Hi guys can someone helps me out. I have created this login system below and i need to check if the user is logged in before access the admin area "cpanel.php".
authorize.php
<?php
try {
$dbh = new PDO("mysql:host=localhost;dbname=vbl", "root", "");
} catch (PDOException $e) {
echo $e->getMessage();
exit();
}
$query = "SELECT * FROM `users` WHERE LOWER(`username`) = :username";
$stmt = $dbh->prepare($query);
$stmt->bindValue(':username', strtolower($_POST['username']));
$stmt->execute();
if ($stmt->rowCount() == 1) {
$row = $stmt->fetch(PDO::FETCH_ASSOC);
require('blowfish.class.php');
$bcrypt = new Bcrypt(4);
if ($bcrypt->verify($_POST['password'], $row['password'])) {
header("location: cpanel.php");
} else {
header("location: login.php");
}
}
?>
BTW is it a okay way to make a login?
Follow these steps
Sept 1 : Set session about your login user details
session_start();
$_SESSION['user_name']=$username;
$_SESSION['user_role']=$role;
Step 2 : Access the session in any page
session_start();
if(isset($_SESSION['user_name']))
{
//user logged in
//do whatever you want
}
else
{
//user did not logged in
}
Step 3: Destroy your user session at log out page
session_start();
session_destroy();
Once you create session in the login page you can use the session at any page in your application.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.