用于区分用户的PHP gobal变量(登录)
我想为我的朋友写一个登录页面。我想作为唯一一个访问/root/root.php的人。登录表单等工作正常,但登录用户只需输入url即可进入root.php。如何创建一个变量或类似的东西来阻止访问?这是我的密码: login.php用于区分用户的PHP gobal变量(登录),php,html,mysql,Php,Html,Mysql,我想为我的朋友写一个登录页面。我想作为唯一一个访问/root/root.php的人。登录表单等工作正常,但登录用户只需输入url即可进入root.php。如何创建一个变量或类似的东西来阻止访问?这是我的密码: login.php <?php session_start(); $hostname = 'localhost'; $dbname = 'XXX'; $username = 'XXX'; $password = 'XXX'; mysql_connect($hostname, $u
<?php
session_start();
$hostname = 'localhost';
$dbname = 'XXX';
$username = 'XXX';
$password = 'XXX';
mysql_connect($hostname, $username, $password) or DIE('Connection to host isailed, perhaps the service is down!');
mysql_select_db($dbname) or DIE('Database name is not available!');
$userName=mysql_real_escape_string($_POST['Name']);
$passWord=mysql_real_escape_string($_POST['Password']);
$query = mysql_query("SELECT id, server FROM admins WHERE Name='$userName' AND Password='$passWord'");
$rows = mysql_num_rows($query);
$test = mysql_fetch_row($query);
if ($rows==1)
{
$_SESSION['userName'] = $_POST['Name'];
if($test[1] == "Root") {
header("Location: root/root.php");
} else if($test[1] == "Minecraft"){
header("Location: minecraft/minecraft.php");
} else {
echo "<center><h1>No database-entry!</h1></center>";
}
}
else
{
echo "<div class='login'>
<table class='loginwindow'>
<tr>
<td><h3>Wrong Password!</h3></td>
</tr>
<tr>
<td><a href='index.php'><button class='loginlogout'>To Login</button></a></td>
</tr>
</div>";
//header("Location: login.html");
}?>
首先,您需要设置一个会话变量$\u session['root']=$test[1]代码>行下$\u SESSION['userName']=$\u POST['Name']在login.php中编写>代码,然后在root.php中简单地检查是否($\u SESSION['root']=“root”)
$userName=mysql_real_escape_string($_POST['Name']);
$passWord=mysql_real_escape_string($_POST['Password']);
$query = mysql_query("SELECT id, server FROM admins WHERE Name='$userName' AND Password='$passWord'");
$rows = mysql_num_rows($query);
$test = mysql_fetch_row($query);
if ($rows==1)
{
$_SESSION['userName'] = $_POST['Name'];
$_SESSION['root'] = $test[1]; // Add this line here
if($test[1] == "Root") {
header("Location: root/root.php");
} else if($test[1] == "Minecraft"){
header("Location: minecraft/minecraft.php");
} else {
echo "<center><h1>No database-entry!</h1></center>";
}
}
else
{
echo "<div class='login'>
<table class='loginwindow'>
<tr>
<td><h3>Wrong Password!</h3></td>
</tr>
<tr>
<td><a href='index.php'><button class='loginlogout'>To Login</button></a></td>
</tr>
</div>";
//header("Location: login.html");
}?>
<html>
<head>
<title>Root</title>
<?php
session_start();
if(!isset($_SESSION['userName']))
{
//exit(header("location: ../login.html"));
echo "You need to login first!<br />";
echo "<a href='../index.php'>To Login</a>";
exit();
}
// Add below if condition
if($_SESSION['root'] != "Root"){
//exit(header("location: ../login.html"));
echo "You are not allowed to access root!<br />";
echo "<a href='../index.php'>To Login</a>";
exit();
}
?>
<link href="../style.css" type="text/css" rel="stylesheet" />
</head>
<body>
<?php
echo "Welcome " . $_SESSION['userName'];
?>
</body>
</html>
login.php
$userName=mysql_real_escape_string($_POST['Name']);
$passWord=mysql_real_escape_string($_POST['Password']);
$query = mysql_query("SELECT id, server FROM admins WHERE Name='$userName' AND Password='$passWord'");
$rows = mysql_num_rows($query);
$test = mysql_fetch_row($query);
if ($rows==1)
{
$_SESSION['userName'] = $_POST['Name'];
$_SESSION['root'] = $test[1]; // Add this line here
if($test[1] == "Root") {
header("Location: root/root.php");
} else if($test[1] == "Minecraft"){
header("Location: minecraft/minecraft.php");
} else {
echo "<center><h1>No database-entry!</h1></center>";
}
}
else
{
echo "<div class='login'>
<table class='loginwindow'>
<tr>
<td><h3>Wrong Password!</h3></td>
</tr>
<tr>
<td><a href='index.php'><button class='loginlogout'>To Login</button></a></td>
</tr>
</div>";
//header("Location: login.html");
}?>
$userName=mysql\u real\u escape\u字符串($\u POST['Name']);
$passWord=mysql\u real\u escape\u字符串($\u POST['passWord']);
$query=mysql_query(“从管理员中选择id、服务器,其中Name='$userName'和Password='$Password'”);
$rows=mysql\u num\u rows($query);
$test=mysql\u fetch\u行($query);
如果($rows==1)
{
$\会话['userName']=$\发布['Name'];
$\u会话['root']=$test[1];//在此处添加此行
如果($test[1]=“Root”){
标题(“位置:root/root.php”);
}否则,如果($test[1]=“Minecraft”){
标题(“位置:minecraft/minecraft.php”);
}否则{
echo“没有数据库条目!”;
}
}
其他的
{
回声“
密码错误!
";
//标题(“Location:login.html”);
}?>
Root.php
$userName=mysql_real_escape_string($_POST['Name']);
$passWord=mysql_real_escape_string($_POST['Password']);
$query = mysql_query("SELECT id, server FROM admins WHERE Name='$userName' AND Password='$passWord'");
$rows = mysql_num_rows($query);
$test = mysql_fetch_row($query);
if ($rows==1)
{
$_SESSION['userName'] = $_POST['Name'];
$_SESSION['root'] = $test[1]; // Add this line here
if($test[1] == "Root") {
header("Location: root/root.php");
} else if($test[1] == "Minecraft"){
header("Location: minecraft/minecraft.php");
} else {
echo "<center><h1>No database-entry!</h1></center>";
}
}
else
{
echo "<div class='login'>
<table class='loginwindow'>
<tr>
<td><h3>Wrong Password!</h3></td>
</tr>
<tr>
<td><a href='index.php'><button class='loginlogout'>To Login</button></a></td>
</tr>
</div>";
//header("Location: login.html");
}?>
<html>
<head>
<title>Root</title>
<?php
session_start();
if(!isset($_SESSION['userName']))
{
//exit(header("location: ../login.html"));
echo "You need to login first!<br />";
echo "<a href='../index.php'>To Login</a>";
exit();
}
// Add below if condition
if($_SESSION['root'] != "Root"){
//exit(header("location: ../login.html"));
echo "You are not allowed to access root!<br />";
echo "<a href='../index.php'>To Login</a>";
exit();
}
?>
<link href="../style.css" type="text/css" rel="stylesheet" />
</head>
<body>
<?php
echo "Welcome " . $_SESSION['userName'];
?>
</body>
</html>
根
。它们不再得到维护。看到了吗?相反,学习,并使用or-将帮助您决定哪一个。如果选择PDO,。也不要存储密码纯文本。请看一看