使用他们的用户角色从同一登录页面将用户重定向到仪表板
[英]Redirecting user to dashboard with their user role from same login page
问题描述
I have directed user according to the user's role in the dashboard from the same login page.
我已经根据用户在同一登录页面的仪表板中的角色来引导用户。
But with this the user can go to user dashboard just by simple providing the admins url.但是有了这个,用户只需提供管理员 url 就可以转到用户仪表板。
How can I prevent a user from getting in the admin dashboard after login?如何防止用户在登录后进入管理仪表板?
The login code is as follow.登录代码如下。
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
//if the user try to enter without typing anything.
if($username !="" && $password !==""){
/*$password = sha1($password);*/
$sql = "SELECT * FROM users WHERE username ='$username'AND password='$password'";
$result=mysqli_query($conn, $sql) or die('Error');
if(mysqli_num_rows($result) > 0){
while($row = mysqli_fetch_assoc($result)){
$user_id = $row['user_id'];
$fullname = $row['fullname'];
$username = $row['username'];
$phone_number = $row['phone_number'];
$state = $row['state'];
$city = $row['city'];
$street = $row['street'];
$email = $row['email'];
$user_role = $row['user_role'];
//Starting the session for the user
$_SESSION['user_id'] = $user_id;
$_SESSION['fullname'] = $fullname;
$_SESSION['username'] = $username;
$_SESSION['phone_number'] = $phone_number;
$_SESSION['state'] = $state;
$_SESSION['city'] = $city;
$_SESSION['street'] = $street;
$_SESSION['email'] = $email;
$_SESSION['user_role'] = $user_role;
if($user_role == admin){
header('Location:admin/admindashboard.php');
}else{
header('Location:user/userdashboard.php');
}
}
}else{
$error="Username or Password is incorrect!!";
}
}else{
$error = "Please Enter Username and Password";
}
}
2 个解决方案
解决方案1
2 已采纳 2018-07-13 13:20:35
You need to make sure that certain conditions match for each user so that they do not navigate by typing into URL.您需要确保每个用户的特定条件匹配,以便他们不会通过输入 URL 进行导航。
From your coding assuming that you have already redirected the users to the relevant page.从您的编码假设您已经将用户重定向到相关页面。 Make sure you have validation checks in following files.确保您在以下文件中进行了验证检查。
Add this to the header of admindashboard.php将此添加到admindashboard.php的标题中
if( $_SESSION['user_role'] != "admin")
{
session_destroy();
header("location: login.php");
}
Add this to the header of userdashboard.php将此添加到userdashboard.php的标题中
if( $_SESSION['user_role'] != "user")
{
session_destroy();
header("location: login.php");
}
With the above codes, you will block other different types of users accessing different parts of the website.使用上述代码,您将阻止其他不同类型的用户访问网站的不同部分。
解决方案2
0 2018-07-13 13:21:03
How can I prevent a user from getting in the admin dashboard after login?
By performing the same check on that page (on admindashboard.php ).通过在该页面(在admindashboard.php )执行相同的检查。 Whatever $user_role and admin are, you would examine the same logic on any page which requires that permission.无论$user_role和admin是什么,您都可以在需要该权限的任何页面上检查相同的逻辑。 If the check fails, redirect (possibly to the login page, prompting the user to login with an account which can access that page).如果检查失败,重定向(可能到登录页面,提示用户使用可以访问该页面的帐户登录)。
For example:例如:
if($_SESSION['user_role'] != admin) {
header('Location:login.php');
}
You can't prevent a user from requesting any page.您无法阻止用户请求任何页面。 You can respond to that request accordingly.您可以相应地响应该请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.