php实现账号切换源码

PHP 实现账号切换功能
实现账号切换功能通常需要以下几个关键部分:用户认证、会话管理、权限验证以及界面交互。以下是一个简单的实现示例:
数据库表结构(MySQL示例)
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
password VARCHAR(255) NOT NULL,
role ENUM('admin', 'user') DEFAULT 'user'
);
用户登录认证
// login.php
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
// 数据库查询
$pdo = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
header('Location: dashboard.php');
exit;
} else {
$error = "Invalid credentials";
}
}
账号切换功能
// switch_account.php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['target_user'])) {
$targetUser = $_POST['target_user'];
$pdo = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$targetUser]);
$user = $stmt->fetch();
if ($user) {
// 保存当前用户信息到临时会话
$_SESSION['original_user'] = [
'id' => $_SESSION['user_id'],
'username' => $_SESSION['username'],
'role' => $_SESSION['role']
];
// 切换到目标账号
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['role'] = $user['role'];
header('Location: dashboard.php');
exit;
}
}
切换回原始账号
// revert_account.php
session_start();
if (isset($_SESSION['original_user'])) {
$_SESSION['user_id'] = $_SESSION['original_user']['id'];
$_SESSION['username'] = $_SESSION['original_user']['username'];
$_SESSION['role'] = $_SESSION['original_user']['role'];
unset($_SESSION['original_user']);
}
header('Location: dashboard.php');
前端界面示例
<!-- switch_form.html -->
<form action="switch_account.php" method="post">
<select name="target_user">
<?php
$pdo = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');
$stmt = $pdo->query("SELECT username FROM users WHERE username != ?");
$stmt->execute([$_SESSION['username']]);
while ($row = $stmt->fetch()) {
echo '<option value="'.$row['username'].'">'.$row['username'].'</option>';
}
?>
</select>
<button type="submit">切换账号</button>
</form>
<?php if (isset($_SESSION['original_user'])): ?>
<a href="revert_account.php">切换回原账号</a>
<?php endif; ?>
安全注意事项
- 确保只有管理员或有权限的用户才能执行账号切换
- 使用预处理语句防止SQL注入
- 对敏感操作记录日志
- 使用HTTPS保护会话数据
- 设置会话过期时间
这个实现提供了基本的账号切换功能,可以根据实际需求进行扩展,比如添加切换记录、限制切换时间等。







