php - 用于设置下一页用户的密码保护Php页面,还可以检查密码

  显示原文与译文双语对照的内容
0 0

我可以有一个密码 protected 页面或者页面,显示用户信息,但不能使它们在一起工作。 我知道我丢失了一些简单的东西但我一直盯着它:


 <?php

$db_host ="localhost"; 
$db_username ="1"; 
$db_pass ="1"; 
$db_name ="1"; 
mysql_connect("$db_host","$db_username","$db_pass") or die(mysql_error()); 
mysql_select_db("$db_name") or die ("no database");

$email = mysql_query ("SELECT email FROM maindata2");
while($row=mysql_fetch_array($email)) { $allemail = $row['email'];
}

$LOGIN_INFORMATION = array(
 'email' => 'pass',






);


//request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

//User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.wwwww.com/');

//time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 60);

//This parameter is only useful when TIMEOUT_MINUTES is not zero
//true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);


//show usage example
if(isset($_GET['help'])) {
 die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("'. str_replace('','',__FILE__). '");?&gt;');
}

//timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0? 0 : time() + TIMEOUT_MINUTES * 60);

//logout?
if(isset($_GET['logout'])) {
 setcookie("verify", '', $timeout, '/');//clear password;
 header('Location: '. LOGOUT_URL);
 exit();
}

if(!function_exists('showLoginPasswordProtect')) {

//show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
 <title>Please enter password to access this page</title>
 <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
 <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<?php include_once"meta1.php";?>
</head>
<body>
<?php include_once"header.php";?>

<div id="main-content">
 <style>
 input { border: 1px solid black; }
 </style>
 <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">

<div id="form1">
 <form name="form2" method="POST" action="display.php"> 
 <h3>Please enter password to access this page</h3>
 <font color="red"><?php echo $error_msg;?></font><br/>
<?php if (USE_USERNAME) echo 'Email Address:<br/><input type="input" name="access_login"/><br/>Password:<br/>';?>
 <input type="password" name="access_password"/><p></p><br/><input type="submit" name="Submit" value="Submit"/> 
 </form>
 <br/>
<br/>
<a style="font-size:12px; color: #000; font-family: Verdana, Arial;" href="http://wwwwww.com/contact" title="Contact us">Forgot Your Password?</a>
 </div>

<br>
<center><b>Existing Customers, please contact to request a login user name and password</b>
<br>
<br>
<a href="#" onClick="window.open('http://www.wwww.com/images/sampledata.png', 'WindowC', 'width=850, height=600,scrollbars=yes');">View Sample Data</a></center>


</div>
<br>
<br>
</div>
</body>
</html>

<?php
//stop at this point
 die();
}
}

//user provided password
if (isset($_POST['access_password'])) {

 $login = isset($_POST['access_login'])? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
$login = strtolower($login);
 if (!USE_USERNAME &&!in_array($pass, $LOGIN_INFORMATION)
 || (USE_USERNAME && (!array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login]!= $pass ) ) 
 ) {
 showLoginPasswordProtect("Incorrect password.");
 }
 else {
//set cookie if password was validated
 setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

//Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
//So need to clear password protector variables

 }

}

else {

//check if password cookie is set
 if (!isset($_COOKIE['verify'])) {
 showLoginPasswordProtect("");
 }

//check if cookie is good
 $found = false;
 foreach($LOGIN_INFORMATION as $key=>$val) {
 $lp = (USE_USERNAME? $key : ''). '%'.$val;
 if ($_COOKIE['verify'] == md5($lp)) {
 $found = true;
//prolong timeout
 if (TIMEOUT_CHECK_ACTIVITY) {
 setcookie("verify", md5($lp), $timeout, '/');
 }
 break;
 }
 }
 if (!$found) {
 showLoginPasswordProtect("");
 }

}

?>

现在用户可以输入电子邮件并直接传递信息,并且仅仅是不检查密码。

时间: 原作者:

0 0

这是一种处理密码访问的奇怪方式。 首先,你不应该将密码数据发送回用户,即使有些加密。 我建议你用一个会话。 在验证部分开始之前调用 session_start(); 。 在密码验证部分,当登录正确时,可以将用户名写入到会话中,这样就可以更容易地验证用户。 if (array_key_exists('login', $_SESSION)) { echo"Im am a logged in user!"; } else { echo"Please log in now!"; } 你可能看到,代码和方法更安全。 这里外,当所有电子邮件adresses互相覆盖并且结果没有使用时,SQL当前没有做任何事情。 你也应该关闭你的连接,而不仅仅是 die();

...