简体   繁体   中英

Session management: PHP+MySQL

I'm developing a Knowledge Management System in PHP + MySQL, Where I'm keeping Staff and Student in Different Table. Now I'm Facing some Problems in Session Management.

I can access student_profile.php?id=1 , if logged in as student, but if I change the url as staff_profile.php?id=1 , I will be logged in as Staff!

How do I solve this problem?

Also, can I put students and staff on same table? Is there any issue?

You may set different value (identity) for session key when user logged successfully.

In login.php

<?php
 session_start();

 if(user_is_student()) {
      $_SESSION["usertype"]="student";
      ...
 }
 else 
 if(user_is_staff()) {
      $_SESSION["usertype"]="staff";
      ...
 }
?>

In staff and student profile pages, verify value of usertype key.

staff.php

<?php
  session_start();
  $validUser=false;
  if(isset($_SESSION["usertype"]))
   {
     if($_SESSION["usertype"]=="staff")
       {
          $validUser=true;
        }
   }
 if(!$validUser) {
     header("Location: login.php");
 }
?>

It's perfectly ok to put students and staff on the same table. If they have similar attributes that is. These would be considered subclasses to say a "user". But what you are talking about is more authorization . So you first need to verify that the user is a student or staff. If you find that the user is a student and goes to the staff url, then you need to redirect or simply deny access.

So, for example say you had this database setup.

                    User
                  /      \
              Student   Staff

Now you have 1 table called User. Everyone would be in here. There are a few ways to do this, you can create a new attribute (column) and it would simply be a boolean of some sort.

So your User table could look like

Userid | Name | Address | ... | Staff

Where

| Staff | = 1 or 0, depending on if they are a student or just staff.

This is probably the fastest way when making a query. Now if you need additional information for either one, simply create a Student and Staff table with the specific attributes for those. Then you would query the additional information when needed.

no problem. without a minor/major rewrite, no matter what else your code is doing, just put the "role" into the session and check the role before each query. role=staff or role=student. and dont use a cookie to hold that as they can be changed. check role every access.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM