-1

I need to know how can I implement a user level access in my site. I need to hide forms and images when users with level are member... in my DB I have a USERS TABLE with:

  • id
  • nombre
  • apellido
  • username
  • password
  • level

level is ENUM and have this two selects: administrator and member

I can hide scripts in any page with this type of PHP code:

<?php if(basename($_SERVER['PHP_SELF']) == 'contact.php') { ?>
<script src="js/jquery.js"></script>
<?php } ?>

and works very well, but I don't know how can hide per example this:

<div class="box span6">
    <div class="box-header well" data-original-title>
        <h2><i class="icon-picture"></i> <?php $translate->__('Save images'); ?></h2>
        <div class="box-icon">
            <a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
            <a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
        </div>
    </div>
    <div class="box-content">
        <form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">
            <label><?php $translate->__('Images type'); ?> (gif, jpg, png)</label><br />
            <input type="file" size="45" name="uploadfile" id="uploadfile" class="file margin_5_0" onchange="ajaxUpload(this.form);" />
            <div id="upload_area" class="corners align_center">
                <?php $translate->__('Please select one image'); ?>.
            </div>
        </form>
    </div>
</div>

In google I saw this code but don't work in my partycular case:

<?php if($USERS->level == "administrator"): ?>

<?php endif; ?>

can you help me with my problem?

4

1 回答 1

0

隐藏 js 文件对您没有多大好处,因为攻击者可以拦截提供给您的管理员用户的 javascript 文件,构建他自己的站点模型页面并让它使用该 javascript。因此,请确保在您的 php 代码中添加安全性和验证,尤其是在您的 upload.php 中

显然,这个 $USERS->level 可以被您设置的任何变量替换。

 <?php if($USERS->level == "administrator") 
 { 
 ?>
 <div class="box span6">
     <div class="box-header well" data-original-title>
         <h2><i class="icon-picture"></i> <?php $translate->__('Save images'); ?></h2>
         <div class="box-icon">
             <a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
             <a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
         </div>
     </div>
     <div class="box-content">
         <form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">
             <label><?php $translate->__('Images type'); ?> (gif, jpg, png)</label><br />
             <input type="file" size="45" name="uploadfile" id="uploadfile" class="file margin_5_0" onchange="ajaxUpload(this.form);" />
             <div id="upload_area" class="corners align_center">
                 <?php $translate->__('Please select one image'); ?>.
             </div>
         </form>
     </div>
 </div>

 <?php 
 } 
 ?>
于 2013-08-20T23:09:00.153 回答