php - 如何修复未在 PHP PDO 中以指定角色登录的用户
问题描述
我有三个用户角色。角色是管理员、学生和讲师。我已经设置了每个角色来呼应不同的东西。但是,当我以学生身份登录时,我将以会话中的最新用户身份登录。例如:以前我在调整 PDO 代码之前以讲师身份登录。调整代码后,我尝试以学生身份登录,但我仍然以讲师身份登录。
我不认为这是会话问题,因为我已经取消设置会话并在注销时销毁会话。
这是我的代码:- Navbar.php 中的代码
<?php
$user_id = $_SESSION['user_id'];
// Database connection
require_once('classes/PDOConnection.class.php');
$db = PDOConnection::getConnection(); // connect to db
// Retrieve the columns from the database
$sql = "SELECT username, fname, lname, role FROM users";
$stmt = $db->prepare($sql);
if ($stmt->execute(array($_SESSION['user_id'])))
{
while($row = $stmt->fetch())
{
//fetch the rows
$username = $row['username'];
$fname = $row['fname'];
$lname = $row['lname'];
$role = $row['role'];
}
}
echo
"
<!-- Main Header -->
<header class='main-header'>
<!-- Logo -->
<a href='dashboard.php' class='logo'>
<!-- mini logo for sidebar mini 50x50 pixels -->
<span class='logo-mini'><i class='fa fa-address-book'></i></span>
<!-- logo for regular state and mobile devices -->
<span class='logo-lg'><b>STULEC</b></span>
</a>
<!-- Header Navbar -->
<nav class='navbar navbar-static-top' role='navigation'>
<!-- Sidebar toggle button-->
<a href='#' class='sidebar-toggle' data-toggle='push-menu' role='button'>
<span class='sr-only'>Toggle navigation</span>
</a>
<!-- Navbar Right Menu -->
<div class='navbar-custom-menu'>
<ul class='nav navbar-nav'>
<!-- Messages: style can be found in dropdown.less-->
<li class='dropdown messages-menu'>
<!-- Menu toggle button -->
<a href='#' class='dropdown-toggle' data-toggle='dropdown'>
<i class='fa fa-envelope-o'></i>
<span class='label label-success'>4</span>
</a>
<ul class='dropdown-menu'>
<li class='header'>You have 4 messages</li>
<li>
<!-- inner menu: contains the messages -->
<ul class='menu'>
<li><!-- start message -->
<a href='#'>
<div class='pull-left'>
<!-- User Image -->
<img src='dist/img/user2-160x160.jpg' class='img-circle' alt='User Image'>
</div>
<!-- Message title and timestamp -->
<h4>
Support Team
<small><i class='fa fa-clock-o'></i> 5 mins</small>
</h4>
<!-- The message -->
<p>Why not buy a new awesome theme?</p>
</a>
</li>
<!-- end message -->
</ul>
<!-- /.menu -->
</li>
<li class='footer'><a href='#'>See All Messages</a></li>
</ul>
</li>
<!-- /.messages-menu -->
<!-- Notifications Menu -->
<li class='dropdown notifications-menu'>
<!-- Menu toggle button -->
<a href='#' class='dropdown-toggle' data-toggle='dropdown'>
<i class='fa fa-bell-o'></i>
<span class='label label-warning'>10</span>
</a>
<ul class='dropdown-menu'>
<li class='header'>You have 10 notifications</li>
<li>
<!-- Inner Menu: contains the notifications -->
<ul class='menu'>
<li><!-- start notification -->
<a href='#'>
<i class='fa fa-users text-aqua'></i> 5 new members joined today
</a>
</li>
<!-- end notification -->
</ul>
</li>
<li class='footer'><a href='#'>View all</a></li>
</ul>
</li>
<!-- User Account Menu -->
<li class='dropdown user user-menu'>
";
if ($row['role'] == "Student")
{
echo
"
<!-- Menu Toggle Button -->
<a href='#' class='dropdown-toggle' data-toggle='dropdown'>
<!-- The user image in the navbar-->
<img src='dist/img/user2-160x160.jpg' class='user-image' alt='User Image'>
<!-- hidden-xs hides the username on small devices so only the image appears. -->
<span class='hidden-xs'>" . $fname . "</span>
</a>
<ul class='dropdown-menu'>
<!-- The user image in the menu -->
<li class='user-header'>
<img src='dist/img/user2-160x160.jpg' class='img-circle' alt='User Image'>
<p>
" . $fname . ' ' . $lname ."
