Note two: logincheck.php

Then on the previous note, when the landing page is processed, we need to do the following:

First, the value entered on the Login page to receive

Second, connect the database

Third, write the SQL statement, and Judge the SQL statement execution situation, if successful let him have permission and jump to the management page, unsuccessful to return to re-fill;

First, we should write php syntax format, just like html <HTML></HTML> like, we're going to write the php <?php ...?

Then, we are here in the login management system, need a clearance certificate, as you go to school need school card, at the beginning of PHP, should make a school card, and then determine whether this value is not our school students, if this student is our school, Then give him a school card, so that he can see the management page, here to use the session , you can query more, open the session of the sentence is:session _start;

<?php

session_start;// Note is lowercase.

?>

The first step, receive the value,PHP does not like C language need to define the variable, here can directly use the variable:

$uid =$_post["name"];

$pwd =$_post["PW"];//it is best to encrypt the password MD5 and then save it to the database.

$PWD = MD5 ($PWD);

PS: Here you need to explain, in the Login page,the value of theform is post, so the receiving method here should also be post, but be sure to note that the format of the $_post[is the name of the value you want to receive in the quotation marks.

The second step: connect the database, in PHP , there are several ways to connect the database, we first introduce the mysqli method (before using mysqli , you need to PHP configuration below to enable this mode).

$db = new Mysqli (" IPof the database", "Database Account", "Database Password", "table name");

The third step: Write the SQL statement, and determine the SQL statement execution, if successful let him have permissions and jump to the management page, unsuccessful return to fill. Here we are logged in the system, that is, these account passwords should be in our database, then we have to put the value of his input into the database to verify whether there are these values.

$sql = "SELECT * from table name where uid = ' $uid ' and pwd = ' $pwd '";

$rs = Query ($sql) $db,// execute the SQL statement and pass the result to $rs

All you know about SQL is that you're querying the uid field in a table $uid and the pwd field. The result of the $pwd.

But if you use this kind of statement, security can not be discussed directly, a simple SQL injection can be logged in.

So here we need a bit more complex syntax to judge these values: First query This table, there is no uid for $uid value, if there is, then verify the password, the password is correct to complete the landing; if not, just say the account password is wrong , and return to the login page, below to implement:

$sql = "SELECT * from table name where uid = ' $uid '";

$rs = Query ($sql), $db

$rows _count = mysqli_num_rows ($RS);// This is said to read a few data.

if ($rows _count >= 1) {// if the resulting data >=1 Bar executes the following statement

$row = $rs Fetch_array ();//The resulting data is stored as an array in the $row

if ($row) {// if the store succeeds, execute the following statement

if ($row ["pwd"]== $pwd {// if the pwd value in the data is the same as the $uid , execute the following statement

$_session["admin"] = $uid;// This is the issuance of the pass to the $uid;

Echo "<script>alert (' login successful '); window.location.href= ' admin.php ';</script>";

exit;// must remember to quit, or will execute the following account, password Error statement!

}

}

}

Echo "<script>alert (' Your account or password is wrong! History.back ();</script> ";// If you do not read the data, play it directly.

Exit;

This is where the notes on the page are processed.

Actual development of the complete code:

<meta charset= "Utf-8" >
<?php
Require "dbcoon.php";//Stop execution when encountering an error
Include "dbcoon.php";//Continue execution when encountering an error
Receiving user information

Session_Start ();
$yh =$_post["UID"];
$MM =$_post["pwd"];
if (Empty ($YH) | | Empty ($MM))
{
echo "<script>alert (' Please enter your account number and password! '); History.back ();</script> ";
Exit
}
$MM = MD5 ($MM);//MD5 encryption
Assemble SQL statements, note: There are security implications here
$sql = "SELECT * from UserInfo where uid= ' $yh ';";
Determine the SQL statement, determine whether the user is legal (if valid, log the login information after the jump; otherwise return re-enter)
$rs = Query ($sql), $db

Read a few data
$rows _count = mysqli_num_rows ($RS);
if ($rows _count >= 1)
{
Verify the password
$row = $rs-Fetch_array ();
if ($row)
{
if ($row ["pwd"] = = $mm)
{
$_session["Blog_manager"]= $yh;
Header ("location:adminpage/adminindex.php");
Exit
}
}
}

echo "<script>alert (' account password wrong, please re-enter '); History.back ();</script>";

$rs->free ();
$db->close ();
?>