如何使用Cookie创建带有登录的php页面?
我想创建一个具有登录名的管理员页面,如果用户已登录,并且他是我数据库中的管理员,则必须显示内容,如果不是管理员,则将显示内容,但没有某些权限。如果用户和密码与数据库中的任何用户和密码不匹配,则必须出现消息错误 这是我的HTML代码:如何使用Cookie创建带有登录的php页面?,php,mysql,database,cookies,login,Php,Mysql,Database,Cookies,Login,我想创建一个具有登录名的管理员页面,如果用户已登录,并且他是我数据库中的管理员,则必须显示内容,如果不是管理员,则将显示内容,但没有某些权限。如果用户和密码与数据库中的任何用户和密码不匹配,则必须出现消息错误 这是我的HTML代码: <form action="admin.php" method="post"> <table> <tr><td> <label>User:  &
<form action="admin.php" method="post">
<table>
<tr><td>
<label>User:   </label> </td> <td><input type="text" class="text" name="user"/> <span></span>
</td></tr>
<tr><td>
<label>Password:</label> </td> <td> <input type="password" class="text" name="pass"/> <span></span>
</td></tr>
<tr ><td colspan="2">
<p align=center><input type="submit" class="submit" value="Log In" /> </p>
</td></tr>
谢谢大家! 您的SQL已经。。不好的。您正在使用mysql,但现在让我们跳过它。您没有检查用户是否存在以及密码是否匹配
$result = mysql_query("SELECT * FROM `users` WHERE `username` = $user AND `password` = $pass");
if(mysql_num_rows($result) > 0) { //so if user exists where user = adimouse91 and pass = mouse, it'll be one
echo 'this is content for logged in users';
}
$isAdmin = mysql_fetch_assoc($result);
if($isAdmin['is_admin'] == '1') {
echo 'this is content for admins';
}
我没有考虑密码盐分和散列(你应该这样做!)或会话。会话使您的生活更轻松(想象一下,如果($\u SESSION['admin']==1){}!)您可以只做
。您的SQL已经。。不好的。您正在使用mysql,但现在让我们跳过它。您没有检查用户是否存在以及密码是否匹配
$result = mysql_query("SELECT * FROM `users` WHERE `username` = $user AND `password` = $pass");
if(mysql_num_rows($result) > 0) { //so if user exists where user = adimouse91 and pass = mouse, it'll be one
echo 'this is content for logged in users';
}
$isAdmin = mysql_fetch_assoc($result);
if($isAdmin['is_admin'] == '1') {
echo 'this is content for admins';
}
我没有考虑密码盐分和散列(你应该这样做!)或会话。会话让你的生活更轻松(想象一下,如果($_SESSION['admin']==1){}。我做到了!答案是:
admin.php
<div id="content">
<div id="main_r">';
require_once('config.php');
if (isset($_GET['err'])){
$err=$_GET['err'];
if($err==1)
echo'<h4>Pls insert user and pass!</h4>';
else if ($err==2)
echo'<h4>User and pass are incorect!</h4>';
}
if(!isset($_COOKIE["TestCookie"]))
echo'
<form action="dologin.php" method="post">
<table>
<tr><td>
<label>User:   </label> </td> <td><input type="text" class="text" name="user"/> <span></span>
</td></tr>
tr><td>
<label>Pass:</label> </td> <td> <input type="password" class="text" name="pass"/> <span></span>
</td></tr>
<tr ><td colspan="2">
<p align=center><input type="submit" class="submit" value="Log In" /> </p>
</td></tr>
</table>';
else{
$curr = $_COOKIE['TestCookie'];
$sql = "SELECT user, admin FROM useri WHERE ID_user='$curr'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
echo'<h4>Welcome '.$row['user'].'</h4>
</div>';
}
';
需要一次_('config.php');
如果(isset($\u GET['err'])){
$err=$_GET['err'];
如果($err==1)
echo'Pls insert user and pass!';
else if($err==2)
echo'User和pass不正确!';
}
如果(!isset($_COOKIE[“TestCookie”]))
回声'
用户:
tr>
通过:
';
否则{
$curr=$_COOKIE['TestCookie'];
$sql=“从useri中选择用户、管理员,其中ID\u user='$curr';
$result=mysql\u查询($sql);
$row=mysql\u fetch\u数组($result);
回显“欢迎”。$row[“用户”]。'
';
}
dologin.php
<?php
require_once('config.php');
if (isset($_POST['user']) && isset($_POST['pass']))
{
$user = $_POST['user'] ;
$pass = $_POST['pass'] ;
$pass_hash = md5($pass);
$err = 0;
if (!empty($user) && !empty($pass))
{
$sql="SELECT ID_user FROM useri WHERE user='$user' AND password='$pass_hash'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
if ($result)
{
$num_rows = mysql_num_rows($result);
if($num_rows==0)
$err=2;
else if ($num_rows==1)
{
$ID_user = $row['ID_user'];
//echo $ID_user;
setcookie("TestCookie",$ID_user, time()+3600);
}
}
} else
$err=1;
header("Location: http://yoursite/admin.php?err=".$err);
exit;
}
?>
我做到了!答案是:
admin.php
<div id="content">
<div id="main_r">';
require_once('config.php');
if (isset($_GET['err'])){
$err=$_GET['err'];
if($err==1)
echo'<h4>Pls insert user and pass!</h4>';
else if ($err==2)
echo'<h4>User and pass are incorect!</h4>';
}
if(!isset($_COOKIE["TestCookie"]))
echo'
<form action="dologin.php" method="post">
<table>
<tr><td>
<label>User:   </label> </td> <td><input type="text" class="text" name="user"/> <span></span>
</td></tr>
tr><td>
<label>Pass:</label> </td> <td> <input type="password" class="text" name="pass"/> <span></span>
</td></tr>
<tr ><td colspan="2">
<p align=center><input type="submit" class="submit" value="Log In" /> </p>
</td></tr>
</table>';
else{
$curr = $_COOKIE['TestCookie'];
$sql = "SELECT user, admin FROM useri WHERE ID_user='$curr'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
echo'<h4>Welcome '.$row['user'].'</h4>
</div>';
}
';
需要一次_('config.php');
如果(isset($\u GET['err'])){
$err=$_GET['err'];
如果($err==1)
echo'Pls insert user and pass!';
else if($err==2)
echo'User和pass不正确!';
}
如果(!isset($_COOKIE[“TestCookie”]))
回声'
用户:
tr>
通过:
';
否则{
$curr=$_COOKIE['TestCookie'];
$sql=“从useri中选择用户、管理员,其中ID\u user='$curr';
$result=mysql\u查询($sql);
$row=mysql\u fetch\u数组($result);
回显“欢迎”。$row[“用户”]。'
';
}
dologin.php
<?php
require_once('config.php');
if (isset($_POST['user']) && isset($_POST['pass']))
{
$user = $_POST['user'] ;
$pass = $_POST['pass'] ;
$pass_hash = md5($pass);
$err = 0;
if (!empty($user) && !empty($pass))
{
$sql="SELECT ID_user FROM useri WHERE user='$user' AND password='$pass_hash'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
if ($result)
{
$num_rows = mysql_num_rows($result);
if($num_rows==0)
$err=2;
else if ($num_rows==1)
{
$ID_user = $row['ID_user'];
//echo $ID_user;
setcookie("TestCookie",$ID_user, time()+3600);
}
}
} else
$err=1;
header("Location: http://yoursite/admin.php?err=".$err);
exit;
}
?>