【发布时间】:2020-05-20 19:45:13
【问题描述】:
我创建了一个具有基本注册和登录系统的网站,我拥有只有管理员才能访问的页面。
我的帐户数据库有一个角色列,其中 1 个用户指定为管理员,另一个指定为用户
我有一个带有下拉菜单的导航栏,我还有一个包含管理员用户的登录系统,我想做的是使导航栏的下拉菜单部分对标准用户隐藏并且仅对管理员可见,
<div class="header">
<ul class="nav justify-content-center">
<li class="nav-item">
<a class="nav-link" style="color: white" href="Home.php">Home</a>
</li>
<li class="nav-item">
<a class="nav-link" style="color: white" href="Suppliers.php">Suppliers</a>
</li>
<li class="nav-item">
<a class="nav-link" style="color: white" href="Products.php">Products</a>
</li>
<li class="nav-item">
<a class="nav-link" style="color: white" href="Contact.php">Contact us</a>
</li>
<li class="nav-item">
<a class="nav-link" style="color: white" href="FindUs.php">Find Us</a>
</li>
<li class="nav-item">
<a class="nav-link" style="color: white" href="reviews.html">Reviews</a>
</li>
<li class="nav-item">
<a class="nav-link" style="color: white" href="profile.php">Profile</a>
</li>
<li class="nav-item">
<a class="nav-link" style="color: white" href="logout.php">Logout</a>
</li>
<li class="nav-item">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Admin</a>
<div class="dropdown-menu">
<a href="createPoll.php" class="dropdown-item">Create a Poll</a>
<a href="polls.php" class="dropdown-item">Polls</a>
<a href="read.php" class="dropdown-item">Contacts</a>
</div>
</li>
</ul>
</div>
认证.php
<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'feedbackdb';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
// If there is an error with the connection, stop the script and display the error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
exit('Please fill both the username and password fields!');
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password, role FROM accounts WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password, $role);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has loggedin!
// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
$_SESSION['role'] = $role;
header('location: home.php');
} else {
echo 'Incorrect password!';
}
} else {
echo 'Incorrect username!';
}
$stmt->close();
}
?>
停止访问某些网站的代码
<?php
Session_start();
if($_SESSION['role'] !== 'admin') {
//block user access
die("You do not have permission to view this page.");
}
?>
这就是我到目前为止所得到的
【问题讨论】:
-
所以您的目标是向管理员用户显示此下拉菜单,同时不阻止所有用户访问该页面?
-
是的,完全正确
-
为什么不只为下拉菜单包含文件或为登录用户回显它?