duanmian1085
2019-04-24 01:51 阅读 90
已采纳

如何创建一个仅接受两个PHP会话的登录系统?

How can I make a login system that excepts only two people with sessions in PHP?

I want to make a login system that only two users could log into. I really don't want to use databases for my own reasons.The real problem is that there are multiple logins on the website and if you login with another account on another part of the website and go here into the "Admin panel" the admin panel will open and let any user create new users with admin access.

My code:

index.php

<?php
session_start(); 

define('DS',  TRUE);
define('USERNAME', $_SESSION['username']);
define('SELF',  $_SERVER['PHP_SELF'] );

$userx = $_SESSION['username'];

if (!USERNAME or isset($_GET['logout']))
 include('login/login.php');
?>
<!DOCTYPE html>
<html>
  <head>
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>ADMIN PANEL</title>
        <meta name="author" content="INTmAker" />
        <meta name="author" content="Leonx">
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
  </head>
  <body>
      You are logged in as <?php echo($userx); ?>&nbsp|&nbsp<a href="?logout=1">Logout</a>
        <br>
        <?php
          if($userx != "Leonx" || $userx != "INT"){
             echo 'You are not an Admin.';
             return false;
          } else {
              echo '        <div>
                <input type="text" id="username" name="username" placeholder="Username" value=""/>
                <input type="password" id="password" name="password" placeholder="Password" value=""/>
                <input type="submit" id="postform" onclick="post()" value="Submit">
                </div>
                &nbsp;&nbsp;&nbsp;&nbsp;
                <input type="checkbox" onclick="admin()">Admin access?
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                &nbsp;&nbsp;&nbsp;
                <input type="checkbox" onclick="password()">Pokaži lozinku';
          }
        ?>

        <script>
            function post() {
                var username = $('#username').val();
                var password = $('#password').val();

                $.post('multipass.php', {postuser:username, postpass:password},
                  function(data)
                  { 
                           alert("Uspjesno dodan korisnik!");
                  });
            }
            function post2() {
                var username = $('#username').val();
                var password = $('#password').val();

                $.post('adminpass.php', {postuser:username, postpass:password},
                  function(data)
                  { 
                            alert("Uspjesno dodan admin!");
                  });
            }           
        function password() {
            var x = document.getElementById("password");
        if (x.type === "password") {
            x.type = "text";
        } else {
            x.type = "password";
        }
      }
      function admin(){
          document.getElementById('postform').setAttribute('onclick','post2()');
      }
</script>
  </body>
</html>

login.php

<?php defined('DS') OR die('No direct access allowed.');

include('users.php');

if(isset($_GET['logout'])) {
    $_SESSION['username'] = '';
    header('Location:  ' . $_SERVER['PHP_SELF']);
}

if(isset($_POST['username'])) {
    if($users[$_POST['username']] !== NULL && $users[$_POST['username']] == $_POST['password']) {
  $_SESSION['username'] = $_POST['username'];
  header('Location:  ' . $_SERVER['PHP_SELF']);
    }else {
        //invalid login
  echo "<p>Korisničko ime ili lozinka su krivi!</p>";
    }
}

echo '<!DOCTYPE html>
<html>
<head>
  <title>EDITOR LOGIN</title>
  <link rel="stylesheet" type="text/css" href="login/style.css">
</head>
<body>
  <div class="header">
    <h2>Admin</h2>
  </div>

  <form method="post" action="'.SELF.'">
    <div class="input-group">
            <label for="username">Korisničko ime</label> <input type="text" id="username" name="username" value=""/>
    </div>
    <div class="input-group">
            <label for="password">Lozinka</label> <input type="password" id="password" name="password" value="" />
    </div>
            <input type="submit" class="btn" name="submit" value="Login" class="button"/>
  </form>
</body>
</html>';
exit; 
?>

My expectation: If the logged in user's name is not Leonx or INT then I would like the user to just get a message saying "You are not an Admin." and If the username is Leonx or INT then I would want to have the input fields of the from be displayed.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dslkchyv673627 dslkchyv673627 2019-04-24 03:15

    if you need only Leonx or INT. change your filter like this

    if($userx != "Leonx" AND $userx != "INT")
    

    you just need to replace your || with AND

    点赞 评论 复制链接分享

相关推荐