我在不使用DB的情况下在PHP中创建了一个登录页面。但是代码似乎没有产生错误的登录信息"消息,即使它包含在代码中。在正确登录详细信息后,它将重定向到其他页面。 phplogin.php和phptest.php都在下面给出。帮助赞赏
phplogin.php
<?php
session_start();
$namearray = array("raphael", "sidharth", "sony");
$passwordarray = array('123', '1234', '12345');
$name = $_POST["username"];
$password = $_POST["password"];
if (isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if (isset($_POST['username']))
{
if (in_array($name, $namearray)) {
$key = array_search($name, $namearray);
if ($password == $passwordarray[$key]) {
function Redirect($url, $permanent = false) {
if (headers_sent() === false) {
header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
}
exit();
}
Redirect('phptest.php', false);
}
}
} else {
echo "Invalid Login";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
</head>
<body>
<?php if($_SESSION['username']): ?>
<p>You are logged in as <?=$_SESSION['username']?></p>
<p><a href="?logout=1">Logout</a></p>
<?php endif; ?>
<form name="login" action="" method="post">
Username: <input type="text" name="username" value="" /><br />
Password: <input type="password" name="password" value="" /><br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
phptest.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<p>WELCOME!</p><br>
<p>You have logged in</p><br>
<a href="http://localhost/login3/phplogin.php">Logout</a>
</body>
</html>
答案 0 :(得分:2)
检查密码时,在代码中添加另一个ELSE语句:
if (isset($_POST['username']))
{
if (in_array($name, $namearray)) {
$key = array_search($name, $namearray);
if ($password == $passwordarray[$key]) {
function Redirect($url, $permanent = false) {
if (headers_sent() === false) {
header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
}
exit();
}
Redirect('phptest.php', false);
} else {
echo "Invalid Login";
}
} else {
echo "Invalid Login";
}
} else {
echo "Invalid Login";
}
答案 1 :(得分:0)
您可以将用户和加密密码存储在旧的.htpasswd文件中,然后从那里获取登录信息。
<?php
session_start();
if (isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
$users = load_htpasswd( '.htpasswd' );
if( !empty( $_POST["username"] ) && !empty( $_POST["password"] ) )
{
if( isset( $users[$_POST["username"]] ) && test_htpasswd( $users[$_POST["username"]], $_POST["password"] ) )
{
header('Location: phptest.php', true, 302 );
}
else
{
echo "Invalid Login";
}
}
else
{
echo "No log in attempt";
}
// Loads htpasswd file into an array of form
// array( username => crypted_pass, ... )
function load_htpasswd( $htpasswd )
{
if ( !file_exists($htpasswd))
return array();
$res = array();
foreach(file($htpasswd) as $l)
{
$array = explode(':',$l);
$user = $array[0];
$pass = chop($array[1]);
$res[$user] = $pass;
}
return $res;
}
// Returns true if the user exists and the password matches, false otherwise
function test_htpasswd( $crypted, $pass )
{
// Determine the password type
// TODO: Support for MD5 Passwords
if ( substr($crypted, 0, 6) == "{SSHA}" )
{
$ohash = base64_decode(substr($crypted, 6));
return substr($ohash, 0, 20) == pack("H*", sha1($pass . substr($ohash, 20)));
}
else if ( substr($crypted, 0, 5) == "{SHA}" )
{
$non_salted_sha1 = "{SHA}" . base64_encode(pack("H*", sha1($pass)));
return $non_salted_sha1 == $crypted;
}
else
{
return crypt( $pass, substr($crypted,0,CRYPT_SALT_LENGTH) ) == $crypted;
}
}