php 如何在php网站上创建管理员登录?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10028255/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How create admin login on php website?
提问by Harpuneet
My registration page and login form is working fine. If any member register and then login, user come to member.php page. member page has their profile information which is only for members. Now i want to create an admin login in which admin will redirect to admin.php page. This page has all information like: about how many user register (done) all other admin task(done)
我的注册页面和登录表单工作正常。如果任何会员注册然后登录,用户就会来到member.php 页面。会员页面有他们的个人资料信息,仅供会员使用。现在我想创建一个管理员登录,其中管理员将重定向到 admin.php 页面。此页面包含所有信息,例如:关于有多少用户注册(完成)所有其他管理任务(完成)
I have done my admin pages but i dont know how to authorise admin login and password, if i use those then it will take me to admin area.
我已经完成了我的管理页面,但我不知道如何授权管理登录名和密码,如果我使用它们,那么它将带我到管理区域。
Here is my code of login form
这是我的登录表单代码
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
<table width="700" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="112"><b>User id (Email-id)</b></td>
<td width="188"><input name="user_email" type="text" class="textfield" id="login" /></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>
code for login-exec.php
login-exec.php 的代码
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
//Select database
----something----
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$user_email = clean($_POST['user_email']);
$pwd = clean($_POST['password']);
//Input Validations
if($user_email == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($pwd == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM customer WHERE user_email='$user_email' AND password='$pwd' ";
if ($user_email= )
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$customer = mysql_fetch_assoc($result);
$_SESSION['SESS_id'] = $customer['id'];
$_SESSION['SESS_fname'] = $customer['first_name'];
$_SESSION['SESS_lname'] = $customer['last_name'];
session_write_close();
header("location: member-index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>
采纳答案by heyanshukla
You can have an extra field in your database for all members including admin to set user permission to store user permissions. If that field is admin you can have admin area for that user else if it is member than you can go for member area.
您可以在数据库中为包括管理员在内的所有成员设置一个额外的字段来设置用户权限以存储用户权限。如果该字段是管理员,您可以为该用户设置管理区域,如果它是会员,则您可以进入会员区域。
回答by heyanshukla
You could have an Extra Part of your Database index to classify permissions IE: like a "level" permission, and then check that level. AKA: If level is above 3 or something, allow access to auto access an Admin page.
您可以拥有数据库索引的额外部分来对 IE 权限进行分类:例如“级别”权限,然后检查该级别。又名:如果级别高于 3 或其他级别,则允许访问自动访问管理页面。
回答by Mike
So to rephrase the problem, you've grabbed code from somewhere (here perhaps: http://www.phpfreaks.com/forums/index.php?topic=314604), and now you want to change its behavior to also allow admin users. The best advice I have is to understand the code you are using first.
因此,重新表述这个问题,您已经从某个地方获取了代码(这里可能是:http://www.phpfreaks.com/forums/index.php?topic=314604 ),现在您想更改其行为以也允许管理员用户。我的最佳建议是先了解您正在使用的代码。
Look for the line header("Location: member-index.php");that is the line that redirects the user to the member-index page. Since you have indicated you don't want to do it properly with a database field, you can hardcode a test for the value of $user_email; if it is admin@blah, then you can set a special Session variable say, 'SESS_isadmin', and redirect to a different page instead. That new page can test the 'SESS_isadmin' value to make sure the user is logged in; if they are not, you can redirect them to the login page.
查找header("Location: member-index.php");将用户重定向到成员索引页面的行。由于您已表示不想使用数据库字段正确执行此操作,因此您可以对 $user_email 的值进行硬编码测试;如果是 admin@blah,那么您可以设置一个特殊的会话变量,例如“SESS_isadmin”,然后重定向到不同的页面。该新页面可以测试“SESS_isadmin”值以确保用户已登录;如果不是,您可以将它们重定向到登录页面。
Short of actually writing the code for you, that's as "user-level" as it gets. :)
除了实际为您编写代码之外,这就是“用户级别”。:)
A word of caution: do not use this approach to coding for actual production-level code; learning about a programming language this way is fine, but there are a lot more things to consider before you put this stuff out in the wild.
警告:不要使用这种方法来编码实际的生产级代码;以这种方式学习一门编程语言很好,但是在你把这些东西放到野外之前还有很多事情需要考虑。
