Selamat datang di tutorial cara membuat admin panel PHP sederhana. Karena Anda membaca ini, saya akan berasumsi bahwa Anda tertarik untuk "meningkatkan" proyek Anda yang sudah ada dan ingin membangun komponen administratif untuk itu. Jadi di sini saya berbagi sendiri – Semua dilakukan dalam HTML murni, CSS, Javascript, dan PHP. Tidak ada kerangka kerja pihak ketiga. Baca terus
ⓘ Saya telah menyertakan file zip dengan semua kode sumber di awal tutorial ini, jadi Anda tidak perlu menyalin-tempel semuanya… Atau jika Anda hanya ingin langsung masuk
DAFTAR ISI
UNDUH & CATATAN
Pertama, ini link download source codenya seperti yang dijanjikan
CATATAN CEPAT
- Buat database dan impor 1-users.sql
- Buka 2-lib-admin.php, ubah pengaturan basis data menjadi milik Anda
- Akses 3a-login.php. Pengguna default adalah john@doe. com , dan kata sandinya adalah 123456 .
SCREENSHOT
Baiklah, sekarang mari kita masuk ke detail cara membuat admin panel sederhana dengan PHP dan MySQL
BAGIAN 1) DATABASE PENGGUNA
1-pengguna. sql
Pertama, mari kita mulai dengan berurusan dengan yang sudah jelas – Database untuk menampung pengguna admin
- user_id Kunci primer dan peningkatan otomatis
- <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();0 Email pengguna, unik untuk mencegah duplikasi
- <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();_1 Nama pengguna
- <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();2 Kata sandi pengguna
BAGIAN 2) PERPUSTAKAAN ADMIN PHP
2-lib-admin. php
<?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();_Pustaka inti dan database PHP ini hadir untuk membantu Anda berkembang sedikit lebih cepat. Ini mungkin terlihat membingungkan pada awalnya, tetapi tetap tenang dan perhatikan baik-baik
- (A, B, H) Ketika <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();3 dibuat, konstruktor akan terhubung ke database. Destruktor menutup koneksi
- (C) <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();_4 Fungsi pembantu untuk mengeksekusi kueri SQL
- (D ke F) Fungsi admin yang sebenarnya
- <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();5 Dapatkan pengguna melalui ID atau email
- <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();6 Tambahkan atau perbarui pengguna
- <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();_7 Verifikasi email dan kata sandi yang diberikan. Daftarkan pengguna ke <?php class Admin { // (A) CONSTRUCTOR - CONNECT TO DATABASE private $pdo = null; private $stmt = null; public $error = ""; function __construct () { $this->pdo = new PDO( "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET, DB_USER, DB_PASSWORD, [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); } // (B) DESTRUCTOR - CLOSE CONNECTION function __destruct () { if ($this->stmt !== null) { $this->stmt = null; } if ($this->pdo !== null) { $this->pdo = null; } } // (C) HELPER FUNCTION - RUN SQL QUERY function query ($sql, $data=null) { $this->stmt = $this->pdo->prepare($sql); $this->stmt->execute($data); } // (D) GET USER BY ID OR EMAIL function get ($id) { $this->query(sprintf("SELECT * FROM `users` WHERE `%s`=?", is_numeric($id) ? "user_id" : "user_email" ), [$id]); return $this->stmt->fetch(); } // (E) SAVE USER function save ($name, $email, $password, $id=null) { // (E1) SQL & DATA $sql = $id==null ? "INSERT INTO `users` (`user_name`, `user_email`, `user_password`) VALUES (?,?,?)" : "UPDATE `users` SET `user_name`=?, `user_email`=?, `user_password`=? WHERE `user_id`=?" ; $data = [$name, $email, password_hash($password, PASSWORD_DEFAULT)]; if ($id!=null) { $data[] = $id; } // (E2) RUN SQL $this->query($sql, $data); return true; } // (F) VERIFICATION function verify ($email, $password) { // (F1) GET USER $user = $this->get($email); $pass = is_array($user); // (F2) CHECK PASSWORD if ($pass) { $pass = password_verify($password, $user["user_password"]); } // (F3) REGISTER MEMBER INTO SESSION if ($pass) { foreach ($user as $k=>$v) { $_SESSION["admin"][$k] = $v; } unset($_SESSION["admin"]["user_password"]); } // (F4) RESULT if (!$pass) { $this->error = "Invalid email/password"; } return $pass; } } // (G) DATABASE SETTINGS - CHANGE TO YOUR OWN define("DB_HOST", "localhost"); define("DB_NAME", "test"); define("DB_CHARSET", "utf8mb4"); define("DB_USER", "root"); define("DB_PASSWORD", ""); // (H) START! session_start(); $_ADM = new Admin();_8
