如何写一个语句来判断用户是否是管理员?在 php 中(已解决)

问题描述 投票:0回答:2

我的问题按照我的指示

您需要向成员表添加一个附加字段以指定谁是管理员。这将由数据库管理员(您)手动填充 在login.php文件中,您已经为成功登录的成员分配了一个会话id。您将需要编写一个if语句来确定用户是否是管理员,如果是,则也为该用户分配一个admin_id的会话(按照member_id的示例) 未登录和登录的导航栏是在index.php 中创建的。由于管理员必须是登录用户,因此对于拥有 $_SESSION['admin_id'] 的用户,您将在查看配置文件链接后添加另一个链接 (Admin)。此链接将打开 myadminpage.php(您将在稍后创建)。您已经在 index.php 文件顶部有一个 session_start(),因此您不必启动新会话。

我觉得我错过了一些东西,并且似乎无法仅在管理员登录时才显示管理员链接。

下面的代码是我的login.php

<?php
ob_start();
session_start();

if(isset($_SESSION['member_id']) != "") {
    // redirects to the home page
    header("Location: index.php");
}
if(isset($_SESSION['admin_id']) != "") {
    // redirects to the home page
    header("Location: index.php");
}
?><!DOCTYPE html>

<?php
// require the connection script, end if connection fails
require_once('_connect.php');

if(isset($_POST['login']) && ($_POST['login'] !== "")) {
    $email = $_POST['email'];
    $password = $_POST['password'];

    $select = "SELECT * FROM members WHERE email = '$email'";
    $query = mysqli_query($DBConnect, $select);

    if($query) {
        $row = mysqli_fetch_assoc($query);

        if(password_verify($password, $row['password'])) {
            if($row['admin_id'] == 1){
            $_SESSION['admin_id'] = $row['id'];
            }
            
            // Assign session Id to the unique primary key in the table row
            $_SESSION['member_id'] = $row['id'];

            $fname = $row['fname'];
            $lname = $row['lname'];
            $_SESSION['member_name'] = "$fname $lname";
            header("Location: index.php");
        }
        
        else {
            $errorMessage = "Incorrect email or password.";
        }
    }
}
?>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="description">
    <title>Chinese Zodiac Social Networking</title>
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <style type="text/css">
        body {
            background-color: rgba(235,244,251,1);
        }
    </style>
</head>
<body>

<?php require('includes/_site_nav.php'); ?>

<section class="container">
    <div class="row">
        <div class="col-md-4 col-md-offset-4">
            <form role="form" action="login.php" method="post" name="login_form">
                <fieldset>
                    <legend>Login</legend>

                    <div class="form-group">
                        <label for="email">Email</label>
                        <input type="email" name="email" placeholder="Your Email" required class="form-control">
                    </div>

                    <div class="form-group">
                        <label for="password">Password</label>
                        <input type="password" name="password" placeholder="Your Password" required class="form-control">
                    </div>

                    <div class="form-group">
                        <input type="submit" name="login" value="Log In" class="btn btn-info">
                    </div>
                </fieldset>
            </form>
            <?php
            if(isset($errorMessage)) echo "<span class='text-danger'>$errorMessage</span>";
            ?>
        </div>
    </div>
    <div class="row">
        <div class="col-md-4 col-md-offset-4 text-center">
            <p>Need an account? <a href="register.php">Register here.</a></p>
        </div>
    </div>
</section> 
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
  crossorigin="anonymous"></script>
<script src="js.bootstrap.min.js"></script>  
</body>
</html>

下面的代码是我的index.php

<?php session_start(); ?><!DOCTYPE html>
<?php
require_once('_connect.php'); 
require_once("includes/_functions.php")
?>

<html lang="en">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
  <meta name="description" content="description">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
  <title>Chinese Zodiac Social Networking</title>
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/css/bootstrap.min.css" integrity="sha256-MfvZlkHCEqatNoGiOXveE8FIwMzZg4W85qfrfIFBfYc=" crossorigin="anonymous" />
  <style type="text/css">
    body {
      background-color: rgba(235,244,251, 1);
    }
  </style>
<body>

<?php require('includes/_site_nav.php'); ?>

<div class="container">
<!-- start of dynamic section -->
<?php
if (isset($_SESSION['member_id'])) {
switch($_GET['page']) {
case 'member_profile':
include "includes/_view_member_profile.php";
break;
case 'update_profile':
include "includes/_update_member_profile.php";
break;
case 'login':
include "includes/login.php";
break;
case 'change_password':
include "includes/inc_change_password.php";
break;
default:
include "includes/inc_welcome.php";
break;
} //ends switch
} //ends if
else
{
// If the session id is not set, then display the default page
include "includes/inc_home.php"; // the default page
} //ends else
?>
</div>

