需要幫助才能在PHP中創建許可條件

Question

我正在爲一家小公司構建計算機庫存系統。我所有的代碼工作正常，除了我不知道如何實現一個重要的方面，許可。

這是new_admin.php

<?php require_once("includes/session.php"); ?> 
<?php require_once("includes/dbconnection.php"); ?> 
<?php require_once("includes/functions.php"); ?> 
<?php confirm_logged_in(); ?> 

<?php require_once("header.php"); ?> 

<?php 

     if(isset($_POST['submit'])) { 

      $username= $_POST['username']; 

      $password = $_POST["password"]; 

      $hashed_password = password_encrypt($password); 

      $permissions = isset($_POST)?implode(",",$_POST['permissions']):""; 
      //echo $permissions; 

      if(!empty($username) && !empty($hashed_password) && !empty($permissions)) { 

       $sql = "INSERT INTO admins (Admin_Username, Admin_Password, Admin_Permissions) VALUES ('$username', '$hashed_password', '$permissions')"; 
       $result = mysqli_query($connection, $sql);   
        if($result) { 
         redirect_to("manage_admins.php"); 
        } else { 
         echo "Error while creating new admin"; 
        } 
      } else { 
       echo "Username, password and permissions can not be blank!"; 

      } 
     } else { 

     } 
?> 
<h2>Create New Admin</h2> 
    <form name="form1" method="post" action=""> 
    <table width="35%" border="1" cellspacing="0" cellpadding="5"> 
    <tr> 
     <td>Username</td> 
     <td><label> 
     <input type="text" name="username" id="username" size="30"> 
     </label></td> 
    </tr> 
    <tr> 
     <td>Password</td> 
     <td><label> 
     <input type="password" name="password" id="password" size="30"> 
     </label></td> 
    </tr> 
    <tr> 
     <td>Permissions</td> 
     <td><label> 
     <input type="checkbox" name="permissions[]" value="read" id="permissions_0"> 
      Read</label> 
     <label> 
      <input type="checkbox" name="permissions[]" value="create" id="permissions_1"> 
     Create</label> 
     <label> 
      <input type="checkbox" name="permissions[]" value="update" id="permissions_2"> 
     Update </label> 
     <label> 
      <input type="checkbox" name="permissions[]" value="delete" id="permissions_3"> 
     Delete</label></td> 
    </tr> 
    <tr> 
     <th colspan="2"><label> 
     <input type="submit" name="submit" id="submit" value="Create Admin"> 
     </label></th> 
    </tr> 
    </table> 
    <a href="manage_admins.php">Cancel</a> 
</form> 
<?php require_once("footer.php"); ?> 

這是manage_admins.php

<?php require_once("includes/session.php"); ?> 
<?php require_once("includes/dbconnection.php"); ?> 
<?php require_once("includes/functions.php"); ?> 
<?php confirm_logged_in(); ?> 
<?php require_once("header.php"); ?> 


    <a href="admin.php">&laquo; Main Page</a> 
<h2>Manage Admins</h2> 

    <table> 
     <tr> 
     <th style="text-align: left; width: 200px;">Username</th> 
     <th colspan="2" style="text-align: left;">Action</th> 
     </tr> 
    <?php 
     $sql = "SELECT * FROM admins ORDER BY Admin_Username ASC"; 
     $result = mysqli_query($connection, $sql); 
     $admin = mysqli_fetch_assoc($result); 

     /* 
     echo $admin['Admin_Permissions']; 
     Output: create,read,update,delete 
     */ 
     while($admin = mysqli_fetch_assoc($result)) { 
     ?> 
     <tr> 
     <td><?php echo htmlentities($admin["Admin_Username"]); ?></td> 
     <td><a href="edit_admin.php?id=<?php echo urlencode($admin["id"]); ?>">Edit</a></td> 
     <td><a href="delete_admin.php?id=<?php echo urlencode($admin["id"]); ?>" onclick="return confirm('Are you sure you want to delete this admin?');">Delete</a></td> 
     </tr> 
    <?php } ?> 
    </table> 
    <br /> 

    <a href="new_admin.php">Add new admin</a> 

<?php require_once("footer.php"); ?> 

我使用 如果（in_array（ 「刪除」，$管理員試圖[ 'Admin_Permissions']） ）{ 但我得到以下錯誤：in_array（）期望參數2是數組，字符串給出

如何檢查數據庫的權限，所以t如果管理員沒有「刪除」權限，他不能執行「刪除管理員」&如果管理員沒有「更新」權限，他不能執行「編輯」。

Answer 1

「Admin_Permissions」字段是一個字符串。根據你的代碼，值可能是「讀取，創建，更新，刪除」

使用inArray，第2 PARAM應該是數組，所以你的代碼應該是這樣的

$permissions = explode(",", $admin['Admin_Permissions']); 
if(in_array("delete", $permissions)){ 
    //code here 
}