php - 使用 PHP 登录/注册的权限
问题描述
我是 PHP 的新手。我只想问当他们登录时如何将“管理员”和“用户”帐户重定向到特定页面。
- 当我以管理员身份登录时,它将被定向到像“superuser.php”这样的页面,我可以在该网站的 GUI 中为“用户”创建一个帐户。
- 当创建的“用户”帐户登录时,它将被定向到具有不同权限的“user.php”之类的页面。
“用户”注册页面与“管理员”不同,因为它将位于管理员的主页上。这就是我现在卡住的地方
到目前为止,我做了“管理”部分。
我的PHP代码:
<?php
session_start();
// variable declaration
$username = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost','root','','registration');
if (mysqli_connect_errno($db)) {
echo "Failed to connect to MySQL:" . mysqli_connect_error();
}
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: home.html');
}else {
array_push($errors, "Wrong username or password combination");
}
}
}
?>
我的示例数据库:
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` varchar(100) NOT NULL,
`password` varchar(100) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
解决方案
您需要保存用户权限类型user_type
,例如 user、admin、super_user 等
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` varchar(100) NOT NULL,
`password` varchar(100) NOT NULL,
`user_type` varchar(20) NOT NULL,
index(user_type)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
当他们登录时,您检查他们user_type
并将其存储在会话中
$_SESSION['user_type'] = *their_user_type_from_the_db*
然后将它们重定向到正确的页面
$_SESSION['user_type'] = *their_user_type_from_the_db*
if($_SESSION['user_type']=='user'){
header('location: user.php');
}elseif($_SESSION['user_type']=='super_user'){
header('location: superuser.php');
}else{
header('location: home.php');
}
推荐阅读
- python - LeetCode 236. 二叉树的最低共同祖先 - 回溯解决方案 - Python
- java - Java:Selenium 返回脚本超时而不是未找到元素
- javascript - FullCalendar - 显示谷歌日历不起作用
- javascript - JS如何检查字符串中的数组.includes()
- regex - 如何在lucene查询elasticsearch中使用正则表达式?
- python - 在 PyQt5 中使用 Inputmask 将光标设置为 QLineEdit 的开头
- reactjs - 在 ReactJS 中通过 onClick 方法调用组件
- python - 如何在 plotly dash 应用程序中编写数学符号?
- r - 为什么我的 ordisurf 拟合值与实际变量值不匹配?
- javascript - 如何在函数调用/手动中调用反应路由器 DOM 链接