您好我正在核心PHP中创建一个管理面板而无需登录管理面板我可以看到管理面板中的菜单。任何人都可以帮我解决这个问题。 这是我的代码。
Blogs.php
<?php
$connection = mysql_connect("localhost", "root", "") or die(mysql_error());
$db = mysql_select_db("accountant", $connection);
$name=$_FILES["image"]["tmp_name"];
$type=$_FILES["myfile"]["type"];
$size=$_FILES["myfile"]["size"];
$temp=$_FILES["myfile"]["tmp_name"];
$error=$_FILES["myfile"]["error"];
if($error>0)
die("error while uploading");
else
{
if($type == "image/png" || $type == "image/jpeg" ||$type == "image/jpg" || $type == "image/svg" || $size >2000000)
{
move_uploaded_file($temp,"upload/".$name);
echo "upload complete";
}
else
{
die("Format not allowed or file size too big!");
}
}
blog.php(这是我的观点)
<?php
session_start();
if(!$_SESSION['logged_in']){
session_destroy();
header("Location: login.php");
}
?>
<form method="POST" action="blogs.php" enctype="multipart/form-data">
<div>
<label for="image">IMAGE</label>
<input type="file" name="image">
</div>
</form>
的login.php
<?php
session_start()
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form</title>
<link href="style.css" type="text/css" rel="stylesheet">
</head>
<body>
<form method="post" action="login_model.php">
<div class="table">
<div class="message">
<?php
if(isset($_SESSION["message"]))
{
echo"Registration Successful";
unset($_SESSION["message"]);
}
if(isset($_SESSION["messagefail"]))
{
echo"You entered wrong cradentials...Try Again here";
unset($_SESSION["messagefail"]);
}
if (isset($_SESSION['logout'])) {
echo "Logout Successful";
session_destroy();
}
?>
</div>
<h1 align="center"> ADMIN Login Page </h1>
<table align="center" border="1">
<tr>
<td> User Name : <input type="text" name="admin_email" id="admin_email" ></td>
</tr>
<tr>
<td> Password : <input name="admin_password" type="password" id="admin_password" ></td>
</tr>
<tr>
<td><input type="submit" name="submit1" value="Submit"/>
</tr>
</table>
</div>
</form>
login_model.php
<?php
$connection = mysql_connect("localhost", "root", "") or die(mysql_error());
$db = mysql_select_db("accountant", $connection);
$name = $_POST["admin_email"];
$password = $_POST["admin_password"];
if(isset($_POST['submit1'])){
$query = "SELECT * FROM admin_login where admin_email= '$name' AND admin_password= '$password' ";
$result = mysql_query($query);
$rows=mysql_num_rows($result);
if($rows>0){
session_start();
header("Location:blog.php");
}
else
{
echo "Invalid Username or Password";
}
}
?>
如果我提供直接的URL,我可以查看该页面,无需登录管理面板。首先我应该登录管理面板,我才能访问此部分。任何人都可以帮助我。提前谢谢。
答案 0 :(得分:1)
你可以这样做: 在每个页面上在代码的开头,您必须检查会话。 会话将仅通过成功登录设置。 如果未找到会话,则将其重定向到LOGIN页面。 示例代码在blog.php上
<?php
If(!isset($_SESSION['YOUR_SESSION_Variable']))
{
header('Location: login.php');
}?>
假设您的登录文件是&#34; login.php&#34;在同一个地方。
答案 1 :(得分:1)
<?php
$connection = mysql_connect("localhost", "root", "") or die(mysql_error());
$db = mysql_select_db("accountant", $connection);
$name = $_POST["admin_email"];
$password = $_POST["admin_password"];
if(isset($_POST['submit1'])){
$query = "SELECT * FROM admin_login where admin_email= '$name' AND admin_password= '$password' ";
$result = mysql_query($query);
$rows=mysql_num_rows($result);
//Change this condition also like :
if($rows==1){
session_start();
// Set Your Session Variable Here like following:
$_SESSION['userId'] = "Your User Id From The Query";
header("Location:blog.php");
}
else
{
echo "Invalid Username or Password";
}
}
?>