[英]Give access to pages to specific user types PHP
在我的應用程序中,我有 2 種用戶類型,管理員和經理。 我希望經理只能訪問dashboard.php
。 為此,在我的users
表中,我將用戶類型usertype
為列,並且在注冊時他們必須提及他們是什么類型的用戶。 基於此,在登錄管理器儀表板后,我有一個轉到dashboard.php
的按鈕。 在dashboard.php
我正在檢查$_SESSION['usertype'] == 'manager')
。 如果是,它將允許用戶訪問該頁面,否則它將帶他進入登錄頁面。 但它不起作用。 每次將我帶到登錄頁面時,任何人都可以通過輸入 URL 來訪問dashboard.php
。php。
經理.php
<?php
// Initialize the session
session_start();
// Check if the user is logged in, if not then redirect him to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: login.php");
exit;
}
echo $_SESSION["usertype"];
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
<style>
body{ font: 14px sans-serif; text-align: center; }
</style>
</head>
<body>
<h1 class="my-5">Welcome, <b><?php echo htmlspecialchars($_SESSION["usertype"]); ?></b>. All System Operational!</h1>
<p>
<a href='dashboard.php' class="btn btn-primary">Inventory Management</a>
<a href="reset-password.php" class="btn btn-secondary">Reset Your Password</a>
<a href="logout.php" class="btn btn-danger">Sign Out of Your Account</a>
</p>
</body>
</html>
儀表板.php
<?php
if ((isset($_SESSION["loggedin"]) && $_SESSION['usertype'] == 'manager')) {
header('Location: '.$_SERVER['PHP_SELF']);
} else {
header('Location: login.php');
}
?>
...
登錄.php
<?php
// Initialize the session
session_start();
// Check if the user is already logged in, if yes then redirect him to welcome page
/* what happens if users are different?
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location: welcome.php");
exit;
}
*/
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$usertype = $password = "";
$usertype_err = $password_err = $login_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if usertype is empty
if(empty(trim($_POST["usertype"]))){
$usertype_err = "Please enter usertype.";
} else{
$usertype = trim($_POST["usertype"]);
}
// Check if password is empty
if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}
// Validate credentials
if(empty($usertype_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT id, usertype, password FROM users WHERE usertype = ?";
if($stmt = $mysqli->prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bind_param("s", $param_usertype);
// Set parameters
$param_usertype = $usertype;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Store result
$stmt->store_result();
// Check if usertype exists, if yes then verify password
if($stmt->num_rows == 1){
// Bind result variables
$stmt->bind_result($id, $usertype, $hashed_password);
if($stmt->fetch()){
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["usertype"] = $usertype;
if($usertype == "admin"){
header("location: welcome_admin.php");
} elseif($usertype == "manager"){
header("location: welcome_manager.php");
}elseif($usertype == "delivery"){
header("location: welcome_delivery.php");
}
} else{
// Password is not valid, display a generic error message
$login_err = "Invalid usertype or password.";
}
}
} else{
// usertype doesn't exist, display a generic error message
$login_err = "Invalid usertype or password.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
$stmt->close();
}
}
// Close connection
$mysqli->close();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
<style>
body{ font: 14px sans-serif; }
.wrapper{ width: 360px; padding: 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Login</h2>
<p>Please fill in your credentials to login.</p>
<?php
if(!empty($login_err)){
echo '<div class="alert alert-danger">' . $login_err . '</div>';
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group">
<label>User Type</label>
<input type="text" name="usertype" class="form-control <?php echo (!empty($usertype_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $usertype; ?>">
<span class="invalid-feedback"><?php echo $usertype_err; ?></span>
</div>
<div class="form-group">
<label>Password</label>
<input type="password" name="password" class="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>">
<span class="invalid-feedback"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
</form>
</div>
</body>
</html>
那么如何使這個dashboard.php
只能由指定的用戶類型訪問?
<?php
session_start();
if((isset($_SESSION["loggedin"]) && $_SESSION['usertype'] == 'manager')){
header('Location: '.$_SERVER['PHP_SELF']);
}else {
header('Location: login.php');
}
?>
使用 session 開始恢復您構建的 session。
網站上將使用 session 信息的每個頁面都必須由 session_start() function 標識。 這會在每個 PHP 頁面上啟動 session。 session_start function 必須是第一個發送到瀏覽器的東西,否則它將無法正常工作。 它必須在任何 HTML 標記之前。
我通過在dashboard.php
中刪除(isset($_SESSION["loggedin"])
檢查來使它工作。現在我只檢查用戶是否是經理。所以它是這樣的
<?php
session_start();
if($_SESSION['usertype'] !== "manager"){
header("location: login.php");
exit;
}
?>
我想登錄 state 不需要檢查,因為它已經在管理器頁面中檢查。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.