-1

首先我从http://www.webestools.com/scripts_tutorials-code-source-15-personal-message-system-in-php-mysql-pm-system-private-message-discussion.html得到这个编码

在此之前,我使用相同的编码创建用户页面和管理页面。我编辑相同的编码以查看不同的用户和管理页面。我同时在同一个浏览器上运行..它运行正常。但是对于这种编码,我让用户和管理员使用相同的编码、相同的浏览器并同时运行。我先以管理员身份登录,然后以用户身份登录。以用户身份登录后,我刷新管理页面。我在管理员中使用的会话更改为像用户页面一样。

连接.php

<?php
include('config.php');
?>
   <div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members   Area" /></a>
</div>
<?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
//We log him out by deleting the username and userid sessions
unset($_SESSION['username'], $_SESSION['userid']);
?>
<div class="message">You have successfuly been loged out.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>
<?php
}
else
{
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
}
//We get the password of the user
$req = mysql_query('select password,id from users where username="'.$username.'"');
$dn = mysql_fetch_array($req);
//We compare the submited password and the real one, and we check if the user exists
if($dn['password']==$password and mysql_num_rows($req)>0)
{
//If the password is good, we dont show the form
$form = false;
//We save the user name in the session username and the user Id in the session userid
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
?>
<div class="message">You have successfuly been logged. You can access to your member area.<br />
<a href="<?php echo $url_home; ?>">Home</a></div>
<?php
}
else
{
//Otherwise, we say the password is incorrect.
$form = true;
$message = 'The username or password is incorrect.';
}
}
else
{ 
$form = true;
}
if($form)
{
//We display a message if necessary
if(isset($message))
{
echo '<div class="message">'.$message.'</div>';
}
//We display the form
?>
<div class="content">
<form action="connexion.php" method="post"> Please type your IDs to log in:<br />
<div class="center">
<label for="username">Username</label><input type="text" name="username" id="username"value="<?  
php echo htmlentities($ousername, ENT_QUOTES, 'UTF-8'); ?>" /><br />
<label for="password">Password</label><input type="password" name="password"   id="password" />br />
<input type="submit" value="Log in" />
</div> 
</form> 
</div>
<?php
}
}
?>

索引.php

<?php
include('config.php')
?>

<?php
//We display a welcome message, if the user is logged, we display it username
?>
Hello<?php if(isset($_SESSION['username'])){echo ' '.htmlentities($_SESSION['username'],ENT_QUOTES, 'UTF-8');} ?>,<br />
Welcome on our website.<br />
You can <a href="users.php">see the list of users</a>.<br /><br />
 <?php
 //If the user is logged, we display links to edit his infos, to see his pms and to log out
 if(isset($_SESSION['username']))
 {
 //We count the number of new messages the user has
 $nb_new_pm = mysql_fetch_array(mysql_query('select count(*) as nb_new_pm from pm where  ((user1="'.$_SESSION['userid'].'" and user1read="no") or (user2="'.$_SESSION['userid'].'" and user2read="no")) and id2="1"'));
//The number of new messages is in the variable $nb_new_pm
 $nb_new_pm = $nb_new_pm['nb_new_pm'];
//We display the links
?>
<a href="edit_infos.php">Edit my personnal informations</a><br />
<a href="list_pm.php">My personnal messages(<?php echo $nb_new_pm; ?> unread)</a><br />
<a href="connexion.php">Logout</a>
<?php
}
else
{
//Otherwise, we display a link to log in and to Sign up
?>
<a href="sign_up.php">Sign up</a><br />
<a href="connexion.php">Log in</a>
<?php
}
?>
4

1 回答 1

1

您必须为您的会话添加一些新的管理员索引,如果普通用户在检查他是否是管理员后登录,则会像下面这样存储您正在使用的普通用户会话索引...... $_SESSION['username']等等。 . 如果是管理员登录,您可以存储类似的内容

$_SESSION['isAdmin'];
$_SESSION['adminName'];

等等..然后您在管理面板中检查管理会话..然后根据会话变量决定显示什么和不显示什么,如果没有设置“isAdmin”,请要求登录..

于 2013-02-27T12:24:36.857 回答