登录后检查用户是否为admin
I'm learning PHP and I found an article about logging in, which I wanted to apply to my small database.
I've got it all up and running, but I want to have a different layout for when an theoretical admin, in this case me, logs in. My data is basically a list of random things, and when the admin logs in, there has to be delete button next to said random things.
The users table looks like this:
Username | Password | Rights
SomeGuy | somestuff | Standard
Admin | otherstuff | Admin
I've tried learning from some other questions I found online, but those codes were really advanced and I didn't understand how to apply it to my own code.
What I had in mind:
if(username contains "Admin" in the row){
//Show other stuff then normal user
}
If anybody knows an easy way to accomplish this, I'd appreciate it a lot. As for my code, I got mostly everything from the article I linked. I only added a way to display the data from another table.
我正在学习PHP,我发现了一篇关于登录的文章,我想将其应用于我的小型数据库。 p>
文章 p>
我已经全部启动并运行了,但我希望在理论管理员(在本例中为我)登录时有不同的布局。我的数据基本上是随机事物的列表,并且 当管理员登录时,所述随机内容旁边必须有删除按钮。 p>
users表如下所示: p>
用户名| 密码| 权利
SomeGuy | 某些| 标准
Admin | otherstuff | Admin
code> pre>
我尝试过在网上找到的其他一些问题,但这些代码真的很先进,我不明白如何将它应用到我自己的 代码。 p>
我的想法: p>
if(用户名中包含“Admin”){
// Show 其他东西然后普通用户
}
code> pre>
如果有人知道一个简单的方法来实现这一点,我会非常感激。
对于我的代码,我 从我链接的文章中得到了大部分内容。 我只添加了一种显示另一个表中数据的方法。 p>
div>
You can check this by fetching the data from table on the basis of username and than you can check the rights of that user.
Like this:
if($row['Rights'] == 'Admin'){
//Show other stuff then normal user
}
You can use Select * FROM table where username = 'Admin' and then create the the object of query result and you can check the rights given to that user in if condition.
Updated:
In the documentation there is a file login.php. there is code line:
$query = mysql_query("select * from login where password='$password' AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
}
In the above line they set the usename in session. you can set the rights of user also. To store the rights you can do this:
if ($rows == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['login_user']=$row['username'];
$_SESSION['rights']=$row['rights'];
header("location: profile.php");
}
And after that you can make a check condition where you want:
if($_SESSION['rights'] == 'Admin'){
//Show other stuff then normal user
}
Hope this will help you.
I suggest you to store all shared user data in a session after logging in as said before.
When the user submits his login request, your script should validate the given input (username, password in your case I assume) and after the validation has succed, you will have to create a session so the system will know that this user is currently logged in.
Session allows you to share data for a client for X time (depending on the set configuration) without the data being lost. It's really similar to Cookies, but the data is server sided istead.
In your case, I'd save the username, his rights and so on in the session.
The validation part
//Assuming you have a set PDO instance
$stm = $pdo->prepare("SELECT username, rights FROM users WHERE username = :username AND password = :password");
$stm->execute(array(":username" => $username, ":password" => $password));
And the setting part
if ($stm->rowCount() == 1) { // Check if that user with given data exists
$results = $stm->fetch(PDO::FETCH_ASSOC); // Fetch the data
$_SESSION['user'] = $results; // Set new session with the fetched data
}
And now the checking for rights part
if ($_SESSION['user']['rights'] == 'Admin') {
// TODO stuff
}
Don't forget to check if user is logged in by checking if the session is set:
if (isset($_SESSION['user'])) {
// TODO return to logged in page or whatever
}
P.S I suggest you to hash passwords before being stored in the database! Hope that helped!