在数据库php/mysql中基于用户角色显示div
在这里搜索并尝试了不同的方法但没有成功之后,我想我会问 像这样的东西将是完美的,但我不知道如何设置它来检查用户角色在数据库php/mysql中基于用户角色显示div,php,mysql,Php,Mysql,在这里搜索并尝试了不同的方法但没有成功之后,我想我会问 像这样的东西将是完美的,但我不知道如何设置它来检查用户角色 <?php if (roles->getUserRole(reports)) { echo "<li><a href='/page5'>Reports</a></li>"; } ?> 我想根据数据库中的用户角色显示/不显示菜单项。我在数据库里把它设置为 (管理员)角色-1或(超级管理员)角色2 这是l
<?php
if (roles->getUserRole(reports)) { echo "<li><a href='/page5'>Reports</a></li>"; }
?>
我想根据数据库中的用户角色显示/不显示菜单项。我在数据库里把它设置为
(管理员)角色-1或(超级管理员)角色2
这是login.php
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "db_admin", "db-password");
// To protect MySQL injection for Security purpose
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
// Selecting Database
$db = mysql_select_db("db_database", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where password='$mypassword' AND username='$myusername'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$myusername; // Initializing Session
header("location: dashboard.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>
首先,您应该在会话中存储多个用户登录名:
如果身份验证成功,则使用以下内容创建唯一令牌
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where password='$mypassword' AND username='$myusername'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $myusername; // Initializing Session
$token = md5(uniqid());
$_SESSION['token'] = $token;
$query = mysql_query("update token from members where username='$myusername' set token = '$token'", $connection);
header("location: dashboard.php"); // Redirecting To Other Page
} else {
...
}
此令牌将用于验证网站每隔一页上的身份验证,如果没有此令牌,则仅假设会话中有登录名,则身份验证是正确的
当然,这会起作用,但根本不安全,如果用户想要更新其密码,则已登录同一帐户的其他计算机将永远不会断开连接
使用令牌,您可以在以后更改密码时重置它
在其他页面中,您可以使用会话用户名获取当前令牌和当前角色
// Check for a session
if(isset($_SESSION['login_user']) && isset($_SESSION['token']))
{
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where username='".$_SESSION['login_user']."'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$row = mysql_fetch_array($query , MYSQL_BOTH);
if($row['token'] != $_SESSION['token'])
{
// Incorrect token, disconnect the user
unset($_SESSION['login_user']);
unset($_SESSION['token_user']);
// Make redirection and stuff
}
else
{
// User still logged
$role = $row['role'];
// You can then use that variable later in page
// If $role == 1, Admin, show menu, prevent function access, ect
}
}
}
希望能有帮助 我得到了这个错误-解析错误:语法错误,意外的“&&”(T_BOOLEAN_和),在/Admin/dashboard.php中应该是“,”或“,”4@WebbieWorks,我没有直接尝试代码,因为它更像是一个示例,而不是一个复制/粘贴解决方案,但是有一些语法错误,经过编辑和更正!
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where password='$mypassword' AND username='$myusername'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $myusername; // Initializing Session
$token = md5(uniqid());
$_SESSION['token'] = $token;
$query = mysql_query("update token from members where username='$myusername' set token = '$token'", $connection);
header("location: dashboard.php"); // Redirecting To Other Page
} else {
...
}
// Check for a session
if(isset($_SESSION['login_user']) && isset($_SESSION['token']))
{
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where username='".$_SESSION['login_user']."'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$row = mysql_fetch_array($query , MYSQL_BOTH);
if($row['token'] != $_SESSION['token'])
{
// Incorrect token, disconnect the user
unset($_SESSION['login_user']);
unset($_SESSION['token_user']);
// Make redirection and stuff
}
else
{
// User still logged
$role = $row['role'];
// You can then use that variable later in page
// If $role == 1, Admin, show menu, prevent function access, ect
}
}
}