[英]show div based on user role in database php/mysql
在這里搜索並嘗試不同的方法沒有成功之后,我想我會問。
像這樣的東西是完美的但我不知道如何設置它來檢查用戶角色
<?php
if (roles->getUserRole(reports)) { echo "<li><a href='/page5'>Reports</a></li>"; }
?>
我想根據數據庫中的用戶角色顯示/不顯示菜單項。 我把它設置在數據庫中
(管理員)角色 - 1或(超級管理員)角色2
這是login.php
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "db_admin", "db-password");
// To protect MySQL injection for Security purpose
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
// Selecting Database
$db = mysql_select_db("db_database", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where password='$mypassword' AND username='$myusername'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$myusername; // Initializing Session
header("location: dashboard.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>
dashboard.php頂部的代碼
<?PHP
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
} else {
header ("Location: index.php");
}
?>
我希望根據用戶角色顯示/隱藏菜單項。
<li>
<a href="employees.php" class="dropdown-toggle" data-toggle="dropdown" data-hover="dropdown">
<i class="fa fa-user"></i>
Employees
<span class="caret"></span>
</a>
<ul class="dropdown-menu">
<li><a href="employees.php"><i class="fa fa-th-list nav-icon"></i> See All</a></li>
<li><a href="add-employee.php"><i class="fa fa-plus-square-o nav-icon"></i> Add</a></li>
<li><a href="edit-employee.php"><i class="fa fa-edit nav-icon"></i> Edit</a></li>
</ul>
</li>
作為旁注(因為我知道它會被提及)我知道我的代碼應該是mysqli,當我把它全部工作時我將把我的網站切換到那個。 我正在學習它。
首先,您應該在會話中存儲超過用戶登錄的內容:如果驗證成功,則使用類似的東西創建一個唯一的令牌
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where password='$mypassword' AND username='$myusername'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $myusername; // Initializing Session
$token = md5(uniqid());
$_SESSION['token'] = $token;
$query = mysql_query("update token from members where username='$myusername' set token = '$token'", $connection);
header("location: dashboard.php"); // Redirecting To Other Page
} else {
...
}
此令牌將用於驗證您網站的每個其他頁面上的身份驗證,如果沒有它,您只假設如果您的會話中有login_name,那么身份驗證是正確的。
當然,這將起作用,但這根本不安全,如果用戶想要更新其密碼,則已經登錄同一帳戶的其他計算機將永遠不會斷開連接。
使用令牌,您將能夠在密碼更改后重置它。
在其他頁面中,您可以使用會話用戶名來獲取當前令牌和當前角色。
// Check for a session
if(isset($_SESSION['login_user']) && isset($_SESSION['token']))
{
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from members where username='".$_SESSION['login_user']."'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$row = mysql_fetch_array($query , MYSQL_BOTH);
if($row['token'] != $_SESSION['token'])
{
// Incorrect token, disconnect the user
unset($_SESSION['login_user']);
unset($_SESSION['token_user']);
// Make redirection and stuff
}
else
{
// User still logged
$role = $row['role'];
// You can then use that variable later in page
// If $role == 1, Admin, show menu, prevent function access, ect
}
}
}
希望它有所幫助!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.