How can I make a login system that accepts only two people with sessions in PHP?
Question
How can I make a login system that excepts only two people with sessions in PHP?
I want to make a login system that only two users could log into. I really don't want to use databases for my own reasons.The real problem is that there are multiple logins on the website and if you login with another account on another part of the website and go here into the "Admin panel" the admin panel will open and let any user create new users with admin access.
My code:
<?php
session_start();
define('DS', TRUE);
define('USERNAME', $_SESSION['username']);
define('SELF', $_SERVER['PHP_SELF'] );
$userx = $_SESSION['username'];
if (!USERNAME or isset($_GET['logout']))
include('login/login.php');
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>ADMIN PANEL</title>
<meta name="author" content="INTmAker" />
<meta name="author" content="Leonx">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
</head>
<body>
You are logged in as <?php echo($userx); ?> | <a href="?logout=1">Logout</a>
<br>
<?php
if($userx != "Leonx" || $userx != "INT"){
echo 'You are not an Admin.';
return false;
} else {
echo ' <div>
<input type="text" id="username" name="username" placeholder="Username" value=""/>
<input type="password" id="password" name="password" placeholder="Password" value=""/>
<input type="submit" id="postform" onclick="post()" value="Submit">
</div>
<input type="checkbox" onclick="admin()">Admin access?
<input type="checkbox" onclick="password()">Pokaži lozinku';
}
?>
<script>
function post() {
var username = $('#username').val();
var password = $('#password').val();
$.post('multipass.php', {postuser:username, postpass:password},
function(data)
{
alert("Uspjesno dodan korisnik!");
});
}
function post2() {
var username = $('#username').val();
var password = $('#password').val();
$.post('adminpass.php', {postuser:username, postpass:password},
function(data)
{
alert("Uspjesno dodan admin!");
});
}
function password() {
var x = document.getElementById("password");
if (x.type === "password") {
x.type = "text";
} else {
x.type = "password";
}
}
function admin(){
document.getElementById('postform').setAttribute('onclick','post2()');
}
</script>
</body>
</html>
<?php defined('DS') OR die('No direct access allowed.');
include('users.php');
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
if($users[$_POST['username']] !== NULL && $users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
header('Location: ' . $_SERVER['PHP_SELF']);
}else {
//invalid login
echo "<p>Korisničko ime ili lozinka su krivi!</p>";
}
}
echo '<!DOCTYPE html>
<html>
<head>
<title>EDITOR LOGIN</title>
<link rel="stylesheet" type="text/css" href="login/style.css">
</head>
<body>
<div class="header">
<h2>Admin</h2>
</div>
<form method="post" action="'.SELF.'">
<div class="input-group">
<label for="username">Korisničko ime</label> <input type="text" id="username" name="username" value=""/>
</div>
<div class="input-group">
<label for="password">Lozinka</label> <input type="password" id="password" name="password" value="" />
</div>
<input type="submit" class="btn" name="submit" value="Login" class="button"/>
</form>
</body>
</html>';
exit;
?>
: If the logged in user's name is not Leonx or INT then I would like the user to just get a message saying "You are not an Admin." :如果登录用户的名字不是Leonx或INT,那么我希望用户只收到一条消息“你不是管理员”。 and If the username is Leonx or INT then I would want to have the input fields of the from be displayed.
1 answers
solution1
0 ACCPTED 2019-04-24 03:15:11
if you need only Leonx or INT. change your filter like this
if($userx != "Leonx" AND $userx != "INT")
you just need to replace your || with AND
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.