- (G) Pengaturan basis data, ingatlah untuk mengubahnya menjadi milik Anda sendiri
- (H) Mulai "mesin"
BAGIAN 3) HALAMAN LOGIN
3a-login. php
<?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) CHECK LOGIN CREDENTIALS if (count($_POST)!=0) { $_ADM->verify($_POST["email"], $_POST["password"]); } // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) { header("Location: 5-protected.php"); exit(); } ?> <!-- (D) LOGIN FORM --> <?php if ($_ADM->error!="") { echo "<div class='error'>".$_ADM->error."</div>"; } ?> <form method="post"> <h1>ADMIN LOGIN</h1> <label>Email</label> <input type="email" name="email" required> <label>Password</label> <input type="password" name="password" required> <input type="submit" value="Login"> </form>Itu saja untuk tutorialnya, dan berikut adalah beberapa tambahan kecil dan tautan yang mungkin berguna bagi Anda
KEAMANAN SEDIKIT LEBIH BAIK
Panel admin ini dibuat untuk kesederhanaan dan tidak memiliki keamanan terbaik… Setidaknya saya akan merekomendasikan melakukan hal berikut
- Buat folder <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) CHECK LOGIN CREDENTIALS if (count($_POST)!=0) { $_ADM->verify($_POST["email"], $_POST["password"]); } // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) { header("Location: 5-protected.php"); exit(); } ?> <!-- (D) LOGIN FORM --> <?php if ($_ADM->error!="") { echo "<div class='error'>".$_ADM->error."</div>"; } ?> <form method="post"> <h1>ADMIN LOGIN</h1> <label>Email</label> <input type="email" name="email" required> <label>Password</label> <input type="password" name="password" required> <input type="submit" value="Login"> </form>_6 baru
- Untuk pengguna Apache, buat file <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) CHECK LOGIN CREDENTIALS if (count($_POST)!=0) { $_ADM->verify($_POST["email"], $_POST["password"]); } // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) { header("Location: 5-protected.php"); exit(); } ?> <!-- (D) LOGIN FORM --> <?php if ($_ADM->error!="") { echo "<div class='error'>".$_ADM->error."</div>"; } ?> <form method="post"> <h1>ADMIN LOGIN</h1> <label>Email</label> <input type="email" name="email" required> <label>Password</label> <input type="password" name="password" required> <input type="submit" value="Login"> </form>_7 dengan satu baris – <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) CHECK LOGIN CREDENTIALS if (count($_POST)!=0) { $_ADM->verify($_POST["email"], $_POST["password"]); } // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) { header("Location: 5-protected.php"); exit(); } ?> <!-- (D) LOGIN FORM --> <?php if ($_ADM->error!="") { echo "<div class='error'>".$_ADM->error."</div>"; } ?> <form method="post"> <h1>ADMIN LOGIN</h1> <label>Email</label> <input type="email" name="email" required> <label>Password</label> <input type="password" name="password" required> <input type="submit" value="Login"> </form>8. Pengguna tidak lagi dapat mengakses file di <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) CHECK LOGIN CREDENTIALS if (count($_POST)!=0) { $_ADM->verify($_POST["email"], $_POST["password"]); } // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) { header("Location: 5-protected.php"); exit(); } ?> <!-- (D) LOGIN FORM --> <?php if ($_ADM->error!="") { echo "<div class='error'>".$_ADM->error."</div>"; } ?> <form method="post"> <h1>ADMIN LOGIN</h1> <label>Email</label> <input type="email" name="email" required> <label>Password</label> <input type="password" name="password" required> <input type="submit" value="Login"> </form>9 hingga <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) LOGOUT if (isset($_POST["logout"])) { unset($_SESSION["admin"]); } // (C) REDIRECT IF NOT SIGNED IN if (!isset($_SESSION["admin"])) { header("Location: 3a-login.php"); exit(); } ?> <!-- (D) SIDEBAR --> <div id="pgside"> <!-- (D1) BRANDING OR USER --> <form id="pguser" method="post" title="if(confirm('Sign Off?')){this.submit();}"> <input type="hidden" name="logout" value="1"> <img src="potato.png" id="pguserimg"> <div class="txt"> <div id="pgusername"><?=$_SESSION["admin"]["user_name"]?></div> <div id="pguseracct">account | logoff</div> </div> </form> <!-- (D2) MENU ITEMS --> <a href="#" class="current"> <i class="ico">★</i> <i class="txt">Section A</i> </a> <a href="#"> <i class="ico">☀</i> <i class="txt">Section B</i> </a> <a href="#"> <i class="ico">☉</i> <i class="txt">Section C</i> </a> </div> <!-- (E) MAIN --> <main id="pgmain"> 0, tetapi PHP masih dapat membacanya
