Php 仅允许某个组显示页面
我想让某个页面只对某个数据库组可见。我的SQL表设置为: 表:DD_用户 列:id |组|用户名|释义|公会|级别|盐 这是我尝试使用的代码:Php 仅允许某个组显示页面,php,mysql,Php,Mysql,我想让某个页面只对某个数据库组可见。我的SQL表设置为: 表:DD_用户 列:id |组|用户名|释义|公会|级别|盐 这是我尝试使用的代码: // First we execute our common code to connection to the database and start the session require("common.php"); // At the top of the page we check to see whether the user is logg
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: /DD/index.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to /DD/index.php");
}
if($_SESSION['user']['group'] == '0')
{
// Destroy the session to make them log in again.
unset($_SESSION['user']);
// If they are not, we redirect them to the login page.
header("Location: /DD/index.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to /DD/index.php");
}
// Everything below this point in the file is secured by the login system
当我尝试此操作时,将允许任何用户组(0、1和2)访问该页面,而我只希望组1和2访问该页面。您没有任何代码来检查它们是否在组1或2中。只需将代码环绕在
if
上即可
if($_SESSION['group'] == '1' || $_SESSION['group'] == '2')
另外,请确保使用
isset
设置了$\u会话['group']。如果未设置,则最后一个If
将失败。以另一种方式工作:
require('common.php');
$charname = $_SESSION['user']['username'];
$query = "SELECT adminaccess, guild, username, class, level, active, canRegister, canNews, canActive
FROM DD_users
WHERE username = ?";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute(array($charname));
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();
//print_r($rows);
$group = $rows['0']['adminaccess'];
$guild = $rows['0']['guild'];
$username = $rows['0']['username'];
$class = $rows['0']['class'];
$level = $rows['0']['level'];
$accessAdmin = $rows['0']['adminaccess'];
$canRegister = $rows['0']['canRegister'];
$canNews = $rows['0']['canNews'];
$canActive = $rows['0']['canActive'];
我让它检查组0,如果他们试图访问该页面,我希望该组注销。我将他们分为第1组或第2组,第2个if语句应返回false并继续页面的其余部分代码>设置,它只返回用户数组中的id和用户名。我把
$\u会话['user']=$row代码>在我的登录文件中。这应该设置数组中的所有行,不是吗?$\u会话['user']将包含一个数组。这样设置不会设置$\u会话['group']。您需要在会话中显式设置组,或者从会话中的数组中获取组。您可以将会话中的用户数组设置为变量,然后可以从变量访问其中的所有值。如何将其设置为会话?有几次我计划根据组号设置受限访问。我从中获得了登录系统,并对其进行了修改。您将从数据库获得的行设置为会话。该行已经是一个数组,因此您不必担心将其变成一个数组。然后您可以将会话变量设置为数组。它与$a=$b相同;然后,您可以从db行使用相同的键访问该数组值。