检查用户是管理员还是普通用户?PHP $_session 和 MYSQL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13933078/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Check if user is admin or normal user? PHP $_session and MYSQL
提问by user1906437
I want to show different content if a user is admin(2), or noarmal user(1). Login works fine, but i don't know hot to check if a user have 'usertype' 1 or 2? I want to use PHP $_SESSION.
如果用户是 admin(2) 或 noarmal user(1),我想显示不同的内容。登录工作正常,但我不知道要检查用户是否有“用户类型”1 或 2?我想使用 PHP $_SESSION。
This is my login form:
这是我的登录表单:
<!-- Log in -->
<form method="post" action="authentication.php">
<input type="text" name="userid" placeholder="E-mail" required/>
<input type="password" name="password" placeholder="Password" required/><br>
<button type="submit" name="submit" class="btn">Log in</button>
</form>
This is my authentication.php:
这是我的 authentication.php:
session_start();
if(isset($_POST['userid']) && isset($_POST['password'])){
$userid = $_POST['userid'];
$password = $_POST['password'];
$dbc = mysqli_connect('localhost', 'root', '', 'news');
if(!$dbc){
echo "Cannot connect to database";
exit;
}
$query = "SELECT * FROM users_tbl WHERE email = '$userid' AND password = sha1('$password')";
$result = $dbc->query($query);
if($result->num_rows)
{
$_SESSION['valid_user'] = $userid;
}
$dbc->close();
}
if(isset($_SESSION['valid_user'])){
header("location:prefs.php");
}else{
header("location:login.php");
echo 'Error';
}
This is what i have tried:
这是我尝试过的:
<?php
mysql_connect('localhost', 'root', '');
mysql_select_db('news');
$sql = "SELECT users_tbl.usertype FROM users_tbl";
$result = mysql_query($sql);
$user = mysql_fetch_array($result);
$_SESSION['user'] = $user['user'];
$_SESSION['usertype'] = $user['usertype'];
if($_SESSION['user']['usertype'] == 2)
{?>
<h1>Only admin stuff</h1>
<$? }//Endif user is admin(2) ?>
Maybe instead of doing the query for everytime to check if a user is admin, i could save a $_SESSION['usertype'], and then use this to check if a user is 2, for admin, maybe when a user is loggin in? But i do not know how to do this. I'm quite new at this.
也许不是每次都查询以检查用户是否为管理员,我可以保存 $_SESSION['usertype'],然后使用它来检查用户是否为 2,对于管理员,也许当用户登录时? 但我不知道该怎么做。我对此很陌生。
回答by echo_Me
try this
尝试这个
if($_SESSION['usertype'] == 2)
{
//do stuff here
}
if ($_SESSION['usertype']) == 1)
{
//do stuff here
}
edit : if you dont want write so many stuff and you want just include admin stuff inside this one of users just do this
编辑:如果你不想写这么多的东西,你只想在这个用户中包含管理的东西,就这样做
if ($_SESSION['usertype']) == 1 or $_SESSION['usertype']) == 2)
{
//do stuff here for them both admin and users
if($_SESSION['usertype'] == 2 )
{
//do extra stuff here for only admin
}
}
回答by Moonblaze
I realize that this is an old question, however I have spent the last week searching the internet looking for an answer to this question as I have had a similar issue. "echo_Me" had the answer, but I see some incorrect syntax. After toying around with it on a localserver, this is what I did.
我意识到这是一个老问题,但是我花了上周的时间在互联网上寻找这个问题的答案,因为我遇到了类似的问题。“echo_Me”有答案,但我看到一些不正确的语法。在本地服务器上玩弄它之后,这就是我所做的。
if($_SESSION['usertype']) == 1 or $_SESSION['usertype']) ==2)
//> start end < end < < end
{
//do stuff here for them both admin and users
if($_SESSION['usertype'] == 2)
{
//Do other stuff for usertype 2
}
}
You have more End Parenthesis then you do start ones. I set all of the session variables I need when I run the login script for my website. So if I need a session variable, here is how I would handle it:
你有更多的结束括号然后你做开始。当我为我的网站运行登录脚本时,我设置了我需要的所有会话变量。所以如果我需要一个会话变量,我将如何处理它:
if($_SESSION['user']['usertype'] == 1 OR $_SESSION['user']['usertype'] == 2) { ?>
// Do Stuff for normal user and admin
<?php } if($_SESSION['user']['usertype'] == 2) { ?>
// DO Stuff for admin only
<?php } ?>
As you can see, the first if statement only has one set of parenthesis. And really, you can remove some of the php code, and just do regular html/css markup then the if statement for usertype of 2 for stuff for admin.
如您所见,第一个 if 语句只有一组括号。实际上,您可以删除一些 php 代码,然后只做常规的 html/css 标记,然后为 admin 的 usertype 执行 if 语句。
<!-- HTML Markup for both Admin and Regular Users Goes Here above if statement -->
<?php if($_SESSION['user']['usertype'] == 2 { ?>
// Markup for Admin only
<?php } ?>
Also, I would recommend not having the password set in the session variables. In that code, you may have it not do that, I am just unfamiliar with mysqli as I use PDO.
另外,我建议不要在会话变量中设置密码。在该代码中,您可能没有这样做,我只是不熟悉 mysqli,因为我使用 PDO。
回答by somasundaram
You can save your user type with session variable
您可以使用会话变量保存您的用户类型
Once logged in you need to check with db with the user type for 1 or 2 and store that variable with session variable like $_SESSION['user_type'].
登录后,您需要使用 1 或 2 的用户类型检查数据库,并将该变量与会话变量(如 $_SESSION['user_type'])一起存储。
So based on that you can track.
因此,您可以在此基础上进行跟踪。
回答by Mithun Sen
Try to add a column with user typeto that table. Check the value of that column while fetching data from the table. If the value is admin, show the text otherwise not.
尝试将具有用户类型的列添加到该表中。从表中获取数据时检查该列的值。如果值为admin,则不显示文本。
