0

我通过 implode 向 user_privilege 列添加值,包括用户的权限,即(7gz、agt_courses、newbill、new_Trainee)=> 他们每个人都可以真正打开(比如:newbill 页面)或不根据“登录”中 user_privilege 列中的用户权限" 数据库中的表,换句话说,我想检查用户登录他的权限,如果它有说 newbill 权限,他可以打开 newbill 页面,如果没有,他不能打开这个页面。

数据库中的登录表如下:

**username       username2          user_privilege**

amal             amal         7gz,agt_courses,newbill

ahmed           ahmed         dataDisplay,previllige,newUsers



$username = $_POST['username'];
$username2 = $_POST['username2'];

if($username && $username2)
{
    $finduser = mysqli_query($link,"SELECT * FROM LOGIN 
    WHERE username='".$username."' AND username2='".$username2."' AND FIND_IN_SET('Customers', user_previllige)") or die("error");

    if(mysqli_num_rows($finduser) !=0)
        {

            while($row = mysqli_fetch_array($finduser))
                {$uname = $row['username'];
                $uname2 = $row['username2'];
                            $arr=explode(",",$row['user_previllige']);}
        }

        if($username == $uname && $username2 == $uname2 && user_previllige =='customer)

            {$_SESSION['sessionname'] =$uname;
            $_SESSION['sessionname2'] =$uname2;
            header ("location:../customers/cutomer.php");}
                else echo '<script>function
{alert(you have not permission to open this page)}</script>';

    }
4

0 回答 0