[英]if is not session , redirect to login page
我正在嘗試編寫一個簡單的腳本,我創建了一個“ ADMIN Panel”,因此,如果用戶是admin(admin = 1),那么他可以通過並查看鏈接/文件;如果他不是(admin = 0),則應該被重定向到登錄頁面,如果不是Session ['username']他應該回到登錄頁面,但是似乎我對這段代碼有疑問,在用戶面板中它可以工作,但是在管理面板中卻沒有
<?php
include './includes/db.php';
session_start();
// ADMIN CHECk
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND admin=1");
$count = mysql_num_rows($result);
if($count != 1) // make sure user is a admin
{
session_start();
session_destroy();
header("location: login.php");
die;
}
if(isset($_GET['act']))
{
if($_GET['act'] == "logout")
{
session_start();
session_destroy();
header("location: login.php");
}
}
?>
好的,我首先看到的是您不首先聲明會話。 其次,不建議使用mysql函數,mysqli將做您需要做的事情。 此修復程序應該為您工作。 同樣,擁有一個logout.php也將更加容易。
db.php
<?php
$db = new mysqli(host, user, pass, database);
?>
然后,在頁面中,您可以像這樣運行查詢:
<?php
session_start();
include './includes/db.php';
//check that the session exists
if(!isset($_SESSION['username'])
{
//the session does not exist, redirect
header("location: login.php");
}
// ADMIN CHECk
$username = $db->real_escape_string($_SESSION['username']);
$result = $db->query("SELECT * FROM users WHERE username='$username' AND admin='1'");
$count = $result->num_rows;
if($count != 1) // make sure user is a admin
{
header("location: login.php");
}
?>
然后在logout.php中,您應該記住實際上要取消設置會話變量
<?php
session_start();
//unset session variables
unset($_SESSION['username']);
session_destroy();
header("location: login.php");
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.