-3

这是我的登录表单(admin_login.php),带有用户名和密码输入,然后当我点击提交时应该运行 login.php 脚本。

admin_login.php
//the login form

<?php 

$dbhost = 'xxxxxx';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';

$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db('xxxxxx');

?>

<html>

<head>
<link rel="stylesheet" type="text/css" href="css/master.css">
</head>

<body>

<form method="post" action="login.php">

User:<input name="username" type="text">
Pass:<input name="password" type="password">

<input name="submit" type="submit" value="Submit">

</form>

</body>

</html>

下面的代码应该从之前的文件 admin_login.php 中获取用户名和密码值,如果用户名和密码与存储在我的数据库中的用户名和密码相同,则允许用户进入 admin_control_panel.php。否则返回登录。

login.php
//the action script

<?php

$dbhost = 'xxxxxx';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';

$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db('xxxxxx', $con);

$query = "SELECT username FROM users ".
         "WHERE username=\"$username\" ".
         "AND password = \"$password\"";

$result = mysql_query($query, $con);         

if (mysql_num_rows($result) == 0)
    header("Location: admin_login.php");
else    
    header("Location: admin_control_panel.php");
?>

如果一切顺利,我应该有一个管理控制面板,我应该能够像普通页面一样使用它,但只有我可以访问它。

admin_control_panel.php
//where I will be able to access the admin panel, only I should be authorized.

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Control Panel</title>
</head>

<body>
<p>You are in the admin control panel</p>
</body>

</html>
`

先感谢您。

4

2 回答 2

2

你没有得到$_POST结果。尝试:

$query = "SELECT username FROM users ".
         "WHERE username='".$_POST[username]."' ".
         "AND password = '".$_POST[password]."'";

此外,这只是一个指导方针。您对 sql 注入持开放态度,您应该考虑使用PDO

您可能还mysql_data_seek($result, 0);需要$result = mysql_query($query, $con);

您需要将内部结果指针移动到以 . 开头的位置mysql_data_seek

于 2013-02-09T13:52:42.287 回答
0

$username = $_POST['username'] 和密码相同。

于 2013-02-09T13:52:30.650 回答