密码保护到URL

时间:2012-04-04 06:24:47

标签: php javascript mysql html

我有一个网站,其访问权限应该受到限制。
因此,在进入页面时,在加载页面之前,我们应该使用三个字段限制访问权限,即usernamepassword对于该页面的客户端和specific password,这三个是由我创建的并存储在数据库中。

我对Javascript和PHP有基本的了解。

我的想法是在页面加载之前,Javascript应该获取用户输入的三个字段值,并且通过PHP我们必须使用数据库进行验证,如果匹配发生则页面应该加载,否则应该拒绝访问该页面。

简要介绍如何点击URL,在进行页面加载与数据库连接之前,输入用户/客户端3个字段,并通过PHP验证MYSQL数据库,并显示成功的验证页面。

请提出代码建议。在此先感谢:)

1 个答案:

答案 0 :(得分:2)

我创建了一个你可以使用的功能:

<?php
function login($username,$password,$salt,$db,$table,$usercolumn,$passwordcolumn,$con)
{
    $user=mysql_real_escape_string($username);
    $password=mysql_real_escape_string($password);
    $db=mysql_select_db($db,$con);
    if(!$db)
    {
        return "connection error";  
    }
    else
    {
        $sql="SELECT * FROM `$table` WHERE `$usercolumn`='$user';";
        $enc=$password;

    foreach($salt as $value)
    {
        if($value=="md5")
        {
            $enc=md5($enc);
        }else
        {
            $enc=crypt($enc,$value);
        }
    }
        $resource=mysql_query($sql);
        $row=mysql_fetch_array($resource);
        $passdb=$row[$passwordcolumn];
        if($passdb==$enc)
        {
            $sucess=true;
        }else
        {
            $sucess=false;
        }


    }
    return $sucess;
}
?>

你可以使用它,如果它返回true,那意味着用户名和密码是正确的,现在你必须验证你的第三个选项...
要使用此函数,只需将该函数复制到文件后,如果它被命名为“logger.php”,就需要像这样调用,

<?php
require("logger.php");
$enc=array("salt","md5","differentsalt")//your encryption such as if you have encrypted using 'salt' at first then using md5 hash and again 'differentsalt',then you need to give like i have given

if(login($username,$password,$enc,$db,$table_name,$usercolumn,$passwordcolumn,$con))//$username is the username which user supplied,$password is password user supplied,$enc is the encryption and it must be an array... which is also given above,$db is database name,$table_name is the table where username and encrypted password are stored,$usercolumn is the column name where username are stored, $passwordcolumn is the column where encrypted password are stored, and last $con is the connection identifier, you may have given, $con=mysqli_connect("username","password");
//if all the parameters are supplied correctly, it will check for the username and password matching and you will have to check the third option
{
//now validate your third option here...
//if you are here, that means password and username has matched

}
else
{
//this means username and password didnt matched... so output the error
}
?>

接受用户名和密码,您可以在那里创建一个表格并提出密码,然后提交......

相关问题
最新问题