-1

how to check privilege in "check"php code or page ??

I using explode and in_array

after the user log in and in "check" page the code must check privilege of user if he has "dataDisplay" privilege or not ..but the code in "check" page return user to log in page

what's my wrong in "check" page code

this is my Database:

+--------------------+-------------------------------+
| username           |   user_privilege              |
|--------------------|-------------------------------|
| amal               |7gz,agt_courses,newbill        | 
|                    |                               |
+----------------------------------------------------+
|                    |                               |
| ahmed              |dataDisplay,previllige,newUsers|
+----------------------------------------------------+

first page "login" php:

<?php
ob_start();
session_start();
include '../connection/connect.php';

$username = $_POST['username'];
$password = $_POST['password'];


if($username && $password ){
    $finduser = mysqli_query($link,"SELECT * FROM LOGIN WHERE username = '".$username."' AND password = '".$password ."'") or die("error");
    if(mysqli_num_rows($finduser) !=0){
        while($row = mysqli_fetch_array($finduser)){
            $uname = $row['username'];
            $pass= $row['password '];
            $arr=explode(",",$row['user_privilege']);
        }
    }
        {
        $_SESSION['sessionname'] =$uname;
        $_SESSION['sessionpass'] =$password ;
        $_SESSION['sessionpre'] =$arr;
        header ("location:../agtSite/agt2.php");
    }
} 
ob_end_flush();
?>

second page "check" php:

<?php
session_start();

$_SESSION['sessionpre']='';
$haspermission = in_array("dataDisplay",$_SESSION['sessionpre']);

if($haspermission ){
    header("location: ../display/display.php");
}
?>
4

3 に答える 3

1

check.php スクリプトで、$_SESSION から「sessionpre」をクリアしています。

$_SESSION['sessionpre']='';

その線引きはやめた方がいいと思います。

于 2013-11-14T18:36:53.533 に答える
0

while ループの外側から行を展開するには、これを変更してみてください。

$_SESSION['sessionpre'] =explode(",",$row['user_previllige']);

これに:

$_SESSION['sessionpre'] = $arr;
于 2013-11-14T18:29:36.690 に答える
0

デビッド・ジョーンズが2回の展開について言ったこととは別に、チェックする直前にsessionpreデータをクリアします:

$_SESSION['sessionpre']='';
$haspermission = in_array("dataDisplay",$_SESSION['sessionpre']);

編集:タクシーが私を打ち負かしたのを見ました!

于 2013-11-14T18:39:15.720 に答える