这是我到目前为止所得到的:
<?php
echo '<body style="background-color:red">';
$user = $_POST["username"];
$pass = $_POST["password"];
$validated = false;
//error handler
function customError($errno, $errstr)
{
echo "<b>Error:</b> [$errno] $errstr<br />";
echo "The error has been logged.";
error_log(date (DATE_RSS)." Error: [$errno]
$errstr".chr(13).chr(10),3, "invalidlogin.txt");
}
//set error handler
set_error_handler("customError",E_USER_WARNING);
session_start();
$_SESSION['Login'] = "";
if($user!="" && $pass!="")
{
$sql = "SELECT * FROM User WHERE LoginName = '$user' AND Password ='$pass'";
$conn = mysql_connect("localhost","UserName", "3PassWord") or die ("Sorry - unable to connect to MySQL database.");
$rs = mysql_select_db ("ALL14103673_BTEC",$conn) or die ("error");
$rs = mysql_query($sql,$conn);
$result = mysql_num_rows($rs);
if ($result > 0) $validated = true;
if($validated)
{
$_SESSION['Login'] = "OK";
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
header('Location: protected.php');
}
else
{
$_SESSION['Login'] = "";
trigger_error("Invalid username or password\n", E_USER_WARNING);
echo "Invalid username or password.";
}
}
else $_SESSION['Login'] = "";
if ($result > 0) $validated = true;
if($validated)
{
$_SESSION['login'] = "OK";
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
$ip = $_SERVER["REMOTE_ADDR"];
$date = date("d-m-Y H:i:s");
$file = 'Login.txt';
// Open the file to get existing content
$current = file_get_contents($file);
// Append a new person to the file
$current .= "$user logged in from IP Address of $ip on $date."."\r\n";
// Write the contents back to the file
file_put_contents($file, $current, $browser);
header('Location: protected.php');
}
?>
<html>
<body>
<h1 align="center">Login Page</h1>
<p align="center">Please enter your username and password:</p>
<form action="Login.php" method="post">
<table align="center">
<tr>
<td align="center">Username: </td>
<td align="center"><input size=\"20\"
type="text" size="20" maxlength="15"
name="username"></td>
</tr>
<tr>
<td
align="center">Password: </td>
<td align="center"><input size=\"20\"
type="password" size="20"
maxlength="15" name="password"></td>
</tr>
<tr>
<td colspan="2"
align="center"><input type="submit"
value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
到目前为止,我可以记录有关失败登录尝试的基本信息。例如使用的名称和密码以及何时使用。如何将浏览器信息和操作系统记录到同一个地方?
答案 0 :(得分:0)
好的,首先,我希望您永远不会在实际的网页上使用此代码。您似乎将密码以纯文本形式存储在数据库中,这绝不是一个好主意,并且您的代码容易受到SQL注入攻击,请阅读:http://php.net/manual/en/security.database.sql-injection.php
现在回答你的问题,看一下这个主题,其中有一个非常有用的功能,可以完全满足您的需求:Get operating system info with PHP