时间戳

首页 > 解决方案 > 如果用户是管理员显示某些链接,如果用户是用户显示其他链接

php - 如果用户是管理员显示某些链接,如果用户是用户显示其他链接

问题描述

美好的一天

我似乎做错了什么。我不是 php 的专业人士和新手,如果我的问题很愚蠢,我仍在学习非常抱歉。

因此,如果用户是管理员或用户,我想显示某些链接。创建用户时,他们为用户或管理员选择一个复选框,并将其作为用户或管理员保存到数据库中。

这是我的登录表单代码

<?php session_start(); ?>
    
<?php
include("connect.php");

include("indexheader.php");

if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
    header("location: index.php");
    exit;
}
 
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
 
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
 
    // Check if username is empty
    if(empty(trim($_POST["username"]))){
        $username_err = "Please enter username.";
    } else{
        $username = trim($_POST["username"]);
    }
    
    // Check if password is empty
    if(empty(trim($_POST["password"]))){
        $password_err = "Please enter your password.";
    } else{
        $password = trim($_POST["password"]);
    }
    
    // Validate credentials
    if(empty($username_err) && empty($password_err)){
        // Prepare a select statement
        $sql = "SELECT user_id, username, password FROM login WHERE username = ?";
        
        if($stmt = mysqli_prepare($con, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "s", $param_username);
            
            // Set parameters
            $param_username = $username;
            
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Store result
                mysqli_stmt_store_result($stmt);
                
                // Check if username exists, if yes then verify password
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    // Bind result variables
                    mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            // Password is correct, so start a new session
                            session_start();
                            
                            // Store data in session variables
                            $_SESSION["loggedin"] = true;
                            $_SESSION["user_id"] = $id;
                            $_SESSION["username"] = $username;  
                            $_SESSION["permissions"] = "Admin"; 
                            $_SESSION["permissions"] = "User"; 
                            
                            // Redirect user to welcome page
                            header("location: welcome.php");
                    
                        } else{
                            // Display an error message if password is not valid
                            $password_err = "The password you entered was not valid.";
                        }
                    }
                } else{
                    // Display an error message if username doesn't exist
                    $username_err = "No account found with that username.";
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }

            // Close statement
            mysqli_stmt_close($stmt);
        }
    }
    
    // Close connection
    mysqli_close($con);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>SKC South Africa</title>
<link rel="stylesheet" type="text/css" href="indexcrud.css">
</head>
    <div class="row">
    <div class="col-md-6 col-md-offset-3">
        <div class="box">
            <h3>Login</h3> 
            <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
                <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
                <label>Username</label>
                <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
                <span class="help-block"><?php echo $username_err; ?></span>
            </div>    
                <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
                <label>Password</label>
                <input type="password" name="password" class="form-control">
                <span class="help-block"><?php echo $password_err; ?></span>
            </div>
                <button type="submit" name="submit" class="btn btn-success button">Login</button>
            </form>
        </div>
    </div>
    </div>  
    </head>
    </html>

登录后,他们将被定向到下面的欢迎页面代码

<?php
// Initialize the session
session_start();
 
// Check if the user is logged in, if not then redirect him to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
    header("location: index.php");
    exit;
}
?>
 
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>SKC South Africa</title>
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="indexcrud.css">
</head>
<body>
    <div class="container"> 
    <nav class="navbar navbar-default">
    <div class="container-fluid">
      <div class="navbar-header">
        <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
          <span class="sr-only">Toggle navigation</span>
          <span class="icon-bar"></span>
          <span class="icon-bar"></span>
          <span class="icon-bar"></span>
        </button>
        <a class="navbar-brand" href="index.php">SKC South Africa</a>
      </div>
      <div id="navbar" class="navbar-collapse collapse">
        <form action="" method="POST" enctype="multipart/form-data">
        <ul class="nav navbar-nav">
        <li class="active"><a href="welcome.php">Home</a></li>
        <li><a href='logout.php'>Logout</a></li>
        </form>
        </ul>
      </div><!--/.nav-collapse -->
    </div><!--/.container-fluid -->
  </nav> 
        
    <h3>Welcome <?php echo htmlspecialchars($_SESSION["username"]); ?>!</h3>
    <p><?php echo ("<div class='alert alert-success'>Successfully logged in!</div>")?></p>
    <br/>
        
<?php
if(isset($_SESSION["permissions"]) == "User") //check if user is a user and display buttons
{
?>
    <a href="view.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Products!</div>")?></a><br><br>
    <a href="viewfeatured.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Featured Products!</div>")?></a><br><br>

<?php } elseif(isset($_SESSION["permissions"]) == "Admin") //check if user is an admin and display buttons
{
?>
     <a href="view.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Products!</div>")?></a><br><br>
    <a href="viewfeatured.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Featured Products!</div>")?></a><br><br>
    <a href="viewuser.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Users!</div>")?></a>

<?php  }else{ // if user is not logged in then display these buttons?> 
    <li><a href="signin.php">Sign In</a></li>
    <li><a href="signup.php">Sign Up</a></li>
<?php } ?>
        
</div>
    
    
    
    
<br><br><br>
<div class="container">
    <div class="jumbotron">
    <h1>SKC South Africa</h1>
    <h3>Welcome to SKC Content Managment Site (CMS)</h3><br>
    <p>With this system you will be able to:</p>
    <ul style="font-size: 12pt;">
    <li>Add new Products, Details, Specifications and Links</li>
    <li>Update Products, Details, Specifications and Links</li>
    <li>Delete Products, Details, Specifications and Links</li><br>
    <li>Add new Featured Products</li>
    <li>Update Featured Products</li>
    </ul><br>
    <p>Live previews can be view under the view products tab and is selected per category.</p>
</div>
</div>

我似乎无法让这部分工作

<?php
if(isset($_SESSION["permissions"]) == "User") //check if user is a user and display buttons
{
?>
    <a href="view.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Products!</div>")?></a><br><br>
    <a href="viewfeatured.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Featured Products!</div>")?></a><br><br>

<?php } elseif(isset($_SESSION["permissions"]) == "Admin") //check if user is an admin and display buttons
{
?>
     <a href="view.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Products!</div>")?></a><br><br>
    <a href="viewfeatured.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Featured Products!</div>")?></a><br><br>
    <a href="viewuser.php"><?php echo ("<div class='btn btn-primary' style='text-align: center;'>Click here to View and Add Users!</div>")?></a>

<?php  }else{ // if user is not logged in then display these buttons?> 

<?php } ?>

上面代码的结果是,无论用户设置为用户还是管理员,它都只显示第一个权限 = 用户,因此用户和管理员用户都只显示 2 个链接。我做错了什么,请帮忙。

您的帮助将不胜感激。

标签: phpmysql

解决方案

推荐阅读