创建PHP登录会话 [英] Create session for php login

问题描述

我正在为一个小型网站创建一个管理员登录，我正在为该管理员访问网站后台提供服务，但我对会话(以及一般而言的php)了解得很少.

I'm creating an admin log-in for a small website that i'm making for the admin gets acess to the website back office but i understand very little about sessions (and php in general).

有两个页面:admin.php(管理员登录所在的页面)和backoffice.php(登录成功后将管理员重定向到此处).

There are two pages: admin.php (is where the admin logs in) and backoffice.php (the admin is redirected to here after the log-in is sucessfull).

为管理员创建会话的最简单方法是什么，以使用户无法仅通过转到"www.example.com/backoffice.php"来访问后台?

What's the simplest way to create a session for the admin so a user can't access the backoffice just by going to "www.example.com/backoffice.php" ?

我不知道这是否有兴趣，但这是我用来登录管理员的PHP:

I don't know if this has any interest, but here's the PHP i use to log-in the admin:

<?php
ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="dragoesmurtosa"; // Database name 
$tbl_name="login"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password") or die(mysql_error());
mysql_select_db("$db_name") or die(mysql_error());
// Check $username and $password 

if(empty($_POST['username']))
{
    echo "UserName/Password is empty!";
    return false;
}
if(empty($_POST['password']))
{
    echo "Password is empty!";
    return false;
}


// Define $username and $password 
$username=$_POST['username']; 
$password=($_POST['password']);


// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if ($count==1) {
    header( "refresh:0;url=backoffice.php" );
} else {
    echo "Wrong password, you'll be sent to the login page";
    header( "refresh:3;url=admin.php" );
}

ob_end_flush();
?>

推荐答案

在代码顶部添加

session_start();

替换

if ($count==1) {
header( "refresh:0;url=backoffice.php" );

}

使用

if ($count==1) {
    header( "refresh:0;url=backoffice.php" );
$_SESSION['logged']="true";
} 

然后，在backoffice.php中，将其放在顶部

Then, in backoffice.php, put at the top

<?php
session_start();
if($_SESSION['logged']!="true"){echo 'Error! You\'re not logged in!';}
else{//your code
}
?>

这篇关于创建PHP登录会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！