时间戳

首页 > 解决方案 > 使用 PHP 登录/注册的权限

php - 使用 PHP 登录/注册的权限

问题描述

我是 PHP 的新手。我只想问当他们登录时如何将“管理员”和“用户”帐户重定向到特定页面。

“用户”注册页面与“管理员”不同,因为它将位于管理员的主页上。这就是我现在卡住的地方

到目前为止,我做了“管理”部分。

我的PHP代码:

<?php 
    session_start();

    // variable declaration
    $username = "";
    $errors = array(); 
    $_SESSION['success'] = "";

    // connect to database
    $db = mysqli_connect('localhost','root','','registration');
    if (mysqli_connect_errno($db)) {
        echo "Failed to connect to MySQL:" . mysqli_connect_error();
    }

    // REGISTER USER
    if (isset($_POST['reg_user'])) {
        // receive all input values from the form
        $username = mysqli_real_escape_string($db, $_POST['username']);
        $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
        $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

        // form validation: ensure that the form is correctly filled
        if (empty($username)) { array_push($errors, "Username is required"); }
        if (empty($password_1)) { array_push($errors, "Password is required"); }

        if ($password_1 != $password_2) {
            array_push($errors, "The two passwords do not match");
        }

        // register user if there are no errors in the form
        if (count($errors) == 0) {
            $password = md5($password_1);//encrypt the password before saving in the database
            $query = "INSERT INTO users (username, password) 
                      VALUES('$username', '$password')";
            mysqli_query($db, $query);

            $_SESSION['username'] = $username;
            $_SESSION['success'] = "You are now logged in";
            header('location: login.php');
        }

    }

    // ... 

    // LOGIN USER
    if (isset($_POST['login_user'])) {
        $username = mysqli_real_escape_string($db, $_POST['username']);
        $password = mysqli_real_escape_string($db, $_POST['password']);

        if (empty($username)) {
            array_push($errors, "Username is required");
        }
        if (empty($password)) {
            array_push($errors, "Password is required");
        }

        if (count($errors) == 0) {
            $password = md5($password);
            $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
            $results = mysqli_query($db, $query);

            if (mysqli_num_rows($results) == 1) {
                $_SESSION['username'] = $username;
                $_SESSION['success'] = "You are now logged in";
                header('location: home.html');
            }else {
                array_push($errors, "Wrong username or password combination");
            }
        }
    }

?>

我的示例数据库:

CREATE TABLE `users` (
    `id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    `username` varchar(100) NOT NULL,
    `password` varchar(100) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

标签: php

解决方案

您需要保存用户权限类型user_type,例如 user、admin、super_user 等

CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` varchar(100) NOT NULL,
`password` varchar(100) NOT NULL,
`user_type` varchar(20) NOT NULL,
index(user_type)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

当他们登录时,您检查他们user_type并将其存储在会话中 $_SESSION['user_type'] = *their_user_type_from_the_db*

然后将它们重定向到正确的页面

$_SESSION['user_type'] = *their_user_type_from_the_db*
if($_SESSION['user_type']=='user'){
    header('location: user.php');
}elseif($_SESSION['user_type']=='super_user'){
    header('location: superuser.php');
}else{
    header('location: home.php');
}

推荐阅读