_SESSION['sessionloginid'];
}
//calling login here does nothing, since login only returns a Boolean value.
login();

保护永远不会运行 header(),因为会话登录 ID 永远不会设置为 true,并且也永远不会设置会话访问。

function protect_page(){
  //sessionloginid is never set, so will never be true
  if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){
    header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');    
    //echo $_SESSION['sessionaccess']; output 12 when user a logged in
    exit();             
  }
}

我知道这并不能完全回答这个问题,但我希望它应该让你朝着正确的方向前进。 修复这些问题,让我知道你得到了什么。 旁注:我认为login_id应该是表键。 它应该是自动递增且唯一的。 否则,您可能会获得多个结果,而不是唯一的用户登录。 例如,login_id 1 可以授予 1 或 2 的访问级别,因为每个访问级别都有 1 login_id。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习