1. 首頁
  2. 問答
  3. 優化PHP登錄代碼

優化PHP登錄代碼

2013-02-01 81 views
-1

我已經寫了一個非常簡單的PHP登錄腳本,用於具有兩種登錄形式的網頁,並且只是想知道是否有任何方法可以優化它(即將所有內容封裝在一個函數中以處理兩個登錄)。將不勝感激任何想法!優化PHP登錄代碼

session_start(); 
require_once("resources/php/connection.php"); 

// PM login 
if(isset($_POST['pmsubmit'])) 
{ 
$pmname = $_POST['pmname']; 
$pmpass = $_POST['pmpass']; 
// check if password matches the one in the table 
$query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass"); 
$query->execute(array(":pass" => $pmpass)); 
    // if there is a match then we log in the user 
    if ($query->rowCount() > 0) 
    { 
    // session stuff 
    $_SESSION['pmname'] = $_POST['pmname']; 
    // refresh page 
    header('Location: pm/index.php') ; 
    } 
    // if there is no match then we present the user with an error 
    else 
    { 
    echo "error"; 
    exit; 
    } 
} 

// TS login 
if(isset($_POST['tssubmit'])) 
{ 
$dept = $_POST['dept']; 
$tspass = $_POST['tspass']; 
// check if password matches the one in the table 
$query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass"); 
$query->execute(array(":pass" => $tspass)); 
    if ($query->rowCount() > 0) 
    { 
    // session stuff 
    $_SESSION['dept'] = $_POST['dept']; 
    // refresh page 
    header('Location: ts/index.php') ; 
    } 
    // if there is no match then we present the user with an error 
    else 
    { 
    echo "error"; 
    exit; 
    } 
}

來源

2013-02-01 methuselah

+1

你爲什麼只檢查合格,並沒有名字,並通過? – Class

+2

以及爲什麼要以純文本格式存儲密碼? –

+0

@John我想讓登錄工作在提高安全性之前先工作 – methuselah

回答

1

你可以嘗試這樣的事情,如果你想...

if(isset($_POST['pmsubmit'])) 
{ 
    LoginSubmit('pm', 'pmname', 'pmpass'); 
} 

if(isset($_POST['tssubmit'])) 
{ 
    LoginSubmit('ts', 'dept', 'tspass'); 
} 


function LoginSubmit($pm_or_ts, $the_name_input, $the_pass_input) 
{ 
    $the_name = $the_name_input; 
    $posted_name = $_POST[$the_name]; 
    $posted_pass = $_POST[$the_pass_input]; 

    // check if password matches the one in the table 
    $query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass"); 
    $query->execute(array(":pass" => $posted_pass)); 
    // if there is a match then we log in the user 
    if ($query->rowCount() > 0) 
    { 
    // session stuff 
    $_SESSION[$the_name] = $posted_name; 
    // refresh page 
    header('Location: ' . $pm_or_ts . '/index.php') ; 
    } 
    // if there is no match then we present the user with an error 
    else 
    { 
    echo "error"; 
    exit; 
    }

來源

2013-02-02 00:06:00

+0

似乎有一個與數據庫檢查密碼有關的問題 - 即使我輸入了正確的東西,也會拒絕它! – methuselah

+0

只需在$ posting_pass = $ _POST [$ the_pass_input];之後添加回顯即可。檢查它獲得的價值。像,echo $ posted_pa​​ss; –

+1

還請檢查您的代碼是否與地雷相同。我編輯了一次代碼。 –

相關問題

 相關問題