<!--Start Bootstrap scripts--->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js" integrity="sha256-Sk3nkD6mLTMOF0EOpNtsIry+s1CsaqQC1rVLTAy+0yc=" crossorigin="anonymous"></script>
<!--End Bootstrap scripts-->
</body> 


</head>
</html>

下面的代码是我的 _site_nav.php (在我的包含文件中)

<nav class="navbar navbar-default" role="navigation">
    <div class="container-fluid">
        <div class="navbar-header">
            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#cz_navbar">
                <span class="sr-only">Toggle navigation</span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="navbar-brand" href="index.php">Chinese Zodiac Social Networking</a>
        </div>
        <div class="collapse navbar-collapse" id="cz_navbar">
            <ul class="nav navbar-nav navbar-right">
                <?php if (empty($_SESSION['member_id']) === FALSE && empty($_SESSION['member_name']) === FALSE) : ?>
                    <li class="navbar-text">Signed in as <?= $_SESSION['member_name']; ?></li>
                    <li><a href="logout.php">Log Out</a></li>
                    <li><a href="view_member_list.php">View Profiles
                        <?php elseif (empty($_SESSION['admin_id']) === FALSE) : ?>
                    <li><a href="myadminpage.php">Admin</a></li>
                <?php else : ?>
                    <li><a href="login.php">Login</a></li>
                    <li><a href="register.php">Register</a></li>
                    <li><a href="view_member_list.php">View Profiles</a></li>
                <?php endif; ?>
            </ul>
        </div>
    </div>
</nav>

我的数据库的图像 DB image

导航栏的输出应显示为:

 Signed in as [user signed in] Log Out View Profiles Admin

如上所述,我无法让管理员仅在管理员登录时才显示。我反复获得的当前输出是常规会员导航栏。

php html mysqli
2个回答
0
投票

两大问题:

  1. login.php
    需要检查是否找到电子邮件。改变
    if(password_verify($password, $row['password'])) {

    if($row && password_verify($password, $row['password'])) {
  1. index.php
    不显示管理页面链接,因为您仅在未设置
    $_SESSION['admin_id']
    时检查
    $_SESSION['user_id']
    。但是当用户是管理员时,这两个变量都会被设置。所以改变
<?php elseif (empty($_SESSION['admin_id']) ===FALSE ): ?>

<?php if (isset($_SESSION['admin_id'])): ?>

0
投票

检查这种方法。我假设

admin
列中的值是一个布尔值,用于检查用户是否是管理员,
1
表示管理员,
0
表示普通用户。当您执行登录时,您可以检查该值,并使用用户
admin_id
更新
id
列:

    if(password_verify($password, $row['password'])) {
        if($row['admin'] == 1 && $row['admin_id'] == '0'){
            // I will not use prepared statements since i think you're doing a learning exercise, but this is not the way to do it, you'll learn after. 
            mysqli_query($DBConnect, "UPDATE members SET admin_id = {$row['id']} WHERE id = {$row['id']}");
            $_SESSION['admin_id'] = $row['id'];
        }
    
        // Assign session Id to the unique primary key in the table row
        $_SESSION['member_id'] = $row['id'];
    
        //Check if the admin_id row is set to different value than 0 and if not already set on the $_SESSION superglobal for the next time the user logs in again.
        if (!isset($_SESSION['admin_id']) && $row['admin_id'] != 0) {
            $_SESSION['admin_id'] = $row['admin_id'];
        }
    
        $fname = $row['fname'];
        $lname = $row['lname'];
        $_SESSION['member_name'] = $fname . " " . $lname; //Concatenate a space in middle of first name and last name for better readability.
        header("Location: index.php");
    } else {
        $errorMessage = "Incorrect email or password.";
    }

然后要在导航中显示链接,您可以这样做:

<ul class="nav navbar-nav navbar-right">
    <?php if (isset($_SESSION['member_id']) && isset($_SESSION['member_name'])) : ?>
        <li class="navbar-text">Signed in as <?= $_SESSION['member_name']; ?></li>
        <li><a href="logout.php">Log Out</a></li>
        <li><a href="view_member_list.php">View Profiles</a></li>
        <?php if (isset($_SESSION['admin_id']) && $_SESSION['admin_id'] != 0) : ?>
            <li><a href="myadminpage.php">Admin</a></li>
        <?php endif; ?>
    <?php else : ?>
        <li><a href="login.php">Login</a></li>
        <li><a href="register.php">Register</a></li>
        <li><a href="view_member_list.php">View Profiles</a></li>
    <?php endif; ?>
</ul>
© www.soinside.com 2019 - 2024. All rights reserved.