我已經寫了一個非常簡單的PHP登錄腳本,用於具有兩種登錄形式的網頁,並且只是想知道是否有任何方法可以優化它(即將所有內容封裝在一個函數中以處理兩個登錄)。將不勝感激任何想法!優化PHP登錄代碼
session_start();
require_once("resources/php/connection.php");
// PM login
if(isset($_POST['pmsubmit']))
{
$pmname = $_POST['pmname'];
$pmpass = $_POST['pmpass'];
// check if password matches the one in the table
$query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass");
$query->execute(array(":pass" => $pmpass));
// if there is a match then we log in the user
if ($query->rowCount() > 0)
{
// session stuff
$_SESSION['pmname'] = $_POST['pmname'];
// refresh page
header('Location: pm/index.php') ;
}
// if there is no match then we present the user with an error
else
{
echo "error";
exit;
}
}
// TS login
if(isset($_POST['tssubmit']))
{
$dept = $_POST['dept'];
$tspass = $_POST['tspass'];
// check if password matches the one in the table
$query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass");
$query->execute(array(":pass" => $tspass));
if ($query->rowCount() > 0)
{
// session stuff
$_SESSION['dept'] = $_POST['dept'];
// refresh page
header('Location: ts/index.php') ;
}
// if there is no match then we present the user with an error
else
{
echo "error";
exit;
}
}
你爲什麼只檢查合格,並沒有名字,並通過? – Class
以及爲什麼要以純文本格式存儲密碼? –
@John我想讓登錄工作在提高安全性之前先工作 – methuselah