密码保护Php页面设置用户下一页并仍然检查密码

时间:2014-09-03 16:07:15

标签: php mysql passwords

我能够拥有一个受密码保护的页面或一个在输入时显示用户信息但不能使它们一起工作的页面。我知道我错过了一些简单的东西,但我一直在看它太久了:

    <?php

$db_host = "localhost"; 
$db_username = "1"; 
$db_pass = "1"; 
$db_name = "1"; 
mysql_connect("$db_host","$db_username","$db_pass") or die(mysql_error()); 
mysql_select_db("$db_name") or die ("no database");

$email =  mysql_query ("SELECT email FROM maindata2");
while($row=mysql_fetch_array($email)) { $allemail = $row['email'];
}

$LOGIN_INFORMATION = array(
  'email' => 'pass',






);


// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.wwwww.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 60);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);


// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
   header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
  <title>Please enter password to access this page</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<?php include_once "meta1.php"; ?>
</head>
<body>
<?php include_once "header.php"; ?>

<div id="main-content">
  <style>
    input { border: 1px solid black; }
  </style>
  <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">

<div id="form1">
  <form name="form2" method="POST" action="display.php"> 
    <h3>Please enter password to access this page</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Email Address:<br /><input type="input" name="access_login" /><br />Password:<br />';  ?>
    <input type="password" name="access_password" /><p></p><br /><input type="submit" name="Submit" value="Submit" /> 
  </form>
  <br />
<br />
<a style="font-size:12px; color: #000; font-family: Verdana, Arial;" href="http://wwwwww.com/contact" title="Contact us">Forgot Your Password?</a>
  </div>

<br>
<center><b>Existing Customers, please contact to request a login user name and password</b>
<br>
<br>
<a href="#" onClick="window.open('http://www.wwww.com/images/sampledata.png', 'WindowC', 'width=850, height=600,scrollbars=yes');">View Sample Data</a></center>


</div>
<br>
<br>
</div>
</body>
</html>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
$login = strtolower($login);
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables

  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

现在,用户可以输入他们的电子邮件并直接进入显示页面并传递信息并完美显示所有内容唯一的问题是不检查密码,我知道这是我的订单设置,但无法弄清楚如何使它工作。

1 个答案:

答案 0 :(得分:0)

这是处理密码访问的一种奇怪方式。首先,即使有些加密,也不应该将密码数据发回给用户。我建议你使用一个会话。在验证部分开始之前致电session_start();。在密码验证部分,您可以在登录正确时将用户名写入会话,例如$_SESSION['login'] = $login;,这样可以更轻松地验证登录用户,例如if (array_key_exists('login', $_SESSION)) { echo "Im am a logged in user!"; } else { echo "Please log in now!"; }。正如您所看到的,更少的代码和更安全的方式。此外,您的SQL目前无效,因为所有电子邮件地址都相互覆盖,结果甚至没有使用。您也应该关闭您的连接,而不仅仅是die();

相关问题
最新问题