1. 首頁
  2. 問答
  3. 管理員只訪問php

管理員只訪問php

2012-04-06 118 views
1

我試圖編寫一個頁面,只允許用戶具有管理員權限(作爲管理員對數據庫中的角色記錄)。如果他們是管理員,則從數據庫中提取照片以供審批。如果不是管理員,那麼他們會被重定向到管理頁面並且看不到圖像。管理員只訪問php

在登錄時可以查看頁面並顯示圖像。我究竟做錯了什麼?

感謝

<?php 

session_start(); 



$isLoggedIn = isset($_SESSION['first_name']) && isset($_SESSION['username']); 
$username = $_SESSION['username']; 

if ($isLoggedIn && $_SESSION['username']){ 


echo "Welcome ".$_SESSION['first_name']."<br><a href='login/logged_out.php'>log  
out</a>"; 

} 


$username = $_SESSION['username']; 
//var_dump($username); 

include("..\connection\connection.php"); 


// Connect to server and select database. 

mysql_connect($host, $username, $password)or die("cannot connect"); 

mysql_select_db($db_name) or die("cannot select DB"); 

$query=mysql_query("SELECT * FROM users WHERE username = '$username' AND role = 
'admin'"); 

echo(mysql_error()); 

$num_rows = mysql_num_rows($query); 


if ($num_rows =1){     

include("..\connection\connection.php"); 

// Connect to server and select databse. 
mysql_connect($host, $username, $password)or die("cannot connect"); 
mysql_select_db($db_name) or die("cannot select DB"); 


$photo=mysql_query("SELECT * FROM images WHERE approved='N'"); 

echo(mysql_error()); 

$numrows = mysql_num_rows($photo);//counts the number or rows returned from database 
matching the mysql_query. 

if ($numrows==0){ 

echo "There are no images awaiting approval."; 
} 


while($get_photo=mysql_fetch_array($photo)){?> 

<a href="approve_image_submit.php?images=<?php echo $get_photo['big_images']; ?>" 
target=""><img src="<? echo $get_photo['url']; ?>" title=""> 


<? } ?> 
<? 
}else{ 


die ("You do not have permission to view this page. Redirect to index.phph Click <a 
href='login/login_page.php'>here</a> to log in."); 
       // 


} 
?>

來源

2012-04-06 user1022772

回答

4 
if ($num_rows =1){

應該

if ($num_rows==1){

來源

2012-04-06 21:19:49

+0

噢。當然。謝謝。我更改爲==,但現在具有管理員權限的用戶將獲得消息「您無權查看此頁面」與具有非管理員角色的用戶相同。 – user1022772 2012-04-06 21:30:12

+0

試試'if($ num_rows)'? – 2012-04-06 21:33:21

+0

是的,工作。此外,它看起來像是我的連接文件不被識別的路徑。當我把mysql_connect和指定的主機等工作。 – user1022772 2012-04-06 21:44:03

1

,可能的事情是不對您的腳本

A. usernamedatabase用戶名 B.所以$_SESSION varriables是衝突設置 C.無效logic

我可以繼續下去

我有幫助重寫代碼,但你需要提供相關信息,以取代

session_start(); 
include ("..\connection\connection.php"); 

$username = @$_SESSION ['username']; 
$rowPhoto = array(); 
$dbHost = ""; 
$dbUser = ""; 
$dbPass = ""; 
$dbName = ""; 

if ($_SESSION ['AUTH'] == true && ! isset ($_SESSION ['username'])) { 
    echo "Welcome " . $_SESSION ['first_name'] . "<br><a href='login/logged_out.php'>log out</a>"; 
    exit(); 
} 
$mysqli = new mysqli ($dbHost, $dbUser, $dbPass, $dbName); // Replace with relevant information 
$result = $mysqli->query ("SELECT * FROM users WHERE username = '$username' AND role = 'admin'"); 

if ($result->num_rows == 1) { 
    $userInfo = $result->fetch_assoc(); 
    $photoResult = $mysqli->query ("SELECT * FROM images WHERE approved='N'"); 
    $_SESSION ['AUTH'] = true; 
    $_SESSION ['first_name'] = $userInfo ['first_name']; // Replace With 
    $_SESSION ['username'] = $username ; 
                 // Information 
    if ($photoResult->num_rows == 0) { 
     echo "There are no images awaiting approval."; 
    } else { 
     $rowPhoto = ""; 
     while ($rowPhoto = $photoResult->fetch_assoc()) { 
      echo "<a href=\"approve_image_submit.php?images={$rowPhoto['big_images']}\" target=\"><img src=\"{$rowPhoto['url']}\" title=\"\">"; 
     } 
    } 

} else { 

    die ("You do not have permission to view this page. Redirect to index.phph Click <a 
      href='login/login_page.php'>here</a> to log in."); 
}

我希望這有助於

謝謝

來源

2012-04-06 21:50:13 Baba

+0

謝謝你。正如你可能知道我仍然在學習PHP的基礎知識。你的代碼將要消化一些。謝謝 – user1022772 2012-04-06 21:55:24

+0

它可以......只需稍作更改..我認爲你可以讓腳本工作....讓我知道如果你有其他問題 – Baba 2012-04-06 21:59:32

相關問題

 相關問題