gpt4 book ai didi

php - 从数据库中提取用户访问级别并添加到 session 中

转载 作者:行者123 更新时间:2023-11-29 13:18:20 27 4
gpt4 key购买 nike

我正在开发一个简单的 PHP 和 MySQL 应用程序,并被要求添加具有 3 个访问级别的简单 ACL 功能:管理员(可以完成所有操作)、编辑器(可以添加和编辑数据)和读取器(只能读取数据并进行零编辑)。

我已经为每个角色分配了一个值,1代表管理员,2代表编辑,3代表读者,并将其添加到用户添加表单和数据库中,我现在需要的是一种能够将其拉入的方法登录 session ,以便可以在各个级别(菜单和某些页面)进行检查。

到目前为止,我所拥有的内容如下。

登录功能

    public function login($username, $password) {

global $bcrypt; // Again make get the bcrypt variable, which is defined in init.php, which is included in login.php where this function is called

$query = $this->db->prepare("SELECT `password`, `id` FROM `users` WHERE `username` = ?");
$query->bindValue(1, $username);

try{

$query->execute();
$data = $query->fetch();
$stored_password = $data['password']; // stored hashed password
$id = $data['id']; // id of the user to be returned if the password is verified, below.


if($bcrypt->verify($password, $stored_password) === true){ // using the verify method to compare the password with the stored hashed password.
return $id; // returning the user's id
}else{
return false;
}

}catch(PDOException $e){
die($e->getMessage());
}

}

以及登录页面。

<?php
$title = "Login";
require_once 'includes/header.php';
$general->logged_in_protect();
?>

<h1>Login</h1>

<?php
if(empty($errors) === false){
echo '<p>' . implode('</p><p>', $errors) . '</p>';
}
?>

<form method="post" action="">
<h4>Username:</h4>
<input type="text" name="username" value="<?php if(isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
<h4>Password:</h4>
<input type="password" name="password" />
<br>
<input type="submit" name="Login" />
</form>
<br>
<a href="confirm-recover.php">Forgot your username/password?</a>

<?php
require_once 'includes/footer.php';
if (empty($_POST) === false) {

$username = trim($_POST['username']);
$password = trim($_POST['password']);

if (empty($username) === true || empty($password) === true) {
$errors[] = 'Sorry, but we need your username and password.';
} else if ($users->user_exists($username) === false) {
$errors[] = 'Sorry that username doesn\'t exists.';
} else if ($users->email_confirmed($username) === false) {
$errors[] = 'Sorry, but you need to activate your account.
Please check your email.';
} else {
$login = $users->login($username, $password);
if ($login === false) {
$errors[] = 'Sorry, that username/password is invalid';
}else {
session_regenerate_id(true);// destroying the old session id and creating a new one
$_SESSION['id'] = $login;

header('Location: index.php');
exit();
}
}
}
?>

希望有人能够指出我正确的方向。

最佳答案

看看下面我在哪里完成了“/*编辑在这里*/”。您需要运行 session_start();在页面顶部启动 session ;它确实应该在配置文件中。然后您需要从数据库中提取它并将其存储在 $_SESSION 全局变量中。

从你的 G+ 中我知道你是 PH​​P 新手。但最糟糕的 PHP 方法之一是使用内联 PHP。它不一定是/错误/,但你应该避免内联 php.ini。将 PHP 和 HTML 分开,这样更容易对错误进行排序。

    public function login($username, $password) {

global $bcrypt; // Again make get the bcrypt variable, which is defined in init.php, which is included in login.php where this function is called

/* EDIT IS HERE */
$query = $this->db->prepare("SELECT `password`, `AccessLevel`, `id` FROM `users` WHERE `username` = ?");
$query->bindValue(1, $username);

try{

$query->execute();
$data = $query->fetch();
$stored_password = $data['password']; // stored hashed password
$id = $data['id']; // id of the user to be returned if the password is verified, below.


if($bcrypt->verify($password, $stored_password) === true){ // using the verify method to compare the password with the stored hashed password.

/* EDIT IS HERE */
$_SESSION['AccessLevel'] = $data['AccessLevel'];
return $id; // returning the user's id
}else{
return false;
}

}catch(PDOException $e){
die($e->getMessage());
}

}

登录页面

<?php
$title = "Login";
/* EDIT IS HERE */
session_start();


require_once 'includes/header.php';
$general->logged_in_protect();
?>

<h1>Login</h1>

<?php
if(empty($errors) === false){
echo '<p>' . implode('</p><p>', $errors) . '</p>';
}
?>

登录页面底部

<?php
require_once 'includes/footer.php';
if (empty($_POST) === false) {

$username = trim($_POST['username']);
$password = trim($_POST['password']);

if (empty($username) === true || empty($password) === true) {
$errors[] = 'Sorry, but we need your username and password.';
} else if ($users->user_exists($username) === false) {
$errors[] = 'Sorry that username doesn\'t exists.';
} else if ($users->email_confirmed($username) === false) {
$errors[] = 'Sorry, but you need to activate your account.
Please check your email.';
} else {
$login = $users->login($username, $password);
if ($login === false) {
$errors[] = 'Sorry, that username/password is invalid';
}else {

/* EDIT IS HERE */
//session_regenerate_id(true);
// destroying the old session id and creating a new one
if($_SESSION['AccessLevel'] = "GURU"){

$_SESSION['id'] = $login;

header('Location: index.php');
exit();
}
}
}
}
?>

关于php - 从数据库中提取用户访问级别并添加到 session 中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21185466/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com