我試圖編寫一個頁面,只允許用戶具有管理員權限(作爲管理員對數據庫中的角色記錄)。如果他們是管理員,則從數據庫中提取照片以供審批。如果不是管理員,那麼他們會被重定向到管理頁面並且看不到圖像。管理員只訪問php
在登錄時可以查看頁面並顯示圖像。我究竟做錯了什麼?
感謝
<?php
session_start();
$isLoggedIn = isset($_SESSION['first_name']) && isset($_SESSION['username']);
$username = $_SESSION['username'];
if ($isLoggedIn && $_SESSION['username']){
echo "Welcome ".$_SESSION['first_name']."<br><a href='login/logged_out.php'>log
out</a>";
}
$username = $_SESSION['username'];
//var_dump($username);
include("..\connection\connection.php");
// Connect to server and select database.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name) or die("cannot select DB");
$query=mysql_query("SELECT * FROM users WHERE username = '$username' AND role =
'admin'");
echo(mysql_error());
$num_rows = mysql_num_rows($query);
if ($num_rows =1){
include("..\connection\connection.php");
// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name) or die("cannot select DB");
$photo=mysql_query("SELECT * FROM images WHERE approved='N'");
echo(mysql_error());
$numrows = mysql_num_rows($photo);//counts the number or rows returned from database
matching the mysql_query.
if ($numrows==0){
echo "There are no images awaiting approval.";
}
while($get_photo=mysql_fetch_array($photo)){?>
<a href="approve_image_submit.php?images=<?php echo $get_photo['big_images']; ?>"
target=""><img src="<? echo $get_photo['url']; ?>" title="">
<? } ?>
<?
}else{
die ("You do not have permission to view this page. Redirect to index.phph Click <a
href='login/login_page.php'>here</a> to log in.");
//
}
?>
噢。當然。謝謝。我更改爲==,但現在具有管理員權限的用戶將獲得消息「您無權查看此頁面」與具有非管理員角色的用戶相同。 – user1022772 2012-04-06 21:30:12
試試'if($ num_rows)'? – 2012-04-06 21:33:21
是的,工作。此外,它看起來像是我的連接文件不被識別的路徑。當我把mysql_connect和指定的主機等工作。 – user1022772 2012-04-06 21:44:03