[英]Session management: PHP+MySQL
I'm developing a Knowledge Management System in PHP + MySQL, Where I'm keeping Staff and Student in Different Table. 我正在开发一个PHP + MySQL的知识管理系统,我将员工和学生放在不同的表中。 Now I'm Facing some Problems in Session Management.
现在我遇到了会话管理中的一些问题。
I can access student_profile.php?id=1
, if logged in as student, but if I change the url as staff_profile.php?id=1
, I will be logged in as Staff! 我可以访问
student_profile.php?id=1
,如果以学生身份登录,但如果我将url更改为staff_profile.php?id=1
,我将以员工身份登录!
How do I solve this problem? 我该如何解决这个问题?
Also, can I put students and staff on same table? 另外,我可以把学生和工作人员放在同一张桌子上吗? Is there any issue?
有什么问题吗?
You may set different value (identity) for session key when user logged successfully. 用户成功登录后,您可以为会话密钥设置不同的值(标识)。
In login.php 在login.php中
<?php
session_start();
if(user_is_student()) {
$_SESSION["usertype"]="student";
...
}
else
if(user_is_staff()) {
$_SESSION["usertype"]="staff";
...
}
?>
In staff and student profile pages, verify value of usertype
key. 在员工和学生资料页面中,验证
usertype
密钥的值。
staff.php staff.php
<?php
session_start();
$validUser=false;
if(isset($_SESSION["usertype"]))
{
if($_SESSION["usertype"]=="staff")
{
$validUser=true;
}
}
if(!$validUser) {
header("Location: login.php");
}
?>
It's perfectly ok to put students and staff on the same table. 把学生和教职员放在同一张桌子上是完全可以的。 If they have similar attributes that is.
如果它们具有相似的属性。 These would be considered subclasses to say a "user".
这些将被视为表示“用户”的子类。 But what you are talking about is more
authorization
. 但你所说的是更多的
authorization
。 So you first need to verify that the user is a student or staff. 因此,您首先需要验证用户是学生还是员工。 If you find that the user is a student and goes to the staff url, then you need to redirect or simply deny access.
如果您发现用户是学生并转到员工网址,则需要重定向或拒绝访问。
So, for example say you had this database setup. 所以,比如说你有这个数据库设置。
User
/ \
Student Staff
Now you have 1 table called User. 现在您有一个名为User的表。 Everyone would be in here.
每个人都会在这里。 There are a few ways to do this, you can create a new attribute (column) and it would simply be a boolean of some sort.
有几种方法可以做到这一点,你可以创建一个新属性(列),它只是某种布尔值。
So your User table could look like 所以你的用户表看起来像
Userid | Name | Address | ... | Staff
Where 哪里
| Staff | = 1 or 0, depending on if they are a student or just staff.
This is probably the fastest way when making a query. 这可能是进行查询时最快的方法。 Now if you need additional information for either one, simply create a Student and Staff table with the specific attributes for those.
现在,如果您需要其中任何一个的其他信息,只需创建一个具有特定属性的Student和Staff表。 Then you would query the additional information when needed.
然后,您将在需要时查询其他信息。
no problem. 没问题。 without a minor/major rewrite, no matter what else your code is doing, just put the "role" into the session and check the role before each query.
没有次要/重大改写,无论你的代码做了什么,只需将“角色”放入会话并在每次查询之前检查角色。 role=staff or role=student.
角色=员工或角色=学生。 and dont use a cookie to hold that as they can be changed.
并且不要使用cookie来保存它,因为它们可以被更改。 check role every access.
每次访问都检查角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.