我已经用PHP创建了一个管理员登录，但它不起作用.有人能指导我完成它或提出适当的修正案吗 - I have created an admin login with PHP but its not working. Can someone guide me through it or offer appropriate amendments?

I have created an admin login with PHP but its not working. Can someone guide me through it or offer appropriate amendments?

这是我的登录表单（admin_login.php），带有用户名和密码输入，当我点击提交时，它应该会运行login.php脚本。

admin_login.php
//the login form
<?php 
$dbhost = 'xxxxxx';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db('xxxxxx');
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/master.css">
</head>
<body>
<form method="post" action="login.php">
User:<input name="username" type="text">
Pass:<input name="password" type="password">
<input name="submit" type="submit" value="Submit">
</form>
</body>
</html>

下面的代码应该使用上一个文件admin_login.php中的用户名和密码值，如果用户名和密码与我的数据库中存储的相同，则允许用户访问admin_control_panel.php。否则返回登录。

login.php
//the action script
<?php
$dbhost = 'xxxxxx';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db('xxxxxx', $con);
$query = "SELECT username FROM users ".
         "WHERE username='"$username'" ".
         "AND password = '"$password'"";
$result = mysql_query($query, $con);         
if (mysql_num_rows($result) == 0)
    header("Location: admin_login.php");
else    
    header("Location: admin_control_panel.php");
?>

如果一切都很好，我应该有一个管理控制面板，我应该能够像正常页面一样使用，除非只有我可以访问它

admin_control_panel.php
//where I will be able to access the admin panel, only I should be authorized.
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Control Panel</title>
</head>
<body>
<p>You are in the admin control panel</p>
</body>
</html>
`

提前谢谢。

您没有得到$_POST结果。尝试：

$query = "SELECT username FROM users ".
         "WHERE username='".$_POST[username]."' ".
         "AND password = '".$_POST[password]."'";

此外，这只是一个指导方针。您对sql注入持开放态度，应该考虑使用PDO

您可能还需要$result = mysql_query($query, $con); 之后的mysql_data_seek($result, 0);

您需要将内部结果指针移动到以mysql_data_seek开头的位置。

$username=$_POST['username']和密码相同。