[英]PHP script dynamic display of files in directory based on user privileges?
Ive创建了以下脚本,以在用户登录时显示目录中的文件:
<?php
session_start();
require_once("path/file.php");
if (!empty($_SESSION[username]))
{echo "You <b>$_SESSION[username]</b> are registered.";
$dirPath = dir('includes/path/');
$docArray = array();
while (($file = $dirPath->read()) !== false)
{
if ((substr($file, -3)=="pdf") || (substr($file, -3)=="doc"))
{
$docArray[ ] = trim($file);
}
}
$dirPath->close();
sort($docArray);
$c = count($docArray);
foreach($docArray as $filename)
{
echo "<div><a href=\"./includes/path/$filename\">Download '$filename'</a></div>";
echo "<br/>";
}
include('logout.php');
}
else
{echo "somethingsomething";
include('login.php');
}
?>
在成员表中,两列MSV和LTP的可能值为0、1。另外,我还必须目录/ path / LTP和/ path / MSV。
我需要对脚本进行补充,如果用户具有LTP或/和MSV的特权,则将相应地显示文件。
您将需要将LTP
和MSV
字段的值存储到$_SESSION
,并在用于读取这些文件夹的php文件中尝试类似这样的操作
读取LTP文件夹
if(!empty($_SESSION[LTP])){
//code to read LTP folder
}else{
//Cannot read LTP folder
}
读取MSV文件夹
if(!empty($_SESSION[MSV])){
//code to read MSV folder
}else{
//Cannot read MSV folder
}
假设0
为拒绝访问权限,而1
为授予读取权限
在数据库中查询用户,并在获取行后建立逻辑。
$username = mysqli_real_escape_string($con, $_SESSION['username']);
$query = "SELECT `LTP`, `MSV` FROM `members` WHERE `username`='".$username."'";
$data = mysqli_query($con, $query) or die(mysqli_error($con));
$row = mysqli_fetch_array($data);
if ($row['MSV'] == '1') {
//provide access to MSV files here.
}
if ($row['LTP'] == '1') {
//provide access to LTP files here.
}
请注意, die
语句仅用于调试,不足以用于生产。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.