以下是我的管理员登录页面的工作原理:
1.对于有效登录: 的login.php> admin.php的> adminpanel.php 2.对于无效登录: 的login.php> admin.php的> login.php中
事实: 1. db已连接 2. db字段是“userid”“username”“password” 3.密码已加密
问题是: 登录页面将我重定向到admin.php页面,没有显示错误。
//login.php
<form action = "admin.php" role="form" method="post">
<div class="form-group input-group">
<span class="input-group-addon">Name</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Name">
</div>
<div class="form-group input-group">
<span class="input-group-addon">Password</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Password">
</div>
<?php
if (isset($_GET['error'])){
echo "Hay Dude!!! Are You Lost? call 911!!";
}?>
<button type="submit" class="btn btn-lg btn-primary">login</button>
</form>
//admin.php
<?php
include ("dbconnect.php");
session_start();
if (isset($_POST['logout'])){
unset($_session['admin']);
}
if (isset($_POST['login'])){
$login_sqli= "SELECT * FROM user WHERE Name ='".$_POST['username']."'AND Password='".sha1($_POST['password'])."'";
$login_query = mysqli_query($dbconnect,$login_sqli);
if (mysqli_num_rows($login_query)>0){
$login_rs= mysqli_fetch_assoc($login_query);
$_session['admin']=$login_rs['username'];
}else
header ("location:admin.php?error=login");
}
<body>
<div class="col-lg-12 text-center">
<div class="jumbotron">
<h1>Hay Dude! You Lost?? Try Again or Call 911!!</h1>
<?php
if (!isset($_session['admin'])){
include ("login.php");
}else{
include ("adminpanel.php");
}
?>
</div>
</div>
</body>