Home > Article > Backend Development > How to implement administrator and user login to different pages in PHP website
How to implement administrator and user login to different pages in PHP website
- PHPzOriginal
- 2023-04-21 09:11:511810browse
In many websites, the pages that administrators and ordinary users can access after logging in are often different. Especially for websites that need to protect privacy and confidentiality, using different page design solutions can improve the reliability and security of the system. In this article, we will explore how to implement different login pages for administrators and users in a PHP website.
1. Take session as an example
The session in PHP is designed to solve the problem of user login status. Because HTTP is a stateless protocol, each request requires reconnection and verification. Certification Information. The session mechanism can solve this problem by saving user status on the server side, maintaining session status and passing session data between the client and server.
1.1 Login page
First of all, we can design different login pages for administrators and users. Taking the administrator login page as an example, we can add an identifier to the page source code to indicate that the page is the administrator login page. For example:
<!DOCTYPE html> <html lang="zh-CN"> <head> <meta charset="UTF-8"> <title>管理员登录页面</title> </head> <body> <h1>管理员登录</h1> <form action="login.php" method="post"> <input type="hidden" name="type" value="admin"> <label>用户名:</label><input type="text" name="username"><br> <label>密码:</label><input type="password" name="password"><br> <input type="submit" value="登录"> </form> </body> </html>
In this page, we pass a type value through a hidden element to indicate that the current login page is the administrator login page. This type value can be used in the login handler on the backend.
1.2 Login processing
In PHP, we can use the $_SESSION array to store session data. In the login handler, we can determine the user login category based on the type value, and after successful login, store the user information in $_SESSION for subsequent page use.
For example:
<?php
session_start();
if ($_POST['type'] == 'admin') {
//处理管理员登录
$username = $_POST['username'];
$password = $_POST['password'];
if ($username == 'admin' && $password == '123456') {
//登录成功
$_SESSION['admin'] = $username;
header('Location:admin.php');
} else {
//登录失败
header('Location:admin_login.php');
}
} else {
//处理普通用户登录
$username = $_POST['username'];
$password = $_POST['password'];
if ($username == 'user' && $password == '123456') {
//登录成功
$_SESSION['user'] = $username;
header('Location:user.php');
} else {
//登录失败
header('Location:user_login.php');
}
}
?>
In this login handler, we obtain the type value passed by the front end through the $_POST array to determine which category of user the current login belongs to. If it belongs to the administrator, the user information of the successful login is stored in $_SESSION['admin'] and jumps to the administrator page. If it is an ordinary user, the user information that successfully logged in is stored in $_SESSION['user'] and jumps to the user page. If login fails, jump back to the corresponding login page.
1.3 Page permission control
When the pages that administrators and ordinary users can access after logging in are different, we need to perform permission control on subsequent pages. In PHP, we can determine the category of the current user by judging the value in the $_SESSION array, thereby controlling the pages that the user can access.
For example, in the administrator page, we can implement permission control like this:
<?php
session_start();
if ($_SESSION['admin'] != 'admin') {
header('Location:admin_login.php');
exit();
}
?>
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<title>管理员页面</title>
</head>
<body>
<h1>管理员页面</h1>
<p>欢迎 <?php echo $_SESSION['admin']; ?> 登录</p>
<a href="logout.php?type=admin">退出登录</a>
</body>
</html>
In this page, we first determine whether the value of $_SESSION['admin'] is 'admin' , if not, jump to the administrator login page. If so, you can display the content of the administrator page, display the login user name on the page, and provide a link to log out.
Permission control of other pages can also be implemented in a similar way.
2. Take cookies as an example
In addition to sessions, we can also use cookies to control the permissions of administrators and users logging into different pages. In PHP, we can use the setcookie() function to set cookie values. In the login handler, we can set different cookie values according to different user categories. In subsequent pages, we can also control the pages that users can access based on the cookie value.
2.1 Login processing
Taking setting administrator and ordinary user cookies as an example, we can add the following code in the login handler:
<?php
if ($_POST['type'] == 'admin') {
//处理管理员登录
$username = $_POST['username'];
$password = $_POST['password'];
if ($username == 'admin' && $password == '123456') {
//登录成功
setcookie('loginType', 'admin', time()+3600);
header('Location:admin.php');
} else {
//登录失败
header('Location:admin_login.php');
}
} else {
//处理普通用户登录
$username = $_POST['username'];
$password = $_POST['password'];
if ($username == 'user' && $password == '123456') {
//登录成功
setcookie('loginType', 'user', time()+3600);
header('Location:user.php');
} else {
//登录失败
header('Location:user_login.php');
}
}
?>
In this code, We use the setcookie() function to set a cookie named loginType, and set different cookie values for administrators and ordinary users. This cookie will be saved to the local client after the user successfully logs in for use on subsequent pages.
2.2 Page permission control
When accessing the page, we can determine the category of the current user by judging the value of the cookie and perform permission control. In PHP, we can obtain the cookie value saved by the client through the $_COOKIE array to achieve permission control.
For example, in the administrator page, we can implement permission control like this:
<?php
if ($_COOKIE['loginType'] != 'admin') {
header('Location:admin_login.php');
exit();
}
?>
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<title>管理员页面</title>
</head>
<body>
<h1>管理员页面</h1>
<p>欢迎 <?php echo $_COOKIE['loginType']; ?> 登录</p>
<a href="logout.php?type=admin">退出登录</a>
</body>
</html>
In this page, we determine whether the value of $_COOKIE['loginType'] is 'admin' to determine the category of the current user. If not, jump back to the administrator login page. If so, you can display the content of the administrator page, display the login user name on the page, and provide a link to log out.
Permission control of other pages can also be implemented in a similar way.
Summary
Through the above examples, we can find that in the PHP website, to implement administrator and user login to different pages, session or cookie can be used to store user status, and the user status can be determined by judging the user status. Control the pages users can access. Using different methods allows us to choose for different application scenarios. No matter which method is used, attention needs to be paid to ensuring the security and reliability of the information. At the same time, when implementing permission control, we also need to consider the scalability and maintainability of the application. A good permission control scheme can improve the security and stability of the system and provide better services to users.
The above is the detailed content of How to implement administrator and user login to different pages in PHP website. For more information, please follow other related articles on the PHP Chinese website!