以下代码是“只限管理员才能进入”功能的,那么如果登录用户才能修改自己的帖子的代码怎么写呢?加在以下代码哪里才好?<?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false";// *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "admin.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?>
楼上的,MM_UserGroup="1"为管理员,"2"则为普通用户。基于管理员才能进行修改的功能可以用Dreamweaver实现,而除了管理员外,作者也可以修改自己帖子的功能却无法实现。(我几乎全是在dreamweaver里面做的,刚接触php,只能看懂最简单的语法啊)。 那我把这两个页面的部分代码贴一下吧,求求各位帮个忙啊,看看怎么改才能实现管理员和作者自己才能修改自己帖子的功能。 ------------------------------------------------- 登录页面(admin.php): <?php mysql_select_db($database_sqllink, $sqllink); $query_Recordset1 = "SELECT * FROM `user`"; $Recordset1 = mysql_query($query_Recordset1, $sqllink) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); }$loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; }if (isset($_POST['user_name'])) { $loginUsername=$_POST['user_name']; $password=$_POST['pwd']; $MM_fldUserAuthorization = "user_level"; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "admin.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_sqllink, $sqllink);
$LoginRS__query=sprintf("SELECT user_name, user_pwd, user_level FROM user WHERE user_name='%s' AND user_pwd='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $sqllink) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) {
//declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> ------------------------------------------ 编辑页面(edit.php) <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false";// *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)&&($row_Recordset1['bbs_author']=$_SESSION['MM_Username'])){ // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; }
// Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; }$MM_restrictGoTo = "admin.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?><?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; }$editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); }if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE bbs SET bbs_content=%s WHERE bbs_title=%s", GetSQLValueString($_POST['content'], "text"), GetSQLValueString($_POST['bbs_title'], "text")); mysql_select_db($database_sqllink, $sqllink); $Result1 = mysql_query($updateSQL, $sqllink) or die(mysql_error()); $updateGoTo = "viewtitle.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); }$colname_Recordset1 = "-1"; if (isset($_GET['bbs_id'])) { $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_GET['bbs_id'] : addslashes($_GET['bbs_id']); } mysql_select_db($database_sqllink, $sqllink); $query_Recordset1 = sprintf("SELECT * FROM bbs WHERE bbs_id = %s", $colname_Recordset1); $Recordset1 = mysql_query($query_Recordset1, $sqllink) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); ?>
首先有一处错误需要更正: if (!empty($UserName)&&($row_Recordset1['bbs_author']=$_SESSION['MM_Username'])){ 改为: if (!empty($UserName)&&($row_Recordset1['bbs_author']==$_SESSION['MM_Username'])){ 其次, 如果按照分为两个用户组(1和2),1为管理员组,2为普通用户组;则可以按下面方式控制: if ($user_group==2 && $row_Recordset1['bbs_author']==$_SESSION['MM_Username']){ //在这里处理普通用户可以对自己帖子所进行的操作. }elseif($user_group==1){ //在这里处理管理员对帖子的操作. }处理帖子的操作可以封装一下以精简代码. 慢慢来吧, 加油!
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "1";
$MM_donotCheckaccess = "false";// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "admin.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "1";
$MM_donotCheckaccess = "false";我改成:
if (!isset($_SESSION)) {
session_start();
}
if(($MM_authorizedUsers= "1")||($row_Recordset1['bbs_author']==$_SESSION['MM_Username'])
$MM_donotCheckaccess = "false";
前不要有输出!
我是在DREAMWEAVER里面做的,刚接触PHP,为实现这个功能已经费了几个晚上,唉....
