这是我的登录表单(admin_login.php),带有用户名和密码输入,当我点击提交时,它应该会运行login.php脚本。
admin_login.php
//the login form
<?php
$dbhost = 'xxxxxx';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('xxxxxx');
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/master.css">
</head>
<body>
<form method="post" action="login.php">
User:<input name="username" type="text">
Pass:<input name="password" type="password">
<input name="submit" type="submit" value="Submit">
</form>
</body>
</html>
下面的代码应该使用上一个文件admin_login.php中的用户名和密码值,如果用户名和密码与我的数据库中存储的相同,则允许用户访问admin_control_panel.php。否则返回登录。
login.php
//the action script
<?php
$dbhost = 'xxxxxx';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('xxxxxx', $con);
$query = "SELECT username FROM users ".
"WHERE username='"$username'" ".
"AND password = '"$password'"";
$result = mysql_query($query, $con);
if (mysql_num_rows($result) == 0)
header("Location: admin_login.php");
else
header("Location: admin_control_panel.php");
?>
如果一切都很好,我应该有一个管理控制面板,我应该能够像正常页面一样使用,除非只有我可以访问它
admin_control_panel.php
//where I will be able to access the admin panel, only I should be authorized.
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Control Panel</title>
</head>
<body>
<p>You are in the admin control panel</p>
</body>
</html>
`
提前谢谢。
您没有得到$_POST
结果。尝试:
$query = "SELECT username FROM users ".
"WHERE username='".$_POST[username]."' ".
"AND password = '".$_POST[password]."'";
此外,这只是一个指导方针。您对sql注入持开放态度,应该考虑使用PDO
您可能还需要$result = mysql_query($query, $con);
之后的mysql_data_seek($result, 0);
您需要将内部结果指针移动到以mysql_data_seek
开头的位置。
$username=$_POST['username']和密码相同。