我将如何 go 关于只让用户类型“管理员”访问我的 PHP 项目中的某些页面?
[英]How would I go about only letting the usertype “Admin” access certain pages in my PHP project?
问题描述
The title says it all.
标题说明了一切。 How would I go about only letting the usertype "Admin" access certain pages in my PHP project?我将如何 go 关于只让用户类型“管理员”访问我的 PHP 项目中的某些页面? To summarize, I have a "usertype" section in my sql database that assigns either the User role (default) or the admin role (created by Admins in the user management section).总而言之,我的 sql 数据库中有一个“用户类型”部分,它分配用户角色(默认)或管理员角色(由管理员在用户管理部分中创建)。 The thing is, 1. In my side menu, I do not want regular users to see the admin section where it lists all the admin modules (user management, about us editing page) and 2, I do not want regular users to be able to access those admin pages.问题是,1. 在我的侧边菜单中,我不希望普通用户看到管理部分,其中列出了所有管理模块(用户管理,关于我们的编辑页面)和 2,我不希望普通用户能够访问这些管理页面。 Can somebody please help me with this?有人可以帮我吗? I've been stuck on it for a while.我已经坚持了一段时间。
This is my side-menu code:这是我的侧面菜单代码:
<div id="layoutSidenav">
<div id="layoutSidenav_nav">
<nav class="sb-sidenav accordion sb-sidenav-dark" id="sidenavAccordion">
<div class="sb-sidenav-menu">
<div class="nav">
<div class="sb-sidenav-menu-heading">Standard</div>
<a class="nav-link" href="dashboard.php">
<div class="sb-nav-link-icon"><i class="fas fa-tachometer-alt"></i></div>
Dashboard
</a>
<a class="nav-link" href="surf.php">
<div class="sb-nav-link-icon"><i class="fas fa-plane"></i></div>
Surf Freely
</a>
<a class="nav-link" href="chat.php">
<div class="sb-nav-link-icon"><i class="fas fa-comments"></i></div>
Chat
</a>
<div class="sb-sidenav-menu-heading">Admin</div>
<a class="nav-link" href="register.php">
<div class="sb-nav-link-icon"><i class="fas fa-users"></i></div>
User Management
</a>
</div>
</div>
<div class="sb-sidenav-footer">
<div class="small">Logged in as:</div>
<?php
echo $_SESSION['username'];
?>
</div>
</nav>
</div>
I do not want users with the usertype "User" accessing this part of the navbar:我不希望用户类型为“用户”的用户访问导航栏的这一部分:
<div class="sb-sidenav-menu-heading">Admin</div>
<a class="nav-link" href="register.php">
<div class="sb-nav-link-icon"><i class="fas fa-users"></i></div>
User Management
</a>
Here is my security file (the file that prevents logged in users from accessing certain pages):这是我的安全文件(阻止登录用户访问某些页面的文件):
<?php
session_start();
include('includes/dbconfig.php');
if(!$_SESSION['username']) {
header('Location: login.php');
}
?>
Login code:登录代码:
if (isset($_POST['login_btn'])) {
$email_login = $_POST['email'];
$password_login = $_POST['password'];
$query = "SELECT * FROM register WHERE email='$email_login' AND password='$password_login' LIMIT 1";
$query_run = mysqli_query($connection, $query);
$usertypes = mysqli_fetch_array($query_run);
if ($usertypes['usertype'] == "Admin") {
$_SESSION['username'] = $email_login;
header('Location: dashboard.php');
} else if ($usertypes['usertype'] == "User") {
$_SESSION['username'] = $email_login;
header('Location: dashboard.php');
} else {
$_SESSION['status'] = "Email / Password is Invalid";
header('Location: login.php');
}
}
1 个解决方案
解决方案1
1 2020-08-20 05:36:28
Find login code查找登录代码
$_SESSION['username'] = $email_login;
Add after之后添加
$_SESSION['usertype'] = $usertypes['usertype'];
front-side前面
<?php if($_SESSION['usertype']=="Admin"){?>
...ur html code
<?php }?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.