检查已登录用户的角色(PHP)
[英]Check role of user logged in (PHP)
问题描述
first, I have searched for a question that is the same with mine, unfortunately I can't understand the answers. 
首先,我搜索的问题与我的问题相同,很遗憾,我无法理解答案。 It says use Auth, etc... bla bla bla. 它说使用Auth等... bla bla bla。 I only know basics so far. 到目前为止,我仅了解基础知识。
So here is my question: how to check the user currently logged in and its role? 所以这是我的问题:如何检查当前登录的用户及其角色?
I thought I could do it so easily, actually I did, but the user of the site I'm building should only be one. 我以为我可以很轻松地做到这一点,实际上我确实做到了,但是我正在构建的站点的用户只能是一个。 lol. 大声笑。 I have two columns named session and membership. 我有两列名为session和Membership。 Anyway, my code is written below (It is definitely wrong, I just realized it this 2AM in the morning. It would 100% work if the user of the side is again only one. 无论如何,我的代码写在下面(这肯定是错误的,我只是在凌晨2点才意识到这一点。如果一侧的用户又只是一个,那将100%起作用。
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
header("Location: http://localhost/se/");
}
//if(!empty($_SESSION['user']) )
else
{
//This following codes are for checking the session in DB
$query = "
SELECT
id,
password,
emailAddress,
membership
FROM memberlist
WHERE
session = :var_val
";
// The parameter values
$query_params = array(
':var_val' => 'True'
);
try
{
// Execute the query against the database
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ( $row['membership'] == 'Officer' || $row['membership'] == 'Member' )
{
header("Location: http://localhost/memberdir/index.php");
}
}
If a user's membership == 1, then go to admin directory. 如果用户的成员资格== 1,则转到admin目录。 else go to members directory. 否则转到成员目录。
Please help :( 请帮忙 :(
2 个解决方案
解决方案1
0 2014-10-22 17:51:40
when the user login success you can do like this: 当用户成功登录后,您可以执行以下操作:
if(login success)
{
$_SESSION['user']=array('id'=>$id,
'emailAddress'=>$emailAddress,
'membership'=>$membership);//the three values are selected from database when login in
}else
{
// do some thing
}
then when you check the user ,you can use: 然后,当您检查用户时,可以使用:
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
header("Location: http://localhost/se/");
}else
{
//get user info from session
}
解决方案2
0 已采纳 2014-10-22 17:56:46
To start a user session: 要启动用户会话:
session_start();
To add parameters to that session: 要将参数添加到该会话:
$_SESSION['parameter'] = $parameter;
To get that parameter: 要获取该参数:
$getParameter = $_SESSION['parameter'];
So make sure you put session_start(); 因此,请确保您放置session_start(); before any output to the page (before you print anything): 在任何输出到页面之前(在打印任何内容之前):
if ( $row['membership'] == 'Officer' || $row['membership'] == 'Member' )
{
session_start();
$_SESSION['membership'] = $row['membership'];
include('memberdir/index.php');
//or header("Location: http://localhost/memberdir/index.php");
}
So in your member file that you show a particular user (or only one user, doesn't make a difference), you check that the session parameter exists and what to do with it: 因此,在您的成员文件中向您显示特定用户(或仅一个用户,没有任何区别),请检查session参数是否存在以及如何处理:
if (isset($_SESSION['membership'])) {
//membership parameter is set
if($_SESSION['membership'] == 'Officer') {
echo "Hey, your membership is Officer, here is your page";
} else if ($_SESSION['membership'] == 'Member') {
echo "Hey your membership is Member, here is your page";
}
}
This should help you understand the basics and you can go from there. 这应该可以帮助您了解基础知识,并且可以从那里开始。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.