PHP develops simple book background management system administrator login function

The database table admin was created earlier. Here we need to add a test data of user name and password.

<?php
$SQL = "INSERT INTO `admin` (`username`, `password`) VALUES('admin', '123456')";
?>

Judge the user name, password and verification code respectively.

Then query it through SQL statement database information matches.

If the login information entered does not match the login information we added to the database, administrator login will not be possible.

Here the data is obtained through POST.

<?php
if($_POST["Submit"])
{
   $username=$_POST["username"];
   $pwd=$_POST["pwd"];
   $code=$_POST["code"];
   if($code<>$_SESSION["auth"])
   {
      echo "<script language=javascript>alert('验证码不正确！');window.location='login.php'</script>";
      ?>
      <?php
      die();
   }
   $SQL ="SELECT * FROM admin where username='$username' and password='$pwd'";
   $rs=mysqli_query($link,$sql);
   if(mysqli_num_rows($rs)==1)
   {
      $_SESSION["pwd"]=$_POST["pwd"];
      $_SESSION["admin"]=session_id();
      echo "<script language=javascript>alert('登陆成功！');window.location='admin_index.php'</script>";
   }
   else
   {
      echo "<script language=javascript>alert('用户名或密码错误！');window.location='login.php'</script>";
      ?>
      <?php
      die();
   }
}
?>

session variables are used to store information about the user session (session), or to change the settings of the user session (session).

The correct way to store and retrieve session variables is to use the PHP $_SESSION variable to match the entered login information with the information stored in the session. If the match is successful, the login is completed.