Php Codeigniter通过URL限制管理员页面
我正在建立一个网站,其中我有一个管理员和用户页面。我有一个问题,我可以通过URL访问管理页面,即使我作为用户登录。我在登录页面进行了验证检查,但是如果我已经以用户或管理员身份登录,我可以访问所有页面。我只想将页面限制为其角色。这是我的密码 我的控制器:Php Codeigniter通过URL限制管理员页面,php,codeigniter,Php,Codeigniter,我正在建立一个网站,其中我有一个管理员和用户页面。我有一个问题,我可以通过URL访问管理页面,即使我作为用户登录。我在登录页面进行了验证检查,但是如果我已经以用户或管理员身份登录,我可以访问所有页面。我只想将页面限制为其角色。这是我的密码 我的控制器: function __construct() { parent::__construct(); $this->is_logged_in(); $session_admin = $this->session-&
function __construct()
{
parent::__construct();
$this->is_logged_in();
$session_admin = $this->session->userdata('isAdmin');
$method = $this->router->fetch_method();
if(($session_admin == FALSE) && $method != 'login')
{
$this->session->set_flashdata( 'message', 'You need to login to access this location' );
redirect('user_home');
}
else
{
redirect('admin_ticketing/new_tickets');
}
}
function is_logged_in()
{
$is_logged_in = $this->session->userdata('is_logged_in');
if(!isset($is_logged_in) || $is_logged_in != true) {
redirect('login');
die();
}
}
function validate_login()
{
$this->load->model('model_accounts');
$valid = $this->model_accounts->validate();
$isAdmin = $this->model_accounts->check_role();
$isUser = $this->model_accounts->check_user();
$isActive = $this->model_accounts->check_active();
if($valid && $isAdmin && $isActive) // Active Admin
{
redirect('admin_ticketing/new_tickets');
}
else if($valid && $isActive && $isUser) // Active User
{
redirect('user_home');
}
else if(($valid && $isAdmin) && $isActive == false) //Deactivated Admin
{
redirect('login/admindeact');
}
else if($valid && ($isActive && $isAdmin) == false) //Deactivated User
{
redirect('login/userdeact');
}
else if($valid == false) //Invalid Account
{
$data['message'] = "Sorry, the username and password you entered did not match our records. Please double-check and try again. ";
$this->template->load('template', 'view_login', $data);
}
}
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
return true;
}
else
{
return false;
}
}
function check_role()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$this->db->where('role', 1);
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
$data = array(
'userid' => $result->userid,
'username' => $result->username,
'password' => $result->password,
'firstname' => $result->firstname,
'lastname' => $result->lastname,
'email' => $result->email,
'address' => $result->address,
'monthly_dues' => $result->monthly_dues,
'arrears' => $result->arrears,
'isAdmin' => true,
'contactnum' => $result->contactnum,
'role' => $result->role,
'is_logged_in' => true
);
$this->session->set_userdata($data);
return true;
}
else
{
return false;
}
}
function check_user()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$this->db->where('role', 0);
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
$data = array(
'userid' => $result->userid,
'username' => $result->username,
'password' => $result->password,
'firstname' => $result->firstname,
'lastname' => $result->lastname,
'email' => $result->email,
'address' => $result->address,
'monthly_dues' => $result->monthly_dues,
'arrears' => $result->arrears,
'isAdmin' => false,
'contactnum' => $result->contactnum,
'role' => $result->role,
'is_logged_in' => true
);
$this->session->set_userdata($data);
return true;
}
else
{
return false;
}
}
function check_active()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$this->db->where('isActive', 1);
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
return true;
}
else
{
return false;
}
}
function __construct()
{
parent::__construct();
$this->is_logged_in();
$session_admin = $this->session->userdata('isAdmin');
$method = $this->router->fetch_method();
if(($session_admin == FALSE) && $method != 'login')
{
$this->session->set_flashdata( 'message', 'You need to login to access this location' );
redirect('user_home');
}
else
{
redirect('admin_ticketing/new_tickets');
}
}
function is_logged_in()
{
$is_logged_in = $this->session->userdata('is_logged_in');
if(!isset($is_logged_in) || $is_logged_in != true) {
redirect('login');
die();
}
}
function validate_login()
{
$this->load->model('model_accounts');
$valid = $this->model_accounts->validate();
$isAdmin = $this->model_accounts->check_role();
$isUser = $this->model_accounts->check_user();
$isActive = $this->model_accounts->check_active();
if($valid && $isAdmin && $isActive) // Active Admin
{
redirect('admin_ticketing/new_tickets');
}
else if($valid && $isActive && $isUser) // Active User
{
redirect('user_home');
}
else if(($valid && $isAdmin) && $isActive == false) //Deactivated Admin
{
redirect('login/admindeact');
}
else if($valid && ($isActive && $isAdmin) == false) //Deactivated User
{
redirect('login/userdeact');
}
else if($valid == false) //Invalid Account
{
$data['message'] = "Sorry, the username and password you entered did not match our records. Please double-check and try again. ";
$this->template->load('template', 'view_login', $data);
}
}
如果您只想在登录时为管理员和前台用户设置角色,请设置会话值“is_admin”
然后你可以检查($is_admin)是否像那样。你可以在你的控制器中检查这个,看到这个代码
function __construct()
{
parent::__construct();
$session_admin = $this->session->userdata('admin'); //getting admin session
$method = $this->router->fetch_method(); // get the current method
if(empty($session_admin) && $method != 'login'){ // check for admin session and methos is login
$this->session->set_flashdata( 'message', 'You need to login to access this location' );
redirect('admin/users/login');
}
}
所以我需要检查每个控制器及其功能?只需为每个控制器添加一个签入构造函数。是否可以将其放置在我的\u控制器中,这样我就不必在每个控制器上重复此操作?如何实现此操作?如果我把它放在我的_控制器中,页面重定向太多次并返回一个error@coderszx你需要把这个代码放在每个管理员控制器上。对于具有登录功能的控制器,您需要检查代码的方法。否则,只需使用管理会话检查代码。我的管理控制器中的构造不会覆盖我的\u控制器中的构造吗?