页面保护不适用于“管理员”页面 [英] Page protection does not work correctly for the Administrator page

问题描述

我张贴了与此类似的帖子，但代码不同，但现在将其更改为
a，却没有得到我所希望的答案（
答案对我没有太大帮助）。我希望这可以，请告诉我是否可以。 ：）

I posted a similar post of this whith a different code, but changed it a little now, and did not get an answers that I was hoping for (the answers did not help me much). I hope this is Ok, tell me if it is not. :)

我一直在尝试为Administrator页面做页面保护，但是我无法使其正常工作。我敢肯定，如果我不是PHP编码的新手，那不会有问题，嘿嘿。

I have been trying to make a page protection for the Administrator page, and I can not get it to work. I am sure this would not have been a problem if I was not new to PHP coding, hehe.

当普通用户使用 0类型进行访问时管理员页面 index_admin.php ，该用户将被重定向到普通用户页面 index.php 。如果用户的类型为 1，则该用户/管理员将停留在该页面上。

When a normal user with the type '0' is trying to access the administrator page, index_admin.php, the user will get redirected to the normal user page, index.php. And if the user have the type '1', then the user/admin will stay on the page.

这是我一直在尝试的代码。 （此文件在 index_admin.php 中是必需的，它称为 index_admin_check.php ）。

Here is the code I have been trying to get working. (This file is required in index_admin.php and it is called index_admin_check.php).

index_admin_check.php ：

<?php
    session_start();
?>

<?php
    $vert = "localhost";
    $brukarnamn = "root";
    $passord = "";
    $db_namn = "nettsidebunad";
    $tbl_namn = "kunde_register";

    // Connection to the MySQL database.
    mysql_connect("$vert", "$brukarnamn", "$passord") or die ("Kan dessverre ikkje koble til databasen.");
    mysql_select_db("$db_namn") or die ("Kan ikkje finna den ynkjande databasen.");
?>

<?php
if (isset($_SESSION['mittbrukarnamn'])) {

    $sql1 = "SELECT `type` FROM $tbl_namn";
    $rad1 = mysql_query($sql1);
    $type1 = mysql_fetch_row($rad1);

    if ($type1 == 0) {
        echo "You do not have access to this page.";
        //header("location: index.php");
    } else {
        echo "You have access to this page.";


    }
}
?>

其中一些文字是挪威语。

$ vert = $ host（英语）

$vert = $host (in english)

$ brukarnamn = $ usernamn（英语）

$brukarnamn = $usernamn (in english)

$ passord = $ password（英语）

$passord = $password (in english)

$ db_ namn = $ db_name（英语）

$db_namn = $db_name (in english)

$ tbl_ namn = $ tbl_name（英语）

$tbl_namn = $tbl_name (in english)

$ _ SESSION ['mittbrukarnamn'] = $ _SESSION ['myusername']（英语）

$_SESSION['mittbrukarnamn'] = $_SESSION['myusername'] (in english)

推荐答案

由于我今天似乎回答很多，所以我有 github上的管理面板似乎回答了很多常见问题有关php登录的问题。就您而言，您只需从数据库中获取 type 并使用它。请注意，您必须在SQL中提供 WHERE 语句，否则您将没有该用户的信息。您将在该表中拥有所有文件。

As I seem to be answering with a lot today, I have an admin panel on github that seems to answer a lot of common questions about php logins. In your case, you would simply fetch type from your database and use that. Note that you must provide the WHERE statement in your SQL otherwise you will not have that user's information. You will have every piece of it in that table.

以下内容使用了准备的查询。 mysql _ * 函数已已弃用 （不再受支持；请参见此SO问题 ）

The following makes use of prepared queries. mysql_* functions are deprecated (no longer supported; see this SO question)

function get_user_array() {
    /* Does all of the heavy lifting for getting user stats. */
    $db = new db(); // where db() is an abstraction class that implements mysqli and adds login details.
    if (isset($_SESSION["id"])) {
        $sid = $_SESSION["id"];
        if ($query = $db->prepare("SELECT id, name, status FROM `users` WHERE id=?")) {
                $query->bind_param("i", $sid); // i = integer
                $query->execute();
                $query->bind_result($id, $name, $status);
                $query->fetch();
                $query->close();
                $db->close();
                return array("name" => $name, "status" => $status, "id" => $id);
        } else {
            return false;
        }
    } else {
        return false;
    }
}

我的建议也是使用用户ID，并且从数据库中查找所有内容。这样，如果他们的用户名更改，整个网站就不会因为页面加载而崩溃。

My suggestion is also to use a user id, and find everything from the database. That way, if their username changes, the whole site doesn't blow up on their page load.

实际比较将会是：

$user = get_user_array();
if (@$user["type"] != 'admin') { // @ error-handling will make it NULL anyway.
    header("Location: index.php"); // note: this must be sent BEFORE any output!
}

快速比较以检查普通用户是否已登录（例如，logged_in（））：

And the fast comparison to check if a normal user is logged in (if logged_in(), for instance):

$user = get_user_array();
if (!@$user["id"]) { // continue only if logged in
    // not logged in handle
}

---

注意： db（）是此类（从长远来看，重写mysqli公共函数可以缩短代码，这很不错，只要您调用父级即可）：

---

Note: db() is this class (it is great to override the mysqli public functions to shorten code in the long run, provided you call the parent):

class db extends mysqli {
    public function __construct($a = DB_HOST,
                                $b = DB_USER,
                                $c = DB_PASS,
                                $d = DB_NAME,
                                $persistent = true) {
        if ($persistent) {
            parent::__construct("p:" . $a, $b, $c, $d);
        } else {
            parent::__construct($a, $b, $c, $d);
        }
    }
}

这篇关于页面保护不适用于“管理员”页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！