[英]Check if user is admin or normal user? PHP $_session and MYSQL
I want to show different content if a user is admin(2), or noarmal user(1).如果用户是管理员(2)或普通用户(1),我想显示不同的内容。 Login works fine, but i don't know hot to check if a user have 'usertype' 1 or 2?
登录工作正常,但我不知道检查用户是否有“用户类型”1 或 2? I want to use PHP $_SESSION.
我想使用 PHP $_SESSION。
This is my login form:这是我的登录表单:
<!-- Log in -->
<form method="post" action="authentication.php">
<input type="text" name="userid" placeholder="E-mail" required/>
<input type="password" name="password" placeholder="Password" required/><br>
<button type="submit" name="submit" class="btn">Log in</button>
</form>
This is my authentication.php:这是我的身份验证。php:
session_start();
if(isset($_POST['userid']) && isset($_POST['password'])){
$userid = $_POST['userid'];
$password = $_POST['password'];
$dbc = mysqli_connect('localhost', 'root', '', 'news');
if(!$dbc){
echo "Cannot connect to database";
exit;
}
$query = "SELECT * FROM users_tbl WHERE email = '$userid' AND password = sha1('$password')";
$result = $dbc->query($query);
if($result->num_rows)
{
$_SESSION['valid_user'] = $userid;
}
$dbc->close();
}
if(isset($_SESSION['valid_user'])){
header("location:prefs.php");
}else{
header("location:login.php");
echo 'Error';
}
This is what i have tried:这是我尝试过的:
<?php
mysql_connect('localhost', 'root', '');
mysql_select_db('news');
$sql = "SELECT users_tbl.usertype FROM users_tbl";
$result = mysql_query($sql);
$user = mysql_fetch_array($result);
$_SESSION['user'] = $user['user'];
$_SESSION['usertype'] = $user['usertype'];
if($_SESSION['user']['usertype'] == 2)
{?>
<h1>Only admin stuff</h1>
<$? }//Endif user is admin(2) ?>
Maybe instead of doing the query for everytime to check if a user is admin, i could save a $_SESSION['usertype'], and then use this to check if a user is 2, for admin, maybe when a user is loggin in?也许不是每次都进行查询以检查用户是否为管理员,我可以保存一个 $_SESSION['usertype'],然后使用它来检查用户是否为 2,对于管理员,也许当用户登录时? But i do not know how to do this.
但我不知道该怎么做。 I'm quite new at this.
我对此很陌生。
try this 尝试这个
if($_SESSION['usertype'] == 2)
{
//do stuff here
}
if ($_SESSION['usertype']) == 1)
{
//do stuff here
}
edit : if you dont want write so many stuff and you want just include admin stuff inside this one of users just do this 编辑:如果您不想写这么多东西,而只想在其中一位用户中加入管理员内容,就可以这样做
if ($_SESSION['usertype']) == 1 or $_SESSION['usertype']) == 2)
{
//do stuff here for them both admin and users
if($_SESSION['usertype'] == 2 )
{
//do extra stuff here for only admin
}
}
I realize that this is an old question, however I have spent the last week searching the internet looking for an answer to this question as I have had a similar issue. 我意识到这是一个古老的问题,但是由于我遇到了类似的问题,因此上周我一直在互联网上搜索该问题的答案。 "echo_Me" had the answer, but I see some incorrect syntax.
“ echo_Me”有答案,但是我看到一些不正确的语法。 After toying around with it on a localserver, this is what I did.
在本地服务器上玩弄之后,这就是我所做的。
if($_SESSION['usertype']) == 1 or $_SESSION['usertype']) ==2)
//> start end < end < < end
{
//do stuff here for them both admin and users
if($_SESSION['usertype'] == 2)
{
//Do other stuff for usertype 2
}
}
You have more End Parenthesis then you do start ones. 您有更多的结束括号,然后再开始。 I set all of the session variables I need when I run the login script for my website.
我为我的网站运行登录脚本时设置了我需要的所有会话变量。 So if I need a session variable, here is how I would handle it:
因此,如果我需要一个会话变量,请按照以下方法进行处理:
if($_SESSION['user']['usertype'] == 1 OR $_SESSION['user']['usertype'] == 2) { ?>
// Do Stuff for normal user and admin
<?php } if($_SESSION['user']['usertype'] == 2) { ?>
// DO Stuff for admin only
<?php } ?>
As you can see, the first if statement only has one set of parenthesis. 如您所见,第一个if语句只有一组括号。 And really, you can remove some of the php code, and just do regular html/css markup then the if statement for usertype of 2 for stuff for admin.
实际上,您可以删除一些php代码,然后进行常规的html / css标记,然后对用户类型2的if语句进行管理。
<!-- HTML Markup for both Admin and Regular Users Goes Here above if statement -->
<?php if($_SESSION['user']['usertype'] == 2 { ?>
// Markup for Admin only
<?php } ?>
Also, I would recommend not having the password set in the session variables. 另外,我建议不要在会话变量中设置密码。 In that code, you may have it not do that, I am just unfamiliar with mysqli as I use PDO.
在该代码中,您可能没有这样做,我只是不熟悉mysqli,因为我使用PDO。
You can save your user type with session variable 您可以使用会话变量保存用户类型
Once logged in you need to check with db with the user type for 1 or 2 and store that variable with session variable like $_SESSION['user_type']. 登录后,您需要使用用户类型为1或2的db进行检查,并将该变量与会话变量(例如$ _SESSION ['user_type'])一起存储。
So based on that you can track. 因此,您可以基于此进行跟踪。
Try to add a column with user type to that table. 尝试将具有用户类型的列添加到该表。 Check the value of that column while fetching data from the table.
从表中获取数据时,请检查该列的值。 If the value is admin , show the text otherwise not.
如果值为admin ,则不显示文本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.