[英]How to make sure user type=“admin” can only access a certain webpage? php mysql
How do I make sure that only users with type="admin" can access for example admin.php 如何确保只有类型为“ admin”的用户才能访问例如admin.php
for example. 例如。 I am logged out. 我已注销。 but i can still access the admin.php, how to I make sure i can only access the page when i am logged in as an admin? 但是我仍然可以访问admin.php,如何确保仅以管理员身份登录才能访问该页面?
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
while($row = mysql_fetch_array($result)){
//remove this line ******header("location:customer_home.php");
if($row['type'] == 'admin'){
header("location: admin.php");
} else if($row['type'] == 'customer'){
header("location: customer_home.php");
}
}
}
Thank you so much. 非常感谢。
The simplest solution is 最简单的解决方案是
if($row['type'] == 'admin'){
$_SESSION['isAdmin'] = true;
header("location: admin.php");
}
And the on your admin.php file: 并在您的admin.php文件上:
if($_SESSION['isAdmin']==true){
print 'hi admin!';
}
However this is a 'basic' version, and I would suggest looking up PHP security, and looking up the users logged in ID with a table within your database to properly check the users logged in credentials. 但是,这是一个“基本”版本,我建议您查找PHP安全性,并使用数据库中的表查找登录ID的用户,以正确检查登录凭据的用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.