此特权代码有什么问题? [英] what's wrong in this code of privilege?

查看:84
本文介绍了此特权代码有什么问题?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何在检查" php代码或页面中检查权限??

how to check privilege in "check"php code or page ??

我使用explode和in_array

I using explode and in_array

用户登录并进入检查"页面后,代码必须检查用户是否具有"dataDisplay"特权..但检查"页面中的代码不执行该操作

after the user log in and in "check" page the code must check privilege of user if he has "dataDisplay" privilege or not ..but the code in "check" page doesn't do that

我在检查"页面代码中有什么问题

what's my wrong in "check" page code

这是我的数据库:

+--------------------+-------------------------------+
| username           |   user_privilege              |
|--------------------|-------------------------------|
| amal               |7gz,agt_courses,newbill        | 
|                    |                               |
+----------------------------------------------------+
|                    |                               |
| ahmed              |dataDisplay,previllige,newUsers|
+----------------------------------------------------+

第一页登录" php:

first page "login" php:

<?php
ob_start();
session_start();
include '../connection/connect.php';

$username = $_POST['username'];
$password = $_POST['password'];


if($username && $password ){
    $finduser = mysqli_query($link,"SELECT * FROM LOGIN WHERE username = '".$username."' AND password = '".$password ."'") or die("error");
    if(mysqli_num_rows($finduser) !=0){
        while($row = mysqli_fetch_array($finduser)){
            $uname = $row['username'];
            $pass= $row['password '];
            $arr=explode(",",$row['user_privilege']);
        }
    }
        {
        $_SESSION['sessionname'] =$uname;
        $_SESSION['sessionpass'] =$password ;
        $_SESSION['sessionpre'] =explode(",",$row['user_previllige']);
        header ("location:../agtSite/agt2.php");
    }
} 
ob_end_flush();
?>

第二页检查" php:

second page "check" php:

<?php
session_start();

$_SESSION['sessionpre']='';

$haspermission =in_array("dataDisplay",$_SESSION['sessionpre']);


if( $haspermission )
{
    header("location: agt2.php");
    }

else{header("location: ../display/display.php");}

?>

推荐答案

您忘记添加 else 块,如果适当缩进代码,可以避免此问题. 确保仅在找到用户后才创建会话

You forgot to add else block, a problem you could avoid if you indent your code properly. Make sure you create the session only if you find a user

if(mysqli_num_rows($finduser) !=0){
    while($row = mysqli_fetch_array($finduser)){
        $_SESSION['sessionname'] =$row['username'];
        $_SESSION['sessionpass'] = $row['password '];
        $_SESSION['sessionpre'] = explode(",",$row['user_previllige']);
        header ("location: ../check.php");
    }
}
else{
//could not find user
}

正如其他人在评论中指出的那样,您防止SQL注射.

Also as the others pointed out in the comments you to prevent SQL injection.

这篇关于此特权代码有什么问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