1. 首頁
  2. 問答
  3. 密碼保護到URL

密碼保護到URL

2012-04-04 82 views
0

我有一個網站,它的訪問權限應該受到限制。
因此,在進入頁面之前,在頁面加載之前,我們應該限制訪問三個字段,即客戶端的usernamepassword以及該頁面的specific password,這三個是由我創建的並存儲在數據庫中。密碼保護到URL

我有Javascript和PHP的基本知識。

我的想法是在頁面加載之前,Javascript應該得到用戶輸入的三個字段值,並且我們必須使用數據庫驗證,如果匹配發生,那麼頁面應該加載,如果不是該頁面的訪問應該是否認。

簡要介紹了在打開URL和頁面加載連接到數據庫之前必須進行的和用戶/客戶端輸入3個字段應該採取並由PHP使用MYSQL數據庫進行驗證,並且應顯示成功的認證頁面。

請提出代碼建議。

<?php 
function login($username,$password,$salt,$db,$table,$usercolumn,$passwordcolumn,$con) 
{ 
    $user=mysql_real_escape_string($username); 
    $password=mysql_real_escape_string($password); 
    $db=mysql_select_db($db,$con); 
    if(!$db) 
    { 
     return "connection error"; 
    } 
    else 
    { 
     $sql="SELECT * FROM `$table` WHERE `$usercolumn`='$user';"; 
     $enc=$password; 

    foreach($salt as $value) 
    { 
     if($value=="md5") 
     { 
      $enc=md5($enc); 
     }else 
     { 
      $enc=crypt($enc,$value); 
     } 
    } 
     $resource=mysql_query($sql); 
     $row=mysql_fetch_array($resource); 
     $passdb=$row[$passwordcolumn]; 
     if($passdb==$enc) 
     { 
      $sucess=true; 
     }else 
     { 
      $sucess=false; 
     } 


    } 
    return $sucess; 
} 
?>

你可以使用這個,如果它返回true,這意味着用戶名和密碼,現在是正確的,你必須確認你的第三個:提前:)

來源

2012-04-04 krishna

+1

這裏有個問題嗎? – 2012-04-04 06:27:36

回答

2

我創建了你可以使用的功能謝謝選項...
使用這個功能,你只需要複製該函數的文件後,像這樣的調用,如果它被命名爲「logger.php」,

<?php 
require("logger.php"); 
$enc=array("salt","md5","differentsalt")//your encryption such as if you have encrypted using 'salt' at first then using md5 hash and again 'differentsalt',then you need to give like i have given 

if(login($username,$password,$enc,$db,$table_name,$usercolumn,$passwordcolumn,$con))//$username is the username which user supplied,$password is password user supplied,$enc is the encryption and it must be an array... which is also given above,$db is database name,$table_name is the table where username and encrypted password are stored,$usercolumn is the column name where username are stored, $passwordcolumn is the column where encrypted password are stored, and last $con is the connection identifier, you may have given, $con=mysqli_connect("username","password"); 
//if all the parameters are supplied correctly, it will check for the username and password matching and you will have to check the third option 
{ 
//now validate your third option here... 
//if you are here, that means password and username has matched 

} 
else 
{ 
//this means username and password didnt matched... so output the error 
} 
?>

接受用戶名和密碼,你可能會創建一個表單並詢問密碼,然後提交...

來源

2012-04-04 06:57:03 acidburn

相關問題

 相關問題