做了一个系统,后台有管理员登陆;
前台有普通注册用户登陆;
我写的前后台的session都是这样写的,同时还做了自动登陆,条件是只能有session就直接登陆了。
if(empty($_SESSION['username']) && empty($_SESSION['uid'])){ $this->error("您还没有登陆",U("/Admin/Login/index"),3);} ,然后我发现一个问题,我在前台随便注册了一个用户,在前台登陆,php记录了$_SESSION['username'],然后我登陆后台,直接就进后台了。
我知道我这样写有问题哈,我问下应该如何解决?
我是这样想的:前台和后台的session名保持不一样,
比如前台$_SESSION['username_index']
后台$_SESSION['username_admin'],可以吗?
回复讨论(解决方案)
前后台保存的session变量不一致,怎么会自动登录呢?
还有个问题就是后台,你登陆的时候,肯定login user表要查询用户信息的。
还有个问题就是后台,你登陆的时候,肯定login user表要查询用户信息的。
我先说的是我的错误哈,
1.开始我没注意,前台和后台的session名一致的,我想问我做成不一致是不是就是正规的做法了?
2.我后台做了一个自动登陆,大概是这样写的:只要我检测到有后台的session,直接登陆,不用验证
设置两个不同的SESSION是可以的,但是还得进行管理员表的验证啊,不是后台管理员,就不让他登录
对于你的情况,建议不要再在判断逻辑上绕圈子了
而是果断的加一个权限字 permit
设前台权限为 0(因为你原来没有权限字)后台权限为 1
你只需给用户表加一个权限字段,并设管理员用户的权限为 1 就可以了
登录时同时取出权限保存于 session 比如 $_SESSION['permit']
判断时 if($permit == ($permit & $_SESSION['permit'])) 即可
式中 $permit 为版面所需权限
对于你的情况,建议不要再在判断逻辑上绕圈子了
而是果断的加一个权限字 permit
设前台权限为 0(因为你原来没有权限字)后台权限为 1
你只需给用户表加一个权限字段,并设管理员用户的权限为 1 就可以了
登录时同时取出权限保存于 session 比如 $_SESSION['permit']
判断时 if($permit == ($permit & $_SESSION['permit'])) 即可
式中 $permit 为版面所需权限
版主v5!
Working with Flash Session Data in LaravelMar 12, 2025 pm 05:08 PMLaravel simplifies handling temporary session data using its intuitive flash methods. This is perfect for displaying brief messages, alerts, or notifications within your application. Data persists only for the subsequent request by default: $request-
cURL in PHP: How to Use the PHP cURL Extension in REST APIsMar 14, 2025 am 11:42 AMThe PHP Client URL (cURL) extension is a powerful tool for developers, enabling seamless interaction with remote servers and REST APIs. By leveraging libcurl, a well-respected multi-protocol file transfer library, PHP cURL facilitates efficient execution of various network protocols, including HTTP, HTTPS, and FTP. This extension offers granular control over HTTP requests, supports multiple concurrent operations, and provides built-in security features.
Simplified HTTP Response Mocking in Laravel TestsMar 12, 2025 pm 05:09 PMLaravel provides concise HTTP response simulation syntax, simplifying HTTP interaction testing. This approach significantly reduces code redundancy while making your test simulation more intuitive. The basic implementation provides a variety of response type shortcuts: use Illuminate\Support\Facades\Http; Http::fake([ 'google.com' => 'Hello World', 'github.com' => ['foo' => 'bar'], 'forge.laravel.com' =>
12 Best PHP Chat Scripts on CodeCanyonMar 13, 2025 pm 12:08 PMDo you want to provide real-time, instant solutions to your customers' most pressing problems? Live chat lets you have real-time conversations with customers and resolve their problems instantly. It allows you to provide faster service to your custom
Explain the concept of late static binding in PHP.Mar 21, 2025 pm 01:33 PMArticle discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
PHP Logging: Best Practices for PHP Log AnalysisMar 10, 2025 pm 02:32 PMPHP logging is essential for monitoring and debugging web applications, as well as capturing critical events, errors, and runtime behavior. It provides valuable insights into system performance, helps identify issues, and supports faster troubleshoot
HTTP Method Verification in LaravelMar 05, 2025 pm 04:14 PMLaravel simplifies HTTP verb handling in incoming requests, streamlining diverse operation management within your applications. The method() and isMethod() methods efficiently identify and validate request types. This feature is crucial for building
Discover File Downloads in Laravel with Storage::downloadMar 06, 2025 am 02:22 AMThe Storage::download method of the Laravel framework provides a concise API for safely handling file downloads while managing abstractions of file storage. Here is an example of using Storage::download() in the example controller:
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
Dreamweaver Mac version
Visual web development tools
WebStorm Mac version
Useful JavaScript development tools
Notepad++7.3.1
Easy-to-use and free code editor
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