<small>Student ID: " . $username . " </small>
</p>
</li>
";
}
elseif ($row['role'] == "Lecturer")
{ echo
"
<!-- Menu Toggle Button -->
<a href='#' class='dropdown-toggle' data-toggle='dropdown'>
<!-- The user image in the navbar-->
<img src='dist/img/user2-160x160.jpg' class='user-image' alt='User Image'>
<!-- hidden-xs hides the username on small devices so only the image appears. -->
<span class='hidden-xs'>" . $fname . "</span>
</a>
<ul class='dropdown-menu'>
<!-- The user image in the menu -->
<li class='user-header'>
<img src='dist/img/user2-160x160.jpg' class='img-circle' alt='User Image'>
<p>
" . $fname . ' ' . $lname ."
<small>Lecturer ID: " . $username . " </small>
</p>
</li>
";
}
else
{
echo
"
<!-- Menu Toggle Button -->
<a href='#' class='dropdown-toggle' data-toggle='dropdown'>
<!-- The user image in the navbar-->
<img src='dist/img/user2-160x160.jpg' class='user-image' alt='User Image'>
<!-- hidden-xs hides the username on small devices so only the image appears. -->
<span class='hidden-xs'>" . $fname . "</span>
</a>
<ul class='dropdown-menu'>
<!-- The user image in the menu -->
<li class='user-header'>
<img src='dist/img/user2-160x160.jpg' class='img-circle' alt='User Image'>
<p>
" . $fname . ' ' . $lname ."
<small>Admin ID: " . $username . " </small>
</p>
</li>
";
}
echo
"
<!-- Menu Footer-->
<li class='user-footer'>
<div align='center'>
<a href='edit-profile.php' class='btn btn-default btn-flat'>Profile</a>
</div>
</li>
</ul>
</li>
<!-- Sign Out Button -->
<li>
<a href='logout.php'><i class='fa fa-sign-out'></i></i></a>
</li>
</ul>
</div>
</nav>
</header>
";
?>
login.php 中的代码
<?php
// Database connection
require_once ('classes/PDOConnection.class.php');
$db = PDOConnection::getConnection(); // connect to db
// Start Session
session_start();
// Application library ( with DemoLib class )
require __DIR__ . '/lib/library.php';
$app = new DemoLib();
$login_error_message = '';
// check Login request
if (!empty($_POST['btnLogin']))
{
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if ($username == "")
{
$login_error_message = 'Username field is required!';
}
else if ($password == "")
{
$login_error_message = 'Password field is required!';
}
else
{
$user_id = $app->Login($username, $password); // check user login
if($user_id > 0)
{
$_SESSION['user_id'] = $user_id; // Set Session
header("Location: dashboard.php"); // Redirect user to the profile.php
}
else
{
$login_error_message = 'Invalid login details!';
}
}
}
?>
library.php 中的代码
public function Login($username, $password)
{
try
{
$db = PDOConnection::getConnection(); // connect to db
$query = $db->prepare("SELECT user_id, role FROM users WHERE (username=:username) AND password=:password");
$query->bindParam("username", $username, PDO::PARAM_STR);
$enc_password = hash('md5', $password);
$query->bindParam("password", $enc_password, PDO::PARAM_STR);
$query->execute();
if ($query->rowCount() > 0)
{
$result = $query->fetch(PDO::FETCH_OBJ);
$_SESSION['role'] = $result->role;
return $result->user_id;
}
else
{
return false;
}
}
catch (PDOException $e)
{
exit($e->getMessage());
}
}
logout.php 中的代码
<?php
// start session
session_start();
// remove all session variable
unset($_SESSION['user_id']);
// destroy the session
session_destroy();
// Redirect to index.php page
header("Location: index.php");
?>
解决方案
您SELECT
在 Navbar.php 中的语句检索整个表。没有选择基于WHERE user_id = :userid
推荐阅读
- c# - 当构建并作为 .exe 运行时,对象在 unity2d 游戏中移动得非常快
- c# - ASP.NET Identity 更新多个表
- magento2 - 类别编辑调用后的事件回调
- javascript - Gulp 不会缩小图像
- javascript - React Tic Tac Toe 教程:你能解释一下如何将数字作为参数传递给点击事件的函数吗?
- java - Java在抽象超类中实例化子类
- graph - 具有双向边的图上的 Ford-Fulkerson 算法
- bash - 在“while read”循环中调用 mpirun,只处理第一行
- python - 在依赖 psycopg2 的代码上运行 Gemnasium-python
- git - 寻找支持嵌套开发分支的 git 工作流