Fatal编程技术网
  • php/
  • Php “如何保护”;“显示”;页

Php “如何保护”;“显示”;页

php

Php “如何保护”;“显示”;页,php,mysqli,Php,Mysqli,我想根据登录用户的访问级别保护“显示”页面 函数protect_page()无法正常工作,它无法使用任何accesslevel访问任何用户 我使用两个表之间的关系,它们是: 特权表 +----------------------------------+ | AccessLevel | login_id | pre_id| |----------------------------------| | 1 | 1 | 1

我想根据登录用户的访问级别保护“显示”页面

函数protect_page()无法正常工作,它无法使用任何accesslevel访问任何用户

我使用两个表之间的关系,它们是: 特权表

    +----------------------------------+
    |  AccessLevel | login_id  | pre_id|
    |----------------------------------|
    |      1       |    1     |   1    |
    |      2       |    1     |   2    | 
    |      4       |    2     |   4    |
    +----------------------------------+
这是登录预表:

    +----------------------------------+
    |  username| userpass | login_id   |
    |----------------------------------|
    |      a   |    123   |   1        |
    |      a   |    123   |   1        | 
    |      b   |   1234   |   2        |
    +----------------------------------+
和特权页的代码

ob_start();
session_start();
include 'C:\xampp\htdocs\database\agtdatabase\agt_site\connection\connect.php';
$query ="SELECT * FROM privilege " ;
$result = mysqli_query($link,$query) or die('');    

             if(isset($_SESSION['sessionloginid']))// point to id of user logged in
        {  
        $query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
        $result = mysqli_query($link,$query) or die('');
        while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
                {
        $access = $row['AccessLevel'];
            $_SESSION['sessionloginid'];
             echo $_SESSION['sessionaccess'];// output:  1
                }
        }

    ob_end_flush();
和保护页面的代码:

include_once('C:\xampp\htdocs\database\agtdatabase\agt_site\login2\privilege.php');

function login()
    {
return (isset($_SESSION['sessionloginid'])) ? true:false ;
echo $_SESSION['sessionloginid'];
    }login();



function privilege()
            {
                return $_SESSION['sessionaccess'];

                }

function protect_page(){
    if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){


header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');    
//echo $_SESSION['sessionaccess']; output nothing when user a logged in
exit();             
    }

}
似乎有很多事情需要解决,以下是一些:

//the if statement will only be entered if sessionloginid is set, only set inside the statement, which will never be entered
if(isset($_SESSION['sessionloginid'])) {  
    //you should use prepared statements.  Query will never run here, since the sessionloginid is never set.
    $query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
    //your login_id used above is not unique.  It should be a key, and autoincremented
    $result = mysqli_query($link,$query) or die('');
    //since login_id is not unique, this while loop will replace the session variables you will set with the last row returned.
    while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
        //storing access level, but never used again
        $access = $row['AccessLevel'];
        //the following two lines don't do anything
        $_SESSION['sessionloginid'];
        $_SESSION['sessionaccess'];
        //Example replacement: $_SESSION['sessionloginid'] = $row['login_id'];
    }
}
下一期:

function login() {
    //this function will return true or false, but does not set or do anything.  Intentional?
    return (isset($_SESSION['sessionloginid'])) ? true:false ;
    //this echo will not run, since the function stops on return
    echo $_SESSION['sessionloginid'];
}
//calling login here does nothing, since login only returns a Boolean value.
login();
保护将永远不会运行header(),因为sessionloginid永远不会设置为true,会话访问也永远不会设置

function protect_page(){
  //sessionloginid is never set, so will never be true
  if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){
    header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');    
    //echo $_SESSION['sessionaccess']; output 12 when user a logged in
    exit();             
  }
}
我意识到这并不能完全回答问题,但我希望这能让你朝着正确的方向前进。修好这些,让我知道你得到了什么。旁注:我认为登录id应该是表键。它应该是自动递增且唯一的。否则,您可能会得到多个结果,而不是唯一的用户登录。例如,登录id为1可以授予1或2的访问级别,因为每个访问级别的登录id都为1。

您没有告诉什么不起作用。函数protect\u page()不起作用。注意,您应该使用prepared语句。如果您总是使用它们,就不会有意外忘记清理用户输入的风险。我编辑了此函数,但函数仍然不工作。在函数中,在If语句之前回显会话变量。输出是什么?