- Pengguna IIS dan NGINX – Buat sendiri “diterjemahkan <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) LOGOUT if (isset($_POST["logout"])) { unset($_SESSION["admin"]); } // (C) REDIRECT IF NOT SIGNED IN if (!isset($_SESSION["admin"])) { header("Location: 3a-login.php"); exit(); } ?> <!-- (D) SIDEBAR --> <div id="pgside"> <!-- (D1) BRANDING OR USER --> <form id="pguser" method="post" title="if(confirm('Sign Off?')){this.submit();}"> <input type="hidden" name="logout" value="1"> <img src="potato.png" id="pguserimg"> <div class="txt"> <div id="pgusername"><?=$_SESSION["admin"]["user_name"]?></div> <div id="pguseracct">account | logoff</div> </div> </form> <!-- (D2) MENU ITEMS --> <a href="#" class="current"> <i class="ico">★</i> <i class="txt">Section A</i> </a> <a href="#"> <i class="ico">☀</i> <i class="txt">Section B</i> </a> <a href="#"> <i class="ico">☉</i> <i class="txt">Section C</i> </a> </div> <!-- (E) MAIN --> <main id="pgmain"> 1“
- Pindahkan 2-lib-admin.php, <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) LOGOUT if (isset($_POST["logout"])) { unset($_SESSION["admin"]); } // (C) REDIRECT IF NOT SIGNED IN if (!isset($_SESSION["admin"])) { header("Location: 3a-login.php"); exit(); } ?> <!-- (D) SIDEBAR --> <div id="pgside"> <!-- (D1) BRANDING OR USER --> <form id="pguser" method="post" title="if(confirm('Sign Off?')){this.submit();}"> <input type="hidden" name="logout" value="1"> <img src="potato.png" id="pguserimg"> <div class="txt"> <div id="pgusername"><?=$_SESSION["admin"]["user_name"]?></div> <div id="pguseracct">account | logoff</div> </div> </form> <!-- (D2) MENU ITEMS --> <a href="#" class="current"> <i class="ico">★</i> <i class="txt">Section A</i> </a> <a href="#"> <i class="ico">☀</i> <i class="txt">Section B</i> </a> <a href="#"> <i class="ico">☉</i> <i class="txt">Section C</i> </a> </div> <!-- (E) MAIN --> <main id="pgmain"> 3, <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) LOGOUT if (isset($_POST["logout"])) { unset($_SESSION["admin"]); } // (C) REDIRECT IF NOT SIGNED IN if (!isset($_SESSION["admin"])) { header("Location: 3a-login.php"); exit(); } ?> <!-- (D) SIDEBAR --> <div id="pgside"> <!-- (D1) BRANDING OR USER --> <form id="pguser" method="post" title="if(confirm('Sign Off?')){this.submit();}"> <input type="hidden" name="logout" value="1"> <img src="potato.png" id="pguserimg"> <div class="txt"> <div id="pgusername"><?=$_SESSION["admin"]["user_name"]?></div> <div id="pguseracct">account | logoff</div> </div> </form> <!-- (D2) MENU ITEMS --> <a href="#" class="current"> <i class="ico">★</i> <i class="txt">Section A</i> </a> <a href="#"> <i class="ico">☀</i> <i class="txt">Section B</i> </a> <a href="#"> <i class="ico">☉</i> <i class="txt">Section C</i> </a> </div> <!-- (E) MAIN --> <main id="pgmain"> 4 ke <?php // (A) LOAD LIBRARY require "2-lib-admin.php"; // (B) CHECK LOGIN CREDENTIALS if (count($_POST)!=0) { $_ADM->verify($_POST["email"], $_POST["password"]); } // (C) REDIRECT IF SIGNED IN if (isset($_SESSION["admin"])) { header("Location: 5-protected.php"); exit(); } ?> <!-- (D) LOGIN FORM --> <?php if ($_ADM->error!="") { echo "<div class='error'>".$_ADM->error."</div>"; } ?> <form method="post"> <h1>ADMIN LOGIN</h1> <label>Email</label> <input type="email" name="email" required> <label>Password</label> <input type="password" name="password" required> <input type="submit" value="Login"> </form>6
- Tentu saja, perbarui jalur file di skrip Anda sesuai kebutuhan
- Ingatlah untuk menghapus 1-users.sql
LINK dan REFERENSI
- Perlindungan Token CSRF – Kotak Kodex
- Manajemen Peran Pengguna PHP – Kotak Kodex
- PHP Enkripsi Dekripsi Verifikasi Kata Sandi – Kotak Kodex
- Panel Admin CSS HTML Murni Sangat Sederhana – Code Boxx
TUTORIAL YOUTUBE
TAMAT
Terima kasih telah membaca, dan kami telah sampai di akhir tutorial ini. Saya harap ini membantu mempercepat pengembangan proyek Anda, dan jika Anda memiliki sesuatu untuk dibagikan dengan panduan ini, jangan ragu untuk berkomentar di bawah ini. Semoga berhasil dan selamat membuat kode