Php “如何保护”;“显示”;页
我想根据登录用户的访问级别保护“显示”页面 函数protect_page()无法正常工作,它无法使用任何accesslevel访问任何用户 我使用两个表之间的关系,它们是: 特权表Php “如何保护”;“显示”;页,php,mysqli,Php,Mysqli,我想根据登录用户的访问级别保护“显示”页面 函数protect_page()无法正常工作,它无法使用任何accesslevel访问任何用户 我使用两个表之间的关系,它们是: 特权表 +----------------------------------+ | AccessLevel | login_id | pre_id| |----------------------------------| | 1 | 1 | 1
+----------------------------------+
| AccessLevel | login_id | pre_id|
|----------------------------------|
| 1 | 1 | 1 |
| 2 | 1 | 2 |
| 4 | 2 | 4 |
+----------------------------------+
这是登录预表:
+----------------------------------+
| username| userpass | login_id |
|----------------------------------|
| a | 123 | 1 |
| a | 123 | 1 |
| b | 1234 | 2 |
+----------------------------------+
和特权页的代码
ob_start();
session_start();
include 'C:\xampp\htdocs\database\agtdatabase\agt_site\connection\connect.php';
$query ="SELECT * FROM privilege " ;
$result = mysqli_query($link,$query) or die('');
if(isset($_SESSION['sessionloginid']))// point to id of user logged in
{
$query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
$result = mysqli_query($link,$query) or die('');
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
{
$access = $row['AccessLevel'];
$_SESSION['sessionloginid'];
echo $_SESSION['sessionaccess'];// output: 1
}
}
ob_end_flush();
和保护页面的代码:
include_once('C:\xampp\htdocs\database\agtdatabase\agt_site\login2\privilege.php');
function login()
{
return (isset($_SESSION['sessionloginid'])) ? true:false ;
echo $_SESSION['sessionloginid'];
}login();
function privilege()
{
return $_SESSION['sessionaccess'];
}
function protect_page(){
if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){
header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');
//echo $_SESSION['sessionaccess']; output nothing when user a logged in
exit();
}
}
似乎有很多事情需要解决,以下是一些:
//the if statement will only be entered if sessionloginid is set, only set inside the statement, which will never be entered
if(isset($_SESSION['sessionloginid'])) {
//you should use prepared statements. Query will never run here, since the sessionloginid is never set.
$query ="SELECT * FROM privilege where login_id='".$_SESSION['sessionloginid']."'" ;
//your login_id used above is not unique. It should be a key, and autoincremented
$result = mysqli_query($link,$query) or die('');
//since login_id is not unique, this while loop will replace the session variables you will set with the last row returned.
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
//storing access level, but never used again
$access = $row['AccessLevel'];
//the following two lines don't do anything
$_SESSION['sessionloginid'];
$_SESSION['sessionaccess'];
//Example replacement: $_SESSION['sessionloginid'] = $row['login_id'];
}
}
下一期:
function login() {
//this function will return true or false, but does not set or do anything. Intentional?
return (isset($_SESSION['sessionloginid'])) ? true:false ;
//this echo will not run, since the function stops on return
echo $_SESSION['sessionloginid'];
}
//calling login here does nothing, since login only returns a Boolean value.
login();
保护将永远不会运行header(),因为sessionloginid永远不会设置为true,会话访问也永远不会设置
function protect_page(){
//sessionloginid is never set, so will never be true
if($_SESSION['sessionloginid']== true && $_SESSION['sessionaccess'] !=1 ){
header ('location:http://localhost/database/agtdatabase/agt_site/agtSite/agt2.php');
//echo $_SESSION['sessionaccess']; output 12 when user a logged in
exit();
}
}
我意识到这并不能完全回答问题,但我希望这能让你朝着正确的方向前进。修好这些,让我知道你得到了什么。旁注:我认为登录id应该是表键。它应该是自动递增且唯一的。否则,您可能会得到多个结果,而不是唯一的用户登录。例如,登录id为1可以授予1或2的访问级别,因为每个访问级别的登录id都为1。您没有告诉什么不起作用。函数protect\u page()不起作用。注意,您应该使用prepared语句。如果您总是使用它们,就不会有意外忘记清理用户输入的风险。我编辑了此函数,但函数仍然不工作。在函数中,在If语句之前回显会话变量。输出是什么?