我有一个“登录”页面。当人们使用数据库中正确的用户名和密码组合登录时,他们将被定向到另一个页面('input.html')。当组合错误时,他们会得到一个错误。
无需登录,我只需更改网址的名称(从“login.php”到“input.html”)并访问该页面。我只希望管理员和用户访问该页面,而不仅仅是没有帐户的“访问者”。
我的“login.php”代码。
<?php
session_start();
$host = "localhost";
$user = "332547";
$pass = "cvEsbduv";
$db = "332547db";
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if (!empty($_POST)) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM inloggen2 WHERE username='".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql);
if(mysql_num_rows($res) == 1) {
header('location: input.html');
exit ();
}else {
echo "Niet goed ingelogd. Keer alstubliefd terug naar de vorige pagina.";
header('location: foumelding.php');
exit();
}
}
?>
<html>
<head>
<title>Inloggen</title>
</head>
<body>
<table border="1">
<tr>
<td align="center">Inlogggen</td>
</tr>
<tr>
<td>
<table>
<form method="post" action="login.php">
Gebruikersnaam: <input type="text" name="username" required/> <br /><br />
Wachtwoord: <input type="password" name="password" required/> <br /><br />
<input type="submit" name="submit" value="Log in" />
</form>
</table>
</td>
</tr>
</table>
</body>
</html>