The database table admin was created earlier. Here we need to add a test data of user name and password.

<?php
$SQL = "INSERT INTO `admin` (`username`, `password`) VALUES('admin', '123456')";
?>

Judge the user name, password and verification code respectively.

Then query it through SQL statement database information matches.

If the login information entered does not match the login information we added to the database, administrator login will not be possible.

Here the data is obtained through POST.

<?php
if($_POST["Submit"])
{
   $username=$_POST["username"];
   $pwd=$_POST["pwd"];
   $code=$_POST["code"];
   if($code<>$_SESSION["auth"])
   {
      echo "<script language=javascript>alert('驗證碼不正確！');window.location='login.php'</script>";
      ?>
      <?php
      die();
   }
   $SQL ="SELECT * FROM admin where username='$username' and password='$pwd'";
   $rs=mysqli_query($link,$sql);
   if(mysqli_num_rows($rs)==1)
   {
      $_SESSION["pwd"]=$_POST["pwd"];
      $_SESSION["admin"]=session_id();
      echo "<script language=javascript>alert('登陸成功！');window.location='admin_index.php'</script>";
   }
   else
   {
      echo "<script language=javascript>alert('用戶名或密碼錯誤！');window.location='login.php'</script>";
      ?>
      <?php
      die();
   }
}
?>

session variables are used to store information about the user session (session), or to change the settings of the user session (session).

The correct way to store and retrieve session variables is to use the PHP $_SESSION variable to match the entered login information with the information stored in the session. If the match is successful, the login is completed.