php 会话变量被覆盖
我制作了一个登录页面,该页面应该根据不同的组是否使用正确的详细信息登录来为他们分配会话['级别']。假设管理员登录,他获取 session['admin'] session['member'] 和 session['council'] ,这些都取决于他从数据库中的用户级别。 但是当我检查会话数组时我得到: id、用户名、管理员、管理员、管理员而不是 ID、用户名、管理员、理事会、成员。 我用于查询的代码是
//normal user
$queryN= mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='member' LIMIT 1");
//normal council member
$queryC = mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='council' LIMIT 1");
//normal admin
$queryA = mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='admin' LIMIT 1");
//Check whether the query was successful or not
//normal user
if(mysql_num_rows($queryN) == 1)
{session_regenerate_id();
$resultN = mysql_fetch_assoc($queryN);
$_SESSION['user_id'] = $resultN['id'];
$_SESSION['username'] = $resultN['username'];
$_SESSION['member'] = $resultN['level'];
session_write_close();
redirect_to("../public/index.php");
}
//admin user
elseif(mysql_num_rows($queryA) == 1){
session_regenerate_id();
$resultA = mysql_fetch_assoc($queryA);
$_SESSION['user_id'] = $resultA['id'];
$_SESSION['username'] = $resultA['username'];
$_SESSION['admin'] = $resultA['level'];
$_SESSION['member'] = $resultA['level'];
$_SESSION['council'] = $resultA['level'];
session_write_close();
redirect_to("../public/staff.php");
}
//council user
elseif(mysql_num_rows($queryC) == 1){
session_regenerate_id();
$resultC = mysql_fetch_assoc($queryC);
$_SESSION['user_id'] = $resultC['id'];
$_SESSION['username'] = $resultC['username'];
$_SESSION['council'] = $resultC['level'];
$_SESSION['member'] = $resultC['level'];
session_write_close();
redirect_to("../public/index.php");
}else{
//Login failed
redirect_to("../public/login.php");
}
,检查每个用户凭据的函数是:
session_start();
$_SESSION['ERRMSG_ARR'] = array();
function logged_in() {
return isset($_SESSION['level']);
}
function confirm_logged_in() {
if(!isset ($_SESSION['member']) || (trim($_SESSION['member']) == '')) {
$_SESSION['ERRMSG_ARR'][] = 'You were not Authorised to view that page';
redirect_to("login.php");
}
}
function confirm_login_council() {
if(!isset ($_SESSION['council']) || (trim($_SESSION['council']) == '')) {
$_SESSION['ERRMSG_ARR'][] = 'Sorry but you were not Authorised to view that page';
redirect_to("login.php");
}
}
function confirm_login_admin(){
if(!isset($_SESSION['admin']) || (trim($_SESSION['admin']) == '')) {
$_SESSION['ERRMSG_ARR'][] = 'Unfortunately for you; You were not Authorised to view that page';
redirect_to("login.php");
}
}
并检查我使用的会话数组值:
foreach($_SESSION as $value){
echo $value . " | ";
}
ive made a login page which should assign different groups a session ['level'] depending on whether or not they have logged in using the correct details. say the admin logs in he gets session['admin'] session['member'] and session['council'] which all are dependant on his user level from the database.
but when i check the session array i get:
id, username, admin, admin, admin instead of
id, username, admin, council, member.
the code i am using for the query is
//normal user
$queryN= mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='member' LIMIT 1");
//normal council member
$queryC = mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='council' LIMIT 1");
//normal admin
$queryA = mysql_query("SELECT * From users where username='$username' and hashed_password ='$dash' AND
level='admin' LIMIT 1");
//Check whether the query was successful or not
//normal user
if(mysql_num_rows($queryN) == 1)
{session_regenerate_id();
$resultN = mysql_fetch_assoc($queryN);
$_SESSION['user_id'] = $resultN['id'];
$_SESSION['username'] = $resultN['username'];
$_SESSION['member'] = $resultN['level'];
session_write_close();
redirect_to("../public/index.php");
}
//admin user
elseif(mysql_num_rows($queryA) == 1){
session_regenerate_id();
$resultA = mysql_fetch_assoc($queryA);
$_SESSION['user_id'] = $resultA['id'];
$_SESSION['username'] = $resultA['username'];
$_SESSION['admin'] = $resultA['level'];
$_SESSION['member'] = $resultA['level'];
$_SESSION['council'] = $resultA['level'];
session_write_close();
redirect_to("../public/staff.php");
}
//council user
elseif(mysql_num_rows($queryC) == 1){
session_regenerate_id();
$resultC = mysql_fetch_assoc($queryC);
$_SESSION['user_id'] = $resultC['id'];
$_SESSION['username'] = $resultC['username'];
$_SESSION['council'] = $resultC['level'];
$_SESSION['member'] = $resultC['level'];
session_write_close();
redirect_to("../public/index.php");
}else{
//Login failed
redirect_to("../public/login.php");
}
and the functions to check each user credentials are:
session_start();
$_SESSION['ERRMSG_ARR'] = array();
function logged_in() {
return isset($_SESSION['level']);
}
function confirm_logged_in() {
if(!isset ($_SESSION['member']) || (trim($_SESSION['member']) == '')) {
$_SESSION['ERRMSG_ARR'][] = 'You were not Authorised to view that page';
redirect_to("login.php");
}
}
function confirm_login_council() {
if(!isset ($_SESSION['council']) || (trim($_SESSION['council']) == '')) {
$_SESSION['ERRMSG_ARR'][] = 'Sorry but you were not Authorised to view that page';
redirect_to("login.php");
}
}
function confirm_login_admin(){
if(!isset($_SESSION['admin']) || (trim($_SESSION['admin']) == '')) {
$_SESSION['ERRMSG_ARR'][] = 'Unfortunately for you; You were not Authorised to view that page';
redirect_to("login.php");
}
}
and to check the session array values i used :
foreach($_SESSION as $value){
echo $value . " | ";
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您将“admin”、“member”和“council”会话变量设置为相同的值:
尝试使用密钥进行打印,以更清楚地了解正在发生的情况:
You are setting the "admin", "member" and "council" session variables to the same value:
Try printing with the key as well to get a clearer picture of what's going on: