最受欢迎

如果 (isset($_SESSION[“用户名”]) 麻烦

if (isset($_SESSION["Username"]) trouble

本文关键字:用户名 麻烦 用户 isset SESSION 如果 | 更新日期: 2023-09-27

我正在制作一个管理页面..我需要使此页面仅供某个有效的用户访问!然后我试图让任何未登录的用户都无法访问它,所以我使用了 -

    if (isset($_SESSION["Username"]) && !isset($_POST["LOGIN"]))
    if($_SESSION["Username"] == "sara")

在每个if语句上都会出现一条消息..如果用户首先没有登录,并且如果他不是管理员,但不知何故,即使管理员访问它,也会出现第一条消息..它允许它访问页面并显示表单,但消息仍然出现在页面底部..我的代码一团糟我已经尝试了两天了! 谁能帮忙请问我 ?我试图添加另一个,但出现错误.这是完整的代码 -

<?php
session_start();
include 'header.php';
if (isset($_SESSION["Username"]) && !isset($_POST["LOGIN"])) {
  if($_SESSION["Username"] == "sara") {
    $conn = new mysqli($database_host, $database_login, $database_pass, $database_name);
    if ($conn->connect_error) {
      die("Connection failed: " . $conn->connect_error);
    } else {
      $sql = "SELECT `cat_id` , `cat_name` FROM categorys";
      $result = $conn->query($sql);
    }
    if ($conn->connect_error) {
      die("Connection failed: " . $conn->connect_error);
    } else {
      if(isset($_POST['Submit'])) {
        switch($_POST['Submit']) {
          case 'Submit2': 
            if ($conn->connect_error) {
              die("Connection failed: " . $conn->connect_error);
            } else {
              $Thecategory  =  $_POST["Thecategory"];
              $q="INSERT INTO categorys( cat_name) VALUES ('$Thecategory')";
              if (mysqli_query($conn, $q)) {
                echo "New record created successfully 2222";
              } else {
                echo "Error: " . $q. "<br>" . mysqli_error($conn);
              }
            }
            break;
          case 'Submit1':
            $Levelid = $_POST["Levelid"];
            $Levelserial = $_POST["Levelserial"];
            $word = $_POST["word"];
            $Thecategoryid  =  $_POST["taskOption"];
            $picfile = $_POST["picfile"];
            $fullword = $_POST["fullword"];
            $spelledword= $_POST["spelledword"];
            $sql="INSERT INTO questions( level_id, level_serial, q_word,q_cat_id , pic_file, word_file, s_word_file)
              VALUES ('$Levelid','$Levelserial',  '$word','$Thecategoryid ','$picfile' ,'$fullword','$spelledword')";
            if (mysqli_query($conn, $sql)) { 
              echo "New record created successfully";
            } else {
              echo "Error: " . $sql . "<br>" . mysqli_error($conn);
            }
            break;
        }
      } else {
        echo "
        <!DOCTYPE html>
        <html>
        <form>
        //form
          </form >
        <form  method='"post'">
          <label >Level id :</label>
        <br>
          <input type='"text'" name='"Levelid'" ><br>
          <label >  Level serial:</label>
          <br>
          <input type='"text'" name='"Levelserial'" ><br>
          <label > The word is:</label>
        <br>
          <input type='"text'" name='"word'" ><br>
          <label >The pic file is:</label>
          <br>
          <input type='"text'" name='"picfile'" v><br>
          <label > The full word  file :</label> 
          <br>
          <input type='"text'" name='"fullword'" ><br>
           <label >The spelled word file  :</label> 
        <br>
          <input type='"text'" name='"spelledword'" ><br>
         ";
        echo"
        <div >
        <label for='"The category '">The category </label></br>
        <select name='"taskOption'">
        ";
        if ($result->num_rows > 0) {
          while($row = $result->fetch_assoc()) { ?>
            <option value="<?php echo $row['cat_id']; ?>">
            <?php echo $row['cat_name']; ?>
            </option> <?php } ?>
          </select> 
        <?php } ?>        
        <br><br>
        <?php
        echo"
          <input type='"Submit'" value='"Submit1'" name='"Submit'">
        </form>
        </div>
        </body>
        </html>

        ";
      }
    }
  }
  echo "
    <head>
    <title>Relogin Please </title>
    </head>
    <body>
    <center>
    <br/> <br/>
    <div id='"content1'">
      <div id='"relog'">
      <h2 style='" color:black ; font-size: 25px;'">you're not admin </h2>
    <a href='"login.php'"><img src='"PIC/NIE7J6OOT.PNG'" ></a>
      </div>
    </div>
    <br/> <br/>
    </center>
    </body>
    ";
} else {
  echo "
  <head>
  <title>Relogin Please </title>
      </head>
  <body>
  <center>
  <br/> <br/>
  <div id='"content1'">
    <div id='"relog'">
    <h2 style='" color:black ; font-size: 25px;'">youare not admin </h2>
    <a href='"login.php'"><img src='"PIC/NIE7J6OOT.PNG'"></a>
    </div>
  </div>
      <br/> <br/>
  </center>
  </body>
  ";
}
?>
<?php include 'footer.php';?>

我需要放置一个 else 语句,但我不知道在哪里! 任何人都可以帮忙吗!

此代码不再安全:

如果 mypage.php 包含以下代码:

session_start();
$_SESSION['Username']=='sara';
echo "<a href='http://the.link-to-your-admin_page.php' target='_blank'>link</a>";

如果单击该链接,会话管理员 1 将被带到您的页面,并显示编辑按钮。

最安全的方法是在登录后立即设置令牌(这是一个非常简单的步骤)。例如$token = md5(uniqidsession(rsand(), true)); $_SESSION['token']=$token;

在每个页面的顶部放置以下内容:

if(!isset($_SESSION['token'])){ die('Access Denied');}
if(!isset($_SESSION['Username'])){ die('Access Granted');}

首先检查 SESSION 中的令牌携带,然后检查用户 ID,包括用户的权限级别。但是,只有您知道sara作为管理员,以防万一。这只是一个简单的方法,在开头放更多的指纹扫描代码,使拦截sessionid变得复杂。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习