[英]how to add user role in php
我试图将我的用户和管理员重定向到某些页面,但是我的PHP代码将管理员和用户都重定向到同一页面
if (isset($_POST['Login'])) {
$username = $_POST['username'];
$password = $_POST['surname'];
$password_hash = md5($password);
$role;
if (!empty($username) && (!empty($password)))
{
$query = "SELECT 'id' FROM users WHERE 'staffno' = '$username' AND 'password'='$password_hash'";
$run = mysqli_query($conn, $query);
if ($run) {
$sql = "SELECT users.role FROM users";
$result = mysqli_query($conn, $sql);
$user = mysqli_fetch_array( $result);
//$_SESSION['admin'] = $user['admin'];
$_SESSION['role'] = "admin";
if((isset($_SESSION['role']) && $_SESSION['role'] == "admin")){
header("location: Upload.php");
}else{
header("location: Home.php");
}
}
尝试使用此:
$_SESSION['role'] = $user['database-role-column-name'];
我假设,您的会话从顶部开始。 从那以后,您已经硬编码了$_SESSION['role']
变量
$_SESSION['role'] = "admin";
而且,这始终是正确的
if((isset($_SESSION['role']) && $_SESSION['role'] == "admin")){
您需要使用
$_SESSION['role'] = $user['role'];
您需要在会话中存储动态用户角色
$_SESSION['role'] = "admin";
改成
$_SESSION['role'] = $user['Your_User_Role_coulmn_name'];
这个脚本$user = mysqli_fetch_array( $result);
将返回有关所选用户的所有信息,因此,如果您将用户角色存储在同一表中,则可以将用户角色值存储在会话中。 这样,您的if语句将按照要求运行。
同样对于使用会话,您需要在使用$_SESSION
之前添加session_start()
。
请检查示例
session_start();
if (isset($_POST['Login'])) {
$username = $_POST['username'];
$password = $_POST['surname'];
$password_hash = md5($password);
$role;
if (!empty($username) && (!empty($password)))
{
$query = "SELECT `id` FROM users WHERE `staffno` = '$username' AND `password`='$password_hash'";
$run = mysqli_query($conn, $query);
if ($run) {
$sql = "SELECT users.role FROM users";
$result = mysqli_query($conn, $sql);
$user = mysqli_fetch_array( $result);
$_SESSION['role'] = "admin"; // this approach will be always same
$_SESSION['role'] = $user['Your_User_Role_coulmn_name']; // you need to store dynamic user role into the session
if((isset($_SESSION['role']) && $_SESSION['role'] == "admin")){
header("location: Upload.php");
}else{
header("location: Home.php");
}
}
}
}
您可以先更改$password = $_POST['surname'];
到$password = $_POST['password'];
看看是否能解决您的问题。
尝试
if($run){
$_SESSION['role'] = $user['role'];
If($user['role'] == 'admin'){ //admin page}else{//the other page}
}
另外,尝试通过添加来限制您的第一个查询的结果
LIMIT 0, 1
您的代码现在甚至很短
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.