我想创建一个网站,我可以在其中输入一个密钥代码(以表格形式)并重定向到"受保护的"页。
目前我正在使用它,我在http://www.braemoor.co.uk/software/passwords.php上找到了
这对我来说很好,但后来我意识到当我登录时#39;无论密钥是什么,只有一个cookie,然后我可以在不知道正确密钥的情况下输入另一个目录/页面。有人知道一种方法,我可以为每个密钥代码分配不同的cookie,并让密码.js要求特定的。
password.js& passwordtest.php:
// Routine to get a nominated cookie value
function getCookieValue (cookieName) {
var exp = new RegExp (cookieName + "=([^;]+)");
if (exp.test (document.cookie + ";")) {
exp.exec (document.cookie + ";");
return unescape(RegExp.$1);
}
else return false
}
// Get the "password" cookie value, otherwise goto the default invalid page
var invalidpassword = "http://braemoor.co.uk/software/invalid.html";
if (!getCookieValue ("validpassword")) {
location.replace (invalidpassword);
}
else {
// Get the cookie value
var myCookie = getCookieValue ("password");
// If it isn't 0, then it is the URL of the invalid password URL
if (myCookie != "0") {location.replace (myCookie);}
}<?php
# Author: John Gardner
# Date: 7th June 2007
# From: http://www.braemoor.co.uk/software/passwords.php
# ******************************************************************************
# THIS SECTION SHOULD BE MODIFIED TO REFLECT YOUR REQUIREMENTS
# ============================================================
# Set up the password strings and associated URLs. Note that all the elements of
# this hash list but the last MUST be separated by commas. You may have as many
# password => URL combinations as you wish.
$urlList = array ('xyzzy' => 'valid.html',
'abcdef' => 'valid.html',
'123456' => 'valid.html'
);
# Set up the invalid password URL - this should also be set up in the JavaScript
$invalidURL = 'invalid.html';
# The cookie name - this should be the same as in the JavaScript
$cookieName = 'validpassword';
# ******************************************************************************
# If there is nothing in the form's submit field, this is the first time in.
# Simply display the form and await the user's input. Othwerwise, pick up the
# password from the form.
if (isset ($_POST['submit']) && strlen($_POST['password']) > 0) {
# See if the password provided by the user exists in the list.
if (array_key_exists ($_POST['password'], $urlList)) {
# Password found - first set the cookie
setcookie ($cookieName, 0, NULL,'/');
# Now go to the page associated with the password.
header ("Location: " . $urlList[$_POST['password']]);
}
else {
# Password not found - go to the 'invalid password' page
header ("Location: " . $invalidURL);
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="en-GB" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PHP Test Script for Password Protecting a Web Site</title>
<meta name="description" content="PHP Test Script for Password Protecting Web Pages" />
<meta http-equiv="Content-Language" content="en-gb" />
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<meta name="author" content="John Gardner" />
<meta name="copyright" content="2007-2007 John Gardner" />
<meta name="robots" content="noindex, nofollow" />
<meta name="rating" content="General" />
<link rel="stylesheet" type="text/css" href="passwordstest.css" />
</head>
<body>
<div id="rh-col">
<p class="pageheading">Test PHP Script for Password Protecting Web Pages</p>
<p>This simple test PHP script demonstrates how you can provide password
protection for part of a web site, when you do not have access to your web
server's implementation of the HTTP basic authentication scheme. It works in
conjunction with a JavaScript function which is called in the header of each
protected web page. See
<a href="htttp://www.braemoor.co.uk/software/passwords.php">htttp://www.braemoor.co.uk/software/passwords.php</a>
for more details.</p>
<p>The functionality protects against a casual attempt to access protected
pages, but because it requires JavaScript to be enabled in the user's browser,
it shouldn't be considered for anything where security is a critical issue,
although the user would need to know the specific URI of the protected page in
order to access it, as it would not be referenced directly by any page.</p>
<form id="myform" action="passwordstest.php" method="post">
<p>Try it: (passwords are <span style="color: #ff0000;">xyzzy, abcdef, 123456):</span>
<span style="color: #ff0000; margin-left: 20px;">Enter password:
<input type="password" name="password" maxlength="12" size="12" style="margin-left: 10px;" />
<input type="submit" name="submit" value="submit" style="margin-left: 30px; color: #f00;" />
</span></p>
</form>
<p>The normal route through the PHP script when called as above simply checks
the given password against one contained within a list, and displays either
the required entry web page of the protected part of the site, or reports that
an invalid password has been given. The script allows for as many multiple
passwords / entry web page combinations as may be required.</p>
</div>
</body>
</html>
提前谢谢