PHP:检查管理员是否登录,重定向他们并确保正确的访问
[英]PHP: Checking if admin is logged in, redirecting them and ensure the right access
问题描述
I have a page for users named game.php, where they can update their profile etc. So when the admin logs in, they can still access game.php but I do not want them to do so.
我有一个名为 game.php 的用户页面,他们可以在其中更新他们的个人资料等。因此,当管理员登录时,他们仍然可以访问 game.php,但我不希望他们这样做。 How do I prevent it?我该如何预防?
I have 2 different log in page, 1 for normal users (logreg.php), 1 for admin (admin.php)我有 2 个不同的登录页面,1 个用于普通用户 (logreg.php),1 个用于管理员 (admin.php)
This is my game.php codes, where they restricts the admin from accessing and it redirects me back to logreg.php.这是我的 game.php 代码,它们限制管理员访问并将我重定向回 logreg.php。
The status of the user will be "gamer" - a normal user OR "admin" - for admin log in.用户的状态将为“玩家” - 普通用户或“管理员” - 用于管理员登录。
<?php
session_start();
ob_start();
if (!isset($_SESSION["username"], $_SESSION['status'])) {
$_SESSION['username'] = $username;
$_SESSION['status'] = 'admin';
header("Location:logreg.php");
}
else {
$username = $_SESSION['username'];
}
?>
But here's the issue: how do I check if the user is logged in as admin at the admin.php (admin login page) and redirect them to the admin site instead of logging in again, while also making sure that the "gamers" can't access the admin site?但这里有一个问题:我如何检查用户是否在 admin.php(管理员登录页面)上以管理员身份登录并将他们重定向到管理站点而不是再次登录,同时还要确保“游戏玩家”可以无法访问管理站点? It states that my site has redirected me too many times.它指出我的网站重定向了我太多次。
Here are my codes for admin.php这是我的 admin.php 代码
<?php
session_start();
ob_start();
if (!isset($_SESSION["username"], $_SESSION['status'])) {
$_SESSION['username'] = $username;
$_SESSION['status'] = 'gamer';
header("Location:admin.php");
}
else {
$username = $_SESSION['username'];
$_SESSION['status'] = 'admin';
header("Location:adminpage.php");
}
?>
Thanks in advance!!!!提前致谢!!!!
1 个解决方案
解决方案1
0 2018-10-20 15:06:39
Too long for a comment but a code-free answer...评论太长了,但没有代码的答案......
Actually, I think what you want is to have a single login.php page, which processes the user login.实际上,我认为您想要的是拥有一个处理用户登录的login.php页面。 On that page, first ensure username/password match.在该页面上,首先确保用户名/密码匹配。 Then look up rights level to see if they are an admin or a player (or something else in the future?).然后查看权限级别,看看他们是管理员还是玩家(或将来的其他角色?)。 Set a session variable to indicated user is authenticated and a user rights level - admin or player (this gives future flexibility to add "moderator", etc)设置会话变量以指示用户已通过身份验证和用户权限级别 - 管理员或玩家(这为将来添加“主持人”等提供了灵活性)
On admin.php check the session to see that the user is authenticated, and the user has admin rights.在admin.php检查会话以查看用户是否已通过身份验证,并且用户具有管理员权限。 If they don't then unset all the session variables and redirect to the home page or login page.如果没有,则取消设置所有会话变量并重定向到主页或登录页面。 If you want to be nice, before doing that check to see if they are an authenticated user and if so redirect to game.php instead.如果您想保持友好,请在执行此操作之前检查他们是否是经过身份验证的用户,如果是,则重定向到game.php 。
On game.php check the session to see that the user is authenticated, and the user does not have admin rights.在game.php检查会话以查看用户是否已通过身份验证,并且用户没有管理员权限。 If they do have admin rights, print a message reminding that admins can't play while logged in as admins, and provide a link to admin.php and logout.php (which will unset all session vars and redirect to login.php ).如果他们确实有管理员权限,则打印一条消息,提醒管理员在以管理员身份登录时不能玩游戏,并提供一个指向admin.php和logout.php的链接(这将取消设置所有会话变量并重定向到login.php )。 Then check to make sure you have an authenticated gamer, if not then bounce to the logout.php (and again back to login.php ) also.然后检查以确保您有经过身份验证的玩家,如果没有,则也logout.php (并再次返回到login.php )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.