-2

我想让某个页面只能对某个数据库组可见。我的 SQL 表设置为:

表:DD_users 列:id | 集团 | 用户名 | 释义 | 公会 | 水平 | 盐

这是我尝试使用的代码:

// First we execute our common code to connection to the database and start the session
require("common.php");

// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
    // If they are not, we redirect them to the login page.
    header("Location: /DD/index.php");

    // Remember that this die statement is absolutely critical.  Without it,
    // people can view your members-only content without logging in.
    die("Redirecting to /DD/index.php");
}

if($_SESSION['user']['group'] == '0')
{
    // Destroy the session to make them log in again.
    unset($_SESSION['user']);

    // If they are not, we redirect them to the login page.
    header("Location: /DD/index.php");

    // Remember that this die statement is absolutely critical.  Without it,
    // people can view your members-only content without logging in.
    die("Redirecting to /DD/index.php");
}

// Everything below this point in the file is secured by the login system

当我尝试这个时,当我只希望组 1 和 2 访问该页面时,将允许任何用户组(0、1 和 2)访问该页面。

4

2 回答 2

1

您没有任何代码来检查它们是否在第 1 组或第 2 组中。只需将代码包装在if.

if($_SESSION['group'] == '1' || $_SESSION['group'] == '2')

还要确保 $_SESSION['group'] 使用isset. 如果未设置,则最后一个if将失败。

于 2012-12-20T04:09:36.213 回答
0

让它以另一种方式工作:

require('common.php');
$charname = $_SESSION['user']['username'];
$query = "SELECT adminaccess, guild, username, class, level, active, canRegister, canNews, canActive 
      FROM DD_users 
      WHERE username = ?";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute(array($charname));
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code. 
die("Failed to run query: " . $ex->getMessage());
}

// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();

//print_r($rows);
$group = $rows['0']['adminaccess'];
$guild = $rows['0']['guild'];
$username = $rows['0']['username'];
$class = $rows['0']['class'];
$level = $rows['0']['level'];
$accessAdmin = $rows['0']['adminaccess'];
$canRegister = $rows['0']['canRegister'];
$canNews = $rows['0']['canNews'];
$canActive = $rows['0']['canActive'];
于 2012-12-23T14:28:38.240 回答