PHP-使用登录系统保护仅限成员的页面
你好,我被我编写的PHP代码难住了。我已经盯着这个看了好几个小时,但没有成功,请帮我找出任何我显然犯过的错误PHP-使用登录系统保护仅限成员的页面,php,html,mysql,database,authentication,Php,Html,Mysql,Database,Authentication,你好,我被我编写的PHP代码难住了。我已经盯着这个看了好几个小时,但没有成功,请帮我找出任何我显然犯过的错误 // Create connection $conn = new mysqli($servername, $username, $password, $db); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->conn
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Might as well also load your functions page here, so they are always available
require_once('fn/functions.php');
?>
我想让这个脚本做的是从一个html表单页面,查询一个数据库表(“用户”)以确保他们的密码和用户名是正确的,然后在一个单独的表(“令牌”)中,在“tk”列中插入一个随机令牌(我以前使用的方法,它是有效的),然后用户进行常规身份验证。代码从“users”表拉入“tokens”表中的“gauth”列
添加常规身份验证的原因是,我可以提取他们的用户名,并将其显示在我计划“保护”的所有页面上
抱歉,如果我弄糊涂了,这是我能改进它的最好方法。另外,我不太擅长格式化:)。稍后我将添加一些html,这就是标记存在的原因
MySQL表:
用户示例:
cols: username | password | email | classcode | tcode | genralauth |
hello | world | hello.world@gmail.com | 374568536 | somthin | 8945784953 |
cols: gauth | tk |
3946893485 |wr8ugj5ne24utb|
令牌示例:
cols: username | password | email | classcode | tcode | genralauth |
hello | world | hello.world@gmail.com | 374568536 | somthin | 8945784953 |
cols: gauth | tk |
3946893485 |wr8ugj5ne24utb|
PHP:
这是我将在大多数页面上使用的用于令牌身份验证的PHP,但是它实际上没有检查数据库“令牌”,而且我需要一种使用常规身份验证显示登录用户用户名的方法
PHP:
虚拟工作表!
教师网页html在这里
<?php
break;
case student:
?>
<?php
break;
default:
echo "Please login to view this page.";
}
}?>
</html>
学生页面html在这里
<?php
break;
case student:
?>
<?php
break;
default:
echo "Please login to view this page.";
}
}?>
</html>
我建议您改变方法 虽然乍一看,这些示例文件看起来很多,但一旦您研究它们,您就会发现它实际上比您现在的方向更简单、更符合逻辑 首先,将db connect/login文件移动到一个单独的文件中,并在每个PHP页面顶部包含该文件: INIT.PHP
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Might as well also load your functions page here, so they are always available
require_once('fn/functions.php');
?>
现在,看看我们如何在索引(和受限)页面上使用它?
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Might as well also load your functions page here, so they are always available
require_once('fn/functions.php');
?>
INDEX.PHP
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Might as well also load your functions page here, so they are always available
require_once('fn/functions.php');
?>
<?php
require_once('inc/head.inc.php');
require_once('fn/init.php');
?>
<body>
<!-- Examples need jQuery, so load that... -->
<script src="https://code.jquery.com/jquery-1.11.3.js"></script>
<!-- and our own file we will create next... -->
<script type="text/javascript" src="js/index.js"></script>
<div id="pageWrap">
<div id="loginDIV">
LoginID: <input type="text" id="liID" /><br>
LoginPW: <input type="password" id="liPW" /><br>
<input type="button" id="myButt" value="Login" />
</div>
</div>
<?php
$id = $_POST['id'];
$pw = $_POST['pw'];
//Verify from database that ID and PW are okay
//Note that you also should sanitize the data received from user
if ( id and password authenticate ){
//Use database lookups ot get this data: $un = `username`
//Use PHP sessions to set global variable values
$_SESSION['username'] = $un;
echo 1;
}else{
echo 'FAIL';
}
<?php
if (!isset($_SESSION['username']) ){
header('Location: ' .'index.php');
}
require_once('inc/head.inc.php');
require_once('fn/init.php');
?>
<body>
<h1>Welcome to the Admin Page, <?php echo $_SESSION['username']; ?>
<!-- AND here go all teh restricted things you need a login to do. -->
AJAX/LOGIN.PHP
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Might as well also load your functions page here, so they are always available
require_once('fn/functions.php');
?>
<?php
require_once('inc/head.inc.php');
require_once('fn/init.php');
?>
<body>
<!-- Examples need jQuery, so load that... -->
<script src="https://code.jquery.com/jquery-1.11.3.js"></script>
<!-- and our own file we will create next... -->
<script type="text/javascript" src="js/index.js"></script>
<div id="pageWrap">
<div id="loginDIV">
LoginID: <input type="text" id="liID" /><br>
LoginPW: <input type="password" id="liPW" /><br>
<input type="button" id="myButt" value="Login" />
</div>
</div>
<?php
$id = $_POST['id'];
$pw = $_POST['pw'];
//Verify from database that ID and PW are okay
//Note that you also should sanitize the data received from user
if ( id and password authenticate ){
//Use database lookups ot get this data: $un = `username`
//Use PHP sessions to set global variable values
$_SESSION['username'] = $un;
echo 1;
}else{
echo 'FAIL';
}
<?php
if (!isset($_SESSION['username']) ){
header('Location: ' .'index.php');
}
require_once('inc/head.inc.php');
require_once('fn/init.php');
?>
<body>
<h1>Welcome to the Admin Page, <?php echo $_SESSION['username']; ?>
<!-- AND here go all teh restricted things you need a login to do. -->
欢迎来到管理页面,
来自“用户”
语法错误。这并不能帮助您错误报告(0)代码>。谢谢!稍后我将不得不详细研究这一点,但是我不知道javascript(这对我来说真的很混乱),这可能是将来我在页面中添加更多函数时的一个问题。我觉得我的答案就在javascript中:)。我通常不会问,但skype会成为一种选择吗?我已经了解php,目前正在从您的链接学习AJAX,但我不想在W3学校参考时花钱进行编码。谢谢你。