我快要郁闷死了
要写在页面的最前面
<?php
session_start();
.......//其它代码
?>
例如作者(auth)、权限(power)普通用户为0管理员为1来举例
然后根据这个来判断if($auto==$_SESSION['auth']||$_SESSION['power']=="1"){
可以编辑;
}
$_SESSION['auth']="admin";
这样就行了作者就是admin
然后在编辑页里面把if (!empty($UserName)改成if (!empty($UserName)&&($row_Recordset1['bbs_author']=$_SESSION['MM_Username'])),
可是现在登录后,一般用户都能修改所有帖子了
是作者的时候,$_SESSION['MM_UserGroup'] ="1"
普通用户$_SESSION['MM_UserGroup'] ="2"
编辑页面:if($_SESSION['MM_UserGroup'] =="1"){作者可以进行的操作}
else{您无权操作}
登陆页面的最前端,注册$_SESSION['MM_UserGroup']前要清空SESSION.
那我把这两个页面的部分代码贴一下吧,求求各位帮个忙啊,看看怎么改才能实现管理员和作者自己才能修改自己帖子的功能。
-------------------------------------------------
登录页面(admin.php):
<?php
mysql_select_db($database_sqllink, $sqllink);
$query_Recordset1 = "SELECT * FROM `user`";
$Recordset1 = mysql_query($query_Recordset1, $sqllink) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}if (isset($_POST['user_name'])) {
$loginUsername=$_POST['user_name'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "user_level";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "admin.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_sqllink, $sqllink);
$LoginRS__query=sprintf("SELECT user_name, user_pwd, user_level FROM user WHERE user_name='%s' AND user_pwd='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $sqllink) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'user_level');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
------------------------------------------
编辑页面(edit.php)
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "1";
$MM_donotCheckaccess = "false";// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)&&($row_Recordset1['bbs_author']=$_SESSION['MM_Username'])){
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}$MM_restrictGoTo = "admin.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?><?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE bbs SET bbs_content=%s WHERE bbs_title=%s",
GetSQLValueString($_POST['content'], "text"),
GetSQLValueString($_POST['bbs_title'], "text")); mysql_select_db($database_sqllink, $sqllink);
$Result1 = mysql_query($updateSQL, $sqllink) or die(mysql_error()); $updateGoTo = "viewtitle.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}$colname_Recordset1 = "-1";
if (isset($_GET['bbs_id'])) {
$colname_Recordset1 = (get_magic_quotes_gpc()) ? $_GET['bbs_id'] : addslashes($_GET['bbs_id']);
}
mysql_select_db($database_sqllink, $sqllink);
$query_Recordset1 = sprintf("SELECT * FROM bbs WHERE bbs_id = %s", $colname_Recordset1);
$Recordset1 = mysql_query($query_Recordset1, $sqllink) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
if (!empty($UserName)&&($row_Recordset1['bbs_author']=$_SESSION['MM_Username'])){
改为:
if (!empty($UserName)&&($row_Recordset1['bbs_author']==$_SESSION['MM_Username'])){ 其次, 如果按照分为两个用户组(1和2),1为管理员组,2为普通用户组;则可以按下面方式控制:
if ($user_group==2 && $row_Recordset1['bbs_author']==$_SESSION['MM_Username']){
//在这里处理普通用户可以对自己帖子所进行的操作. }elseif($user_group==1){
//在这里处理管理员对帖子的操作. }处理帖子的操作可以封装一下以精简代码.
慢慢来吧, 加油!
如果已经登录,但是该帖子的用户名与登录用户不相等,则出现“你不是该作者,你只能编辑自己的帖子!”的提示。现在的问题是,以下代码在执行时,无论用户登录与否,或者登录用户是否为该贴作者,都只出现“对不起,你还没有登录,请先登录”的提示。各位兄弟帮我看看以下代码错在哪里?
<?php if($_SESSION['MM_Username']==""){
echo '对不起,你还没有登录,请先<a href="admin.php">登录!</a>';
}
elseif($row_Recordset1['bbs_author']!=$_SESSION['MM_Username']){
echo '或你不是该作者,你只能编辑自己的帖子!<br />
'.'请<a href="index.php">返回!</a>';}
exit();
?>
$FF_authorizedUsers=" 1";
$FF_authFailedURL="error.php";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
if (false || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
$FF_grantAccess = 1;
}
}