我的注册页面和登录表单工作正常。 如果任何成员注册然后登录,用户来到member.php页面。 会员页面有他们的个人资料信息,仅供会员使用。 现在我想创建一个管理员登录,管理员将重定向到admin.php页面。 此页面包含以下所有信息:关于有多少用户注册(已完成)所有其他管理任务(已完成)
我已经完成了我的管理页面,但我不知道如何授权管理员登录和密码,如果我使用它然后它将带我到管理区域。
这是我的登录表单代码
<form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="700" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>User id (Email-id)</b></td> <td width="188"><input name="user_email" type="text" class="textfield" id="login" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form> </body> </html>login-exec.php的代码
<?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server //Select database ----something---- //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $user_email = clean($_POST['user_email']); $pwd = clean($_POST['password']); //Input Validations if($user_email == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($pwd == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM customer WHERE user_email='$user_email' AND password='$pwd' "; if ($user_email= ) $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $customer = mysql_fetch_assoc($result); $_SESSION['SESS_id'] = $customer['id']; $_SESSION['SESS_fname'] = $customer['first_name']; $_SESSION['SESS_lname'] = $customer['last_name']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?>My registration page and login form is working fine. If any member register and then login, user come to member.php page. member page has their profile information which is only for members. Now i want to create an admin login in which admin will redirect to admin.php page. This page has all information like: about how many user register (done) all other admin task(done)
I have done my admin pages but i dont know how to authorise admin login and password, if i use those then it will take me to admin area.
Here is my code of login form
<form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="700" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>User id (Email-id)</b></td> <td width="188"><input name="user_email" type="text" class="textfield" id="login" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form> </body> </html>code for login-exec.php
<?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server //Select database ----something---- //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $user_email = clean($_POST['user_email']); $pwd = clean($_POST['password']); //Input Validations if($user_email == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($pwd == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM customer WHERE user_email='$user_email' AND password='$pwd' "; if ($user_email= ) $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $customer = mysql_fetch_assoc($result); $_SESSION['SESS_id'] = $customer['id']; $_SESSION['SESS_fname'] = $customer['first_name']; $_SESSION['SESS_lname'] = $customer['last_name']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?>最满意答案
您可以在数据库中为所有成员添加一个额外字段,包括admin以设置用户权限以存储用户权限。 如果该字段是admin,则可以为该用户设置管理区域(如果该成员是成员),而不是成员区域。
You can have an extra field in your database for all members including admin to set user permission to store user permissions. If that field is admin you can have admin area for that user else if it is member than you can go for member area.
更多推荐
发布评论