嗨,伙计们,谁能帮帮我?我已经在下面创建了这个登录系统,我需要检查用户是否在访问管理区域"cpanel.php"之前登录。
authorize.php
<?php
try {
$dbh = new PDO("mysql:host=localhost;dbname=vbl", "root", "");
} catch (PDOException $e) {
echo $e->getMessage();
exit();
}
$query = "SELECT * FROM `users` WHERE LOWER(`username`) = :username";
$stmt = $dbh->prepare($query);
$stmt->bindValue(':username', strtolower($_POST['username']));
$stmt->execute();
if ($stmt->rowCount() == 1) {
$row = $stmt->fetch(PDO::FETCH_ASSOC);
require('blowfish.class.php');
$bcrypt = new Bcrypt(4);
if ($bcrypt->verify($_POST['password'], $row['password'])) {
header("location: cpanel.php");
} else {
header("location: login.php");
}
}
?>
顺便说一句,这是一种可以登录的方式吗?
按照以下步骤操作
Sept 1: Set session about your login user details
session_start();
$_SESSION['user_name']=$username;
$_SESSION['user_role']=$role;
步骤2:访问任意页面的会话
session_start();
if(isset($_SESSION['user_name']))
{
//user logged in
//do whatever you want
}
else
{
//user did not logged in
}
步骤3:在注销页面销毁用户会话
session_start();
session_destroy();
一旦你在登录页面上创建了会话,你就可以在应用程序的任何页面上使用会话。