密码保护Php页面,为下一页设置用户并仍检查密码
我已经能够有一个受密码保护的页面,或者一个在输入时显示用户信息的页面,但不能使它们一起工作。我知道我错过了一些简单的东西,但我已经看得太久了:密码保护Php页面,为下一页设置用户并仍检查密码,php,mysql,passwords,Php,Mysql,Passwords,我已经能够有一个受密码保护的页面,或者一个在输入时显示用户信息的页面,但不能使它们一起工作。我知道我错过了一些简单的东西,但我已经看得太久了: <?php $db_host = "localhost"; $db_username = "1"; $db_pass = "1"; $db_name = "1"; mysql_connect("$db_host","$db_username","$db_pass") or die(mysql_error()); mysql_se
<?php
$db_host = "localhost";
$db_username = "1";
$db_pass = "1";
$db_name = "1";
mysql_connect("$db_host","$db_username","$db_pass") or die(mysql_error());
mysql_select_db("$db_name") or die ("no database");
$email = mysql_query ("SELECT email FROM maindata2");
while($row=mysql_fetch_array($email)) { $allemail = $row['email'];
}
$LOGIN_INFORMATION = array(
'email' => 'pass',
);
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.wwwww.com/');
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 60);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
// show usage example
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
<title>Please enter password to access this page</title>
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<?php include_once "meta1.php"; ?>
</head>
<body>
<?php include_once "header.php"; ?>
<div id="main-content">
<style>
input { border: 1px solid black; }
</style>
<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
<div id="form1">
<form name="form2" method="POST" action="display.php">
<h3>Please enter password to access this page</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Email Address:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><br /><input type="submit" name="Submit" value="Submit" />
</form>
<br />
<br />
<a style="font-size:12px; color: #000; font-family: Verdana, Arial;" href="http://wwwwww.com/contact" title="Contact us">Forgot Your Password?</a>
</div>
<br>
<center><b>Existing Customers, please contact to request a login user name and password</b>
<br>
<br>
<a href="#" onClick="window.open('http://www.wwww.com/images/sampledata.png', 'WindowC', 'width=850, height=600,scrollbars=yes');">View Sample Data</a></center>
</div>
<br>
<br>
</div>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
$login = strtolower($login);
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
请输入访问此页面的密码
输入{边框:1px纯黑;}
请输入访问此页面的密码
现有客户,请联系以请求登录用户名和密码
现在用户可以输入他们的电子邮件,直接进入显示页面,它传递信息并完美地显示所有内容唯一的问题是没有先检查密码,我知道这是我设置的顺序,但无法找出如何使其工作。这是一种处理密码访问的奇怪方式。首先,您永远不应该将密码数据发送回用户,即使有些加密。我建议你开个会。调用
session_start()在验证部分开始之前。在密码验证部分,当登录正确时,您可以将用户名写入会话,如$\u session['login']=$login
这也使得登录用户的验证更容易,比如如果(array_key_存在('login',$_SESSION)){echo“我是一个登录用户!”}或者{echo“请立即登录!”}
。正如您可能看到的,更少的代码和更安全的方式。此外,您的SQL目前什么也不做,因为所有电子邮件地址都会相互覆盖,结果甚至不会被使用。您也应该关闭连接,而不仅仅是die()