php - 检查用户的权限

Question

我正在尝试创建权限页面，您将检查用户是否具有完全访问权限，而不是某些选项允许此人。我有名为 users 的表，我有5user_id列名称、、、、、usernamepasswordemailpermission 分别。所以现在我正在展示我所做的。

权限.php

<?php
  include('db.php');
     $result=mysql_query("SELECT permission,user_id  FROM users");


        while($test = mysql_fetch_array($result))
       {
        $test['user_id'];
        $test['permission'];

        }


  ?>

例如第一行的mysql结果：$test['user_id'] = 1 和$test['permission'] = full。

会话结果：$_SESSION['user_name'] = admin

那么我如何检查这个用户 ID 是否比某些人认为的权限已满。

我是 php 新手，抱歉我的解释不好。

Answer 1

如果用户具有完全权限，则将完全权限存储在会话中

 while($test = mysql_fetch_array($result))
 {                    
    $_SESSION['permission'] = $test['permission'];
  }

检查用户是否有完全权限

   if($_SESSION['permission'] == full){
    //do shomething
    }

Answer 2

<?php
  include('db.php'); // though you should look in to "PDO"

  // default permission--disallowed
  $allowed = false;

  // get the permission for the current user (based on the username within
  // your session variable). also make sure to sanitize anything that's being
  // placed within a query to the database.
  $query = sprintf("SELECT permission "
                  ."FROM users "
                  ."WHERE username = '%s'",
                  mysql_real_escape_string($_SESSION['user_name']));
  $result = mysql_query($query);
  while (($test = mysql_fetch_array($result)) !== false){
    // we found the username, now check their access
    $allowed = $test['permission'] == 'full';
  }

  // if ($allowed){
  //   super secret area
  // } else {
  //   get out of here
  // }

Answer 3

<?php
    include('db.php');
    $result = mysql_query("SELECT permission,user_id  FROM users WHERE username = '$_SESSION[user_name]'");
    if(mysql_num_rows($result)){
        $data = mysql_fetch_row($result); // fetch first row of result, we don't need a loop, as username should be unique
        $permission = $data['permision'];
        $user_id = $data['user_id'];
    }else{
        echo "Username not found.";
    }
?>