1

我正在尝试编写一个页面,该页面只允许具有管理员权限的用户(在数据库中记录为管理员角色)。如果他们是管理员,则从数据库中提取照片以供批准。如果不是管理员,那么他们会被重定向到管理页面并且看不到图像。

目前,任何登录的人都可以查看该页面并显示图像。我究竟做错了什么?

谢谢

<?php

session_start();



$isLoggedIn = isset($_SESSION['first_name']) && isset($_SESSION['username']);
$username = $_SESSION['username'];

if ($isLoggedIn && $_SESSION['username']){


echo "Welcome ".$_SESSION['first_name']."<br><a href='login/logged_out.php'>log     
out</a>";

}


$username = $_SESSION['username'];
//var_dump($username);

include("..\connection\connection.php");


// Connect to server and select database.

mysql_connect($host, $username, $password)or die("cannot connect"); 

mysql_select_db($db_name) or die("cannot select DB");

$query=mysql_query("SELECT * FROM users WHERE username = '$username' AND role =   
'admin'");

echo(mysql_error());

$num_rows = mysql_num_rows($query);


if ($num_rows =1){                  

include("..\connection\connection.php");

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect"); 
mysql_select_db($db_name) or die("cannot select DB");


$photo=mysql_query("SELECT * FROM images WHERE approved='N'");

echo(mysql_error());

$numrows = mysql_num_rows($photo);//counts the number or rows returned from database   
matching the mysql_query.

if ($numrows==0){

echo "There are no images awaiting approval.";
}


while($get_photo=mysql_fetch_array($photo)){?>

<a href="approve_image_submit.php?images=<?php echo $get_photo['big_images']; ?>"   
target=""><img src="<? echo $get_photo['url']; ?>" title="">


<? } ?>
<?
}else{


die ("You do not have permission to view this page. Redirect to index.phph Click <a  
href='login/login_page.php'>here</a> to log in.");
                //


}
?>
4

2 回答 2

4 
if ($num_rows =1){

应该

if ($num_rows==1){
于 2012-04-06T21:19:49.593 回答
1

所以你的脚本可能有问题

A.username与用户名冲突databaseB. 因此$_SESSION设置了变量 C. 无效logic

我可以继续下去

我有帮助重写代码,但您需要用相关信息替换

session_start ();
include ("..\connection\connection.php");

$username = @$_SESSION ['username'];
$rowPhoto = array ();
$dbHost = "";
$dbUser = "";
$dbPass = "";
$dbName = "";

if ($_SESSION ['AUTH'] == true && ! isset ( $_SESSION ['username'] )) {
    echo "Welcome " . $_SESSION ['first_name'] . "<br><a href='login/logged_out.php'>log out</a>";
    exit ();
}
$mysqli = new mysqli ( $dbHost, $dbUser, $dbPass, $dbName ); // Replace with relevant information
$result = $mysqli->query ( "SELECT * FROM users WHERE username = '$username' AND role =  'admin'" );

if ($result->num_rows == 1) {
    $userInfo = $result->fetch_assoc ();
    $photoResult = $mysqli->query ( "SELECT * FROM images WHERE approved='N'" );
    $_SESSION ['AUTH'] = true;
    $_SESSION ['first_name'] = $userInfo ['first_name']; // Replace With
    $_SESSION ['username'] = $username ;
                                                        // Information
    if ($photoResult->num_rows == 0) {
        echo "There are no images awaiting approval.";
    } else {
        $rowPhoto = "";
        while ( $rowPhoto = $photoResult->fetch_assoc () ) {
            echo "<a href=\"approve_image_submit.php?images={$rowPhoto['big_images']}\" target=\"><img src=\"{$rowPhoto['url']}\" title=\"\">";
        }
    }

} else {

    die ( "You do not have permission to view this page. Redirect to index.phph Click <a
            href='login/login_page.php'>here</a> to log in." );
}

我希望这有帮助

谢谢

于 2012-04-06T21:50:13.433 回答