1、判断是否登录(check_login.php)
所有后台操作都要加上,用于权限控制
<?php header("Content-type: text/html; charset=utf-8"); session_start(); if($_SESSION['username']==""){ echo "<script>alert('请先登录!');window.location.href='index.php';</script>"; exit(); } ?>
2、用户登录并保持会话
2.1、登录表单(包含判断登录状态功能)
<formname="form"method="post"action="checkuser.php">
<!--
<?php if(!isset($_SESSION['username'])){//判断是否登录
?>
--> 用户名:<inputname=usersize="10"><br/> //没登录则显示输入用户名密码登录
密码:<inputname=pwdtype=password>
<inputtype='submit'value='登录'name='submit' />
<inputtype='reset'value='重置'name='reset' />
<!--
<?php }else{ //如果已登录则显示提示语
echo '欢迎您的光临!'; } ?>
-->
</form>
2.2、登录表单处理(checkuser.php)
<?php session_start(); include "inc/conn.php"; $username=$_POST[user]; $password=$_POST[pwd]; $sql=mysql_query("select * from user where username='".$username."' and password='".$password."'"); if ($result = mysql_fetch_array($sql)){ $_SESSION[username]=$username; //其他页面通过判断是否设置$_SESSION[username]来判断登录状态
?>
<scriptlanguage="javascript"> alert("登录成功");window.location.href="file.php"; </script>
<?php }else{ ?>
<scriptlanguage="javascript"> alert("对不起,您输入的用户名或密码不正确,请重新输入!");window.location.href="index.php"; </script>
<?php } ?>
3、安全退出:
<?php session_start();//启动会话
session_unset();//删除会话
session_destroy();//结束会话
header("location: index.php"); ?>