PHP中的登录页面,不使用DB

时间:2014-07-04 13:40:53

标签: php html

我在不使用DB的情况下在PHP中创建了一个登录页面。但是代码似乎没有产生错误的登录信息"消息,即使它包含在代码中。在正确登录详细信息后,它将重定向到其他页面。 phplogin.php和phptest.php都在下面给出。帮助赞赏

phplogin.php

<?php
session_start();

$namearray = array("raphael", "sidharth", "sony");
$passwordarray = array('123', '1234', '12345');

$name = $_POST["username"];
$password = $_POST["password"];


  if (isset($_GET['logout'])) {
    $_SESSION['username'] = '';
    header('Location:  ' . $_SERVER['PHP_SELF']);
}

if (isset($_POST['username'])) 
    {
    if (in_array($name, $namearray)) {
        $key = array_search($name, $namearray);
        if ($password == $passwordarray[$key]) {

            function Redirect($url, $permanent = false) {
                if (headers_sent() === false) {
                    header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
                }

                exit();
            }

            Redirect('phptest.php', false);
        }
    }
} else {
    echo "Invalid Login";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>Login</title>
    </head>
    <body>
        <?php if($_SESSION['username']): ?>
            <p>You are logged in as <?=$_SESSION['username']?></p>
            <p><a href="?logout=1">Logout</a></p>
        <?php endif; ?>
        <form name="login" action="" method="post">
            Username:  <input type="text" name="username" value="" /><br />
            Password:  <input type="password" name="password" value="" /><br />
            <input type="submit" name="submit" value="Submit" />
        </form>
    </body>
</html>

phptest.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
    </head>
    <body>
        <p>WELCOME!</p><br>
            <p>You have logged in</p><br>
        <a href="http://localhost/login3/phplogin.php">Logout</a>
    </body>
</html>

2 个答案:

答案 0 :(得分:2)

检查密码时,在代码中添加另一个ELSE语句:

if (isset($_POST['username'])) 
    {
    if (in_array($name, $namearray)) {
        $key = array_search($name, $namearray);
        if ($password == $passwordarray[$key]) {

            function Redirect($url, $permanent = false) {
                if (headers_sent() === false) {
                    header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
                }

                exit();
            }

            Redirect('phptest.php', false);
        } else {
           echo "Invalid Login";
        }
    } else {
       echo "Invalid Login";
    }
} else {
    echo "Invalid Login";
}

答案 1 :(得分:0)

您可以将用户和加密密码存储在旧的.htpasswd文件中,然后从那里获取登录信息。

<?php
session_start();

if (isset($_GET['logout'])) {
    $_SESSION['username'] = '';
    header('Location:  ' . $_SERVER['PHP_SELF']);
}

$users = load_htpasswd( '.htpasswd' );

if( !empty( $_POST["username"] ) && !empty( $_POST["password"] ) )
{
    if( isset( $users[$_POST["username"]] ) && test_htpasswd( $users[$_POST["username"]], $_POST["password"] ) )
    {
        header('Location: phptest.php', true, 302 );
    }
    else
    {
        echo "Invalid Login";
    }
}
else
{
    echo "No log in attempt";
}


// Loads htpasswd file into an array of form
// array( username => crypted_pass, ... )
function load_htpasswd( $htpasswd )
{
    if ( !file_exists($htpasswd))
        return array();

    $res = array();
    foreach(file($htpasswd) as $l)
    {
        $array = explode(':',$l);
        $user = $array[0];
        $pass = chop($array[1]);
        $res[$user] = $pass;
    }
    return $res;
}

// Returns true if the user exists and the password matches, false otherwise
function test_htpasswd( $crypted, $pass )
{
    // Determine the password type
    // TODO: Support for MD5 Passwords
    if ( substr($crypted, 0, 6) == "{SSHA}" )
    {
        $ohash = base64_decode(substr($crypted, 6));
        return substr($ohash, 0, 20) == pack("H*", sha1($pass . substr($ohash, 20)));
    }
    else if ( substr($crypted, 0, 5) == "{SHA}" )
    {
        $non_salted_sha1 = "{SHA}" . base64_encode(pack("H*", sha1($pass)));
        return $non_salted_sha1 == $crypted;
    }
    else
    {
        return crypt( $pass, substr($crypted,0,CRYPT_SALT_LENGTH) ) == $crypted;
    }
}

最后两个函数来自http://elonen.iki.fi/code/misc-notes/htpasswd-php/