最受欢迎

登录时验证两个会话变量

verifying two session variable upon log in

本文关键字:两个 会话 变量 验证 登录 | 更新日期: 2024-03-02

我必须访问需要登录的页面。admin.php和rehab.php。登录后,我设置了两个会话变量:

if($row[2]=='Admin'){
    // Initializing Session
    session_start();
    $_SESSION['user']=$username; // Initializing Session user
    $_SESSION['dept']='Admin'; // Initializing Session dept.
    header('location: admin.php');
}
    else if($row[2]=='Rehabilitation Services'){
        $_SESSION['user']=$username; // Initializing Session
        $_SESSION['dept']='Rehabilitation Services';
   header('location: rehab.php');
}

这两个页面都包含header.php(其中可以看到用户名)。我决定将会话验证放在header.php中:

   session_start();
      if (!(isset($_SESSION['user']) && $_SESSION['user'] != '')) {
        header ("Location: login.php");
      }

因此,每当有人通过在浏览器中键入(../admin.php)或(../recking.php)来访问管理页面时,它都会被重定向到登录页面。

我的问题是,如果REHAB用户现在登录了。(../recharge.php)每当我试图将REHAB.php更改为admin.php时,它仍然可以访问!我试着把它放在admin.php的顶部,但似乎不起作用。

if ((isset($_SESSION['dept'])) && $_SESSION['dept']!='Admin'){
    session_destroy();
}

在rehab.php页面中,如果您想仅限制登录并指定了"康复服务"部门的用户访问,则应使用:

session_start();
if(!isset($_SESSION['user']) || 
   (isset($_SESSION['dept']) && $_SESSION['dept']!='Rehabilitation Services')){
       header ("Location: login.php");
 }

这应该可以工作;我注意到有几件事,就你试图实现的目标而言,你的代码结构是好的:

session_start(); // Have this as the first thing on the script 
                 // at the top before anything else above it 
if($row[2]=='Admin'){
    // Initializing Session
    session_start(); // Remove this; you need to put session_start 
                     // at the top of the script
    $_SESSION['user'] = $username; // Is the $username coming in 
                                   // from $_POST? Should this be 
                                   // $_POST['username'] unless you 
                                   // defined it beforehand 
    $_SESSION['dept'] = "Admin"; // Initializing Session dept. 
                                 // This is ok. 
    header('location: admin.php');
} elseif($row[2] == "Rehabilitation Services"){ //Keep this in one line
        $_SESSION['user'] = $username; // Initializing Session
        $_SESSION['dept'] = "Rehabilitation Services";
   header('location: rehab.php');
}
   session_start();
      if (!(isset($_SESSION['user']) && $_SESSION['user'] != '')) {
      if (!isset($_SESSION['user']) && $_SESSION['user'] != '') { 
      // corrected line above, you can also use empty() function  
        header ("Location: login.php");
      }

if ((isset($_SESSION['dept'])) && $_SESSION['dept']!='Admin'){
if (isset($_SESSION['dept']) && $_SESSION['dept'] != 'Admin'){
//Corrected line above
    session_destroy();
}
相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习