单个PHP页面的多密码保护

时间:2018-04-05 13:24:32

标签: php jquery session passwords

我有这个Page Fundstransfer.php,我在表单中输入数据,然后使用

将数据发送到process.php 
<form action="<?php echo WEB_ROOT; ?>view/process.php?action=transfer" method="post" >

然后process.php收集数据,处理它们并重定向到OTP.php我输入process.php生成的代码以完成请求的交易,一切正常。

但我想要的是在OTP.php页面显示内容之前用四个不同的密码密码。

OTP.php代码为:

<?php
$errorMessage = (isset($_GET['msg']) && $_GET['msg'] != '') ? $_GET['msg'] : '&nbsp;';
$msgMessage = (isset($_GET['success']) && $_GET['success'] != '') ? $_GET['success'] : '&nbsp;';
?>

<h2>Transaction Authorization Code</h2>
<p>Funds transfer is a process of transfering funds from your account to other account in same Bank.<br/>Please make sure that you have enough funds available in your account to transfer. Also don't forgot to validate receiver's account number.</p>

<link href="<?php echo WEB_ROOT; ?>library/spry/textfieldvalidation/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<script src="<?php echo WEB_ROOT; ?>library/spry/textfieldvalidation/SpryValidationTextField.js" type="text/javascript"></script>

<span id="errorCls" style="color:#FF0000 !important;"><?php echo $errorMessage; ?></span>
<span style="color:#99FF00 !important;font-size:14px;"><?php echo $msgMessage; ?></span>

<p>The token code has been sent to your email : <span style="color:#0066CC;font-weight:bold;"><?php echo $_SESSION['hlbank_user']['email']; ?></span></p>
<p>You have <span id="defaultCountdown"></span> minutes remaining to insert valid OTP. System will automatically redirect to 'Fund Transfer' page to initiate fund transfer again.</p>

<form action="<?php echo WEB_ROOT; ?>view/process.php?action=token" method="post">
    <table width="550" border="0" cellpadding="5" cellspacing="1" class="entryTable">
        <tr id="listTableHeader">
            <th colspan="2">Transfer Funds</th>
        </tr>
        <tr>
            <td width="260" height="30" class="label"><strong>Transaction Authorization Code</strong></td>
            <td height="30" class="content">
                <span id="sprytf_token">
                    <input name="token" id="token" type="text" class="frmInputs" size="15" maxlength="15" />
                    <br/>
                    <span class="textfieldRequiredMsg">Transaction Authorization Code is required.</span>
                    <span class="textfieldInvalidFormatMsg">Transaction Authorization Code must be Integer.</span>
                    <span class="textfieldMinCharsMsg">Transaction Authorization Code must specify at least 6 characters.</span>
                    <span class="textfieldMaxCharsMsg">Transaction Authorization Code must specify at max 8 characters.</span>
                </span>
            </td>
        </tr>

        <tr>
            <td height="30" colspan="2">
                <div align="center">
                    <input name="submitButton" type="submit" class="frmButton" id="submitButton" value="Validate TAC" />
                </div></td>
        </tr>
    </table>
</form>

<script type="text/javascript">
    <!--
var sprytf_token = new Spry.Widget.ValidationTextField("sprytf_token", 'integer', {minChars: 6, maxChars: 8, validateOn: ["blur", "change"]});
    //-->
</script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.min.js"></script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.plugin.min.js"></script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.countdown.min.js"></script>
<script>
    $(document).ready(function () {
        function timerdone() {
            var webRoot = '<?php echo WEB_ROOT; ?>' + 'view/?v=Transfer';
            window.location.href = webRoot;
        }
        $('#defaultCountdown').countdown({
            until: +60,
            compact: true,
            onExpiry: timerdone,
            format: 'MS'
        });
    })
</script>
<style>
    #defaultCountdown {font-family:Verdana;font-size:18px;padding:0 5px ;color:#990000;border:1px solid #993300;background-color:#FFFFCC;}
</style>

我有以下代码

<?php
session_start();
$error = false;
if (!isset($_SESSION['login'])) {

    $stage = (isset($_SESSION['stage'])) ? $_SESSION['stage'] : 0;
    $stage_labels = array(
        'First',
        'Second',
        'Third',
        'Final'
    );

    $passwords = array(
        '111',
        '222',
        '333',
        '444'
    );

    if (isset($_POST['password']) && $_POST['password'] == $passwords[$stage]) {

        if ($stage == 3) {
            // if the final password matches, create a session variable for login
            $_SESSION['login'] = 'loggedin';
            header('location: ' . $_SERVER['PHP_SELF']);
            exit();
        } else {
            // if password matches the respective stage, increase the value of stage by 1 to move on to next stage
            $_SESSION['stage'] = $stage + 1;
            header('location: ' . $_SERVER['PHP_SELF']);
            exit();
        }
    } elseif (isset($_POST['password'])) {
        $error = true;
        // if form submitted with mismatch password, stage will restart from 0 again
        print '<p align="center"><font color="red"><b>Incorrect Code entered</b><br>Please enter the correct code or contact Administrator</font></p>';
        $_SESSION['stage'] = 0;
    }

    if (!$error) {
        print '<p>Please enter your ' . $stage_labels[$stage] . ' password</p>';
    }

    print '<form method="post"><p align="center"><h2>Please enter code to intiate transfer</h2><br>';
    print '<input name="password" type="password" maxlength="10"><input value="Authenticate" type="submit"></p></form>';
} else {
    echo 'You have logged in';
}
?>

但无法找到将其合并到OTP.php

的方法

非常感谢任何正确方向的帮助或指针。

1 个答案:

答案 0 :(得分:0)

我做对了。 我所做的是将保护代码放在我想保护的页面顶部,然后删除echo并覆盖php标签,如下所示

<?php
session_start();
$error = false;
if (!isset($_SESSION['login'])) {

    $stage = (isset($_SESSION['stage'])) ? $_SESSION['stage'] : 0;
    $stage_labels = array(
        'First',
        'Second',
        'Third',
        'Final'
    );

    $passwords = array(
        '111',
        '222',
        '333',
        '444'
    );

    if (isset($_POST['password']) && $_POST['password'] == $passwords[$stage]) {

        if ($stage == 3) {
            // if the final password matches, create a session variable for login
            $_SESSION['login'] = 'loggedin';
            header('location: ' . $_SERVER['PHP_SELF']);
            exit();
        } else {
            // if password matches the respective stage, increase the value of stage by 1 to move on to next stage
            $_SESSION['stage'] = $stage + 1;
            header('location: ' . $_SERVER['PHP_SELF']);
            exit();
        }
    } elseif (isset($_POST['password'])) {
        $error = true;
        // if form submitted with mismatch password, stage will restart from 0 again
        print '<p align="center"><font color="red"><b>Incorrect Code entered</b><br>Please enter the correct code or contact Administrator</font></p>';
        $_SESSION['stage'] = 0;
    }

    if (!$error) {
        print '<p>Please enter your ' . $stage_labels[$stage] . ' password</p>';
    }

    print '<form method="post"><p align="center"><h2>Please enter code to intiate transfer</h2><br>';
    print '<input name="password" type="password" maxlength="10"><input value="Authenticate" type="submit"></p></form>';
} else { ?>

然后把我要保护的内容放在这里,php代码和html一切正常。 然后在受保护的内容之后,我添加了php标签来覆盖我所选择的括号

<?php 

   }
?>
相关问题
最新问题