限制非管理员用户的页面(PHP& MySQL [英] Restrict Pages From Non Admin Users (PHP & MySQL

问题描述

我正在开发一个需要几种用户类型的网站.我能够根据用户登录后的角色/类型将用户类型重定向到不同的敬意.但是，我需要将站点的管理员"部分限制为仅管理员角色类型.我根据用户类型/角色将"1"或"2"存储到数据库中.我正在使用"session_start"和"session_is_registered"来检查用户信息.我需要在此代码中添加哪些内容，以限制角色类型为"1"的用户查看该页面.

I am developing a website that requires several user types. I have been able to redirect the user types to different homages based on user roll/type after they login. However, I need to restrict the Admin portion of the site to just admin role types. I am storing a "1" or "2" into the database based on user type/role. I am using the "session_start" and "session_is_registered" to check the user information. What do I need to add to this code to restrict users with a role type of "1" from seeing the page.

session_start();
if(!session_is_registered(username)){
header('Location: ../admin/index.php');
}

推荐答案

将用户角色存储在会话变量中

Store the users role in a session variable

$_SESSION["role"]=1;

或

$_SESSION["role"]=2; 

取决于存储的用户信息.

depending on the stored user information.

然后，当您检查权限时，只需检查此变量:

Then when you check the permissions, you just check this variable:

if($_SESSION["role"]==2){
  header('Location: ../admin/index.php');
} else {
  echo "you need the admin role to view this page!";
}

另一个建议: 如果用户没有管理员角色，最好检查../admin/index.php中的权限并重定向回默认页面.否则，如果用户知道URL，则他们可能可以直接浏览到../admin/index.php.

Another advice: It would be better to check the permissions in ../admin/index.php and redirect back to the default page if the user does not have the admin role. Otherwise users might be able to directly browse to ../admin/index.php if they know the URL.

这篇关于限制非管理员用户的页面(PHP& MySQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！