<?php
// 表单提交后...
$posts = $_POST;
// 清除一些空白符号
foreach ($posts as $key => $value) {
$posts[$key] = trim($value);
}
$password = md5($posts["password"]);
$username = $posts["username"];
$query = "SELECT `username` FROM `user` WHERE `password` = '$password' AND `username` = '$username'";
// 取得查询结果
$userInfo = $DB->getRow($query);
if (!empty($userInfo)) {
// 当验证通过后,启动 Se
index.html
> 验证 session里的`admin`是否为 `true`
<?php
// 防止全局变量造成安全隐患
$admin = false;
// 启动会话,这步必不可少
session_start();
// 判断是否登陆
if (isset($_SESSION["admin"]) && $_SESSION["admin"] === true) {
echo "您已经成功登陆";
} else {
// 验证失败,将 $_SESSION["admin"] 置为 false
$_SESSION["admin"] = false;
die("您无权访问");
}
?>