我创建了一个登录/注销页面,但现在我想在登录时将管理员与普通用户分开。我想做的是让普通用户只查看可用文件,而管理员当然可以查看和编辑这些文件。
现在我的设置:
登录.php
<?php
session_start();
include("password.php");
require_once "config.php";
/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
$mode = $_GET["mode"];
/* Template */
require_once $TEMPLATE_PATH."header.php";
if ($mode == "login") { /// do after login form is submitted
if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
$_SESSION["login"]=$_POST["username"];
header("location:index.php");
} else {
echo "Incorrect username/password. Please, try again.";
};
} else if ($mode == "logout") {
session_start();
unset($_SESSION["login"],$USERS);
header("location: login.php");
exit(0);
};
echo <<< XHTML
<h1>$TITLE</h1>
<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
<label id="username_label" for="username" class="normal">Username</label> :<br />
<input id="username" name="username" type="text" value="" class="half" /><br />
<label id="password_label" for="password" class="normal">Password</label> :<br />
<input id="password" name="password" type="password" value="" class="half" /><br />
<input id="submits" type="submit" value="Login" />
</form>
XHTML;
require_once $TEMPLATE_PATH . "footer.php";
?>
密码.php(验证用户和密码)
<?php
$USERS["drodrig1"] = "pwd1";
$USERS["jsutta"] = "pwd2";
$USERS["username3"] = "pwd3";
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION["login"],$USERS)) {
header("Location: login.php");
exit(0);
};
};
?>
配置.php
<?php
$ASSETS_URL = "https://url-link/formationXX/assets/";
$ASSETS_PATH = "serverpath/formationXX/assets/";
$TEMPLATE_URL = "https://url-link/formationXX/assets/template/";
$TEMPLATE_PATH = "serverpath/formationXX/assets/template/";
$LOGIN_URL = "https://url-link/formationXX/login.php";
$LOGIN_PATH = "serverpath/formationXX/login.php";
?>
索引.php (登录后,这是我希望看到管理员区别于普通用户的地方。管理员应该能够看到和编辑以下内容:CSS、JS、电子邮件、PDF 和电子表格。同时用户只能查看除:CSS,JS)
<?php
require_once "config.php";
session_start(); /// initialize session
include("password.php");
check_logged(); /// function checks if visitor is logged.
/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
/* Template */
require_once $TEMPLATE_PATH."header.php";
echo <<< XHTML
<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
<div class="full row column">
<h1>{$TITLE}</h1>
</div>
<div class="full row column">
<div class="half column small">
<p>Logged in as: <strong>{$_SESSION["login"]}</strong> | <a href="{$LOGIN_URL}?mode=logout" class="small">Logout</a></p><br />
Add Form | Delete Selected Form(s)
</div>
</div>
<div class="full row column">
<table id="formslist" cellpadding="0" cellspacing="0">
<th>
<tr>
<td class="form_select">
<input id="selectallforms" name="selectallforms" type="checkbox" value="Select All Forms" />
</td>
<td class="form_id">
ID
</td>
<td class="form_url">
URL
</td>
<td class="form_dates">
Launch Date
</td>
<td class="form_dates">
Expiration Date
</td>
<td class="form_autofill">
Autofill
</td>
<td class="form_save">
**CSS**
</td>
<td class="form_save">
**JS**
</td>
<td class="form_save">
Email
</td>
<td class="form_save">
PDF
</td>
<td class="form_dates">
Spread sheet
</td>
</tr>
</th>
</table>
</div>
</form>
XHTML;
require_once $TEMPLATE_PATH . "footer.php";
?>