0
我在我的用戶類中創建了CheckModulePermission函數,該函數檢查模塊表以確保用戶有權查看頁面。以下是功能模塊權限類錯誤
public function CheckModulePermissions($moduleId) {
if(isset($_SESSION['userId'])) {
// If the user is admin, allow regardless
if($this->IsAdmin()) {
return true;
}
$sql = "SELECT `userModuleId`
FROM `userModules`
WHERE `userId` = " . $_SESSION['userId'] . "
AND `moduleId` = " . $moduleId . ";";
mysql_select_db(DB_USER_DATABASE_NAME, $this->conn);
$result = mysql_query($sql, $this->conn);
$x = mysql_fetch_row($result);
if($x[0] == 1) {
return true;
} else {
return false;
}
} else {
return false;
}
}
}
這工作正常在我的所有頁面,除了一個頁面失敗。我有一個下拉框和一個文本框,將根據用戶的權限進行更新。我登錄的用戶具有權限,但不顯示下拉框。
if(isset($_GET['orderNumber'])) {
// If post is set then update the prima reference and order status
// Only if user has sufficient privileges
if(isset($_POST['orderStatus'])) {
if($user->CheckModulePermissions(11)) {
$cid->UpdateOrderStatus($_GET['orderNumber'], $_POST['orderStatus']);
$cid->UpdateOrderReference($_GET['orderNumber'], $_POST['PReference']);
}
}
if($user->CheckModulePermissions(11)) {
$content .= "<select name='orderStatus'>
<option value='1'";
if($orderDetails['status'] == 1) $content .= " selected='selected'";
$content .= ">Incomplete</option>
<option value='2'";
if($orderDetails['status'] == 2) $content .= " selected='selected'";
$content .= ">Submitted</option>
<option value='3'";
if($orderDetails['status'] == 3) $content .= " selected='selected'";
$content .= ">Processed</option>
</select>";
} else {
if($orderDetails['status'] == 1) $content .= "Incomplete";
if($orderDetails['status'] == 2) $content .= "Submitted";
if($orderDetails['status'] == 3) $content .= "Processed";
}
$content .= "</td>
</tr>
<tr>
<th>Prima Order Number</th>
<td>";
if($user->CheckModulePermissions(11)) {
$content .= "<input type='text' name='pReference' value='" . $orderDetails['PReference'] . "' /></td>
</tr>
<tr>
<td colspan='2'><input type='submit' /></td>
</tr>";
} else {
$content .= $orderDetails['PrimaReference'] . "</td></tr>";
}
$content .= "</table>
</form>
</td>
它是下拉框失敗的邏輯嗎?
謝謝你。是的,這是我的功能,它在任何用戶以外的任何用戶都返回false,儘管他們有權利。我不太確定如何解決這個問題。 –
你需要找出*哪裏*它返回false - 它是在第一次檢查(即'$ _SESSION ['userId']'沒有設置)還是在末尾(其中'$ x [0] = = 1')。改變'if(!isset($ _ SESSION ['userId']))返回FALSE;'如果(!isset($ _ SESSION ['userId']))返回-1;'和調用'var_dump'你可以看看你是否遇到了'$ _SESSION'問題,或者你的數據庫查詢有問題。它可以像忘記調用'session_start()'一樣簡單嗎? – DaveRandom