我想知道如何实现这一点,或者这是否可能。我有一个应用程序,它不是由管理员创建的,可以访问所有用户帐户,但现在我希望它可以访问所有帐户。
谢谢。(尽管我还没有尝试过任何东西,只是不知道如何开始,我也不想重新开始:建议)
我当前的登录代码是:
if(isset($_POST['login'])){
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$stmt = $pdo->prepare("SELECT password FROM tablename WHERE username=:username");
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount()<1){
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD</div></p>';
}else{
list($hash) = $stmt->fetch(PDO::FETCH_NUM);
if (password_verify($password, $hash)) {
//$_SESSION['username'] = $username;
$status1 = "COMPLETED";
$status2 = "PROCESSING";
//$stmt = $pdo->query("SELECT status FROM ca_confirmed WHERE username ='$_SESSION[username]'");
$stmt = $pdo->query("SELECT status FROM tablename WHERE username ='$username'");
$check = $stmt->fetch(PDO::FETCH_ASSOC);
$status = $check['status'];
$_SESSION['username'] = $username;
if(strcmp($status, $status1) == 0){
header("location: completed/index.php");
exit();
}elseif(strcmp($status, $status2) == 0){
header("location: uncompleted/index.php");
//exit();
}
}else{
echo '<div class="signals"><p class="bg-warning text-center warning"><button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>INVALID USERNAME OR PASSWORD again</div></p>';
}
}
}
当用户登录时,检查他们是否是管理员,如果是,设置一个会话变量,如:
$admin = $row['admin'];
$_SESSION['admin'] = $admin;
然后,您稍后的代码可以检查其中一个变量;如果是真的,那么跳过检查该帐户是否属于已登录用户。