猿问

尝试创建一个基本的php登录系统

这里是初学者编码器。我正在尝试使用 html 和 php 构建一个非常基本的 php 登录系统。但我需要一些帮助:


<html>

<head></head>

<body>


   <form method="POST">

        User <input type="text" name="user"></input><br/>

        Pass <input type="password" name="pass"></input><br/>

        <input type="submit" name="submit" value="Go"></input>

        </form>  

和:


    <?php


$user = $_POST['user'];

$pass = $_POST['pass'];


$passw= md5($pass);



if ($user == "admin" && $passw == "8b1a9953c4611296a827abf8c47804d7") {

    echo "Login completed";

} else {

    echo "Try Again Please";

}

?>


</body>

       </html>

但是这里有些东西不太正常,当我输入用户名和密码,然后单击按钮时,屏幕就像什么都没发生一样刷新。


我错过了什么?!


噜噜哒
浏览 105回答 2
2回答

慕桂英3389331

通常在登录页面上有一个输入页面,您可以在其中输入您的凭据,即将变量提交到另一个站点。那么你必须有这样的东西,在巫婆中你包括凭证形式。<form method="post" action="https://example.com/landing_site.php"><?php&nbsp; &nbsp; include "credencial_html.php";?></form>credencial_html.php 看起来像这样(简单的 html 代码):&nbsp;User <input type="text" name="user"><br/>&nbsp;Pass <input type="password" name="pass"><br/>&nbsp;<input type="submit" name="submit" value="Go">现在你做了那个“如果”部分。...如果凭据正确,您可以发布,如果不正确,请再次输入输入框,然后说重试...<?phpdefine('rightpass', '8b1a9953c4611296a827abf8c47804d7');define('rightuser', '21232f297a57a5a743894a0e4a801fc3'); // md5('admin') ;-)&nbsp; &nbsp;&nbsp;$user = md5($_POST['user']);$pass = md5($_POST['pass']);if ($user == rightuser && $pass == rightpass) {&nbsp; &nbsp; echo "Login completed";} else {&nbsp; &nbsp; echo "Try Again Please";&nbsp; &nbsp; include "credencial_html.php";}?>

梵蒂冈之花

基本,我认为您的意思是不合逻辑且不安全。放松,我只是让你很难受。您应该加密您的密码(可能是 SHA2)并将它们存储在数据库中。我猜你想使用MySQL。步骤1创建两个数据库。一个用于您的加密密钥,一个用于您的用户名和密码。您应该可以通过某种控制面板(cPanel)来做到这一点。第2步创建一个安全restricted文件夹(权限 100)并将文件(权限 400)放入该文件夹中https.php。connect.phprestricted<?php /* restricted/https.php */if(!isset($_SERVER['HTTPS'])){&nbsp; header("LOCATION:https://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}"); die;}?>和<?php /* restricted/connect.php */$kb = new mysqli('keyHost', 'keyDatabaseUsername', 'keyDatabasePassword', 'keyDatabaseName');$db = new mysqli('userHost', 'userDatabaseUsername', 'userDatebasePassword', 'userDatabaseName');?>当然,您需要使用正确的'host', 'username', 'password','database'名称。步骤#3创建两个表。一个用于您的加密密钥,一个用于您的密码。此时我将使用 PHP 来创建 MySQL。我们称这个文件pass_create.php 为(权限 400)。也放到restricted文件夹里。<?php /* restricted/pass_create.php */require_once 'https.php'; require_once 'connect.php';if(!$kb || $!db)die('connection failure');$kb->query('CREATE TABLE passkeys(&nbsp; user TINYTEXT NOT NULL,&nbsp; pass TINYTEXT NOT NULL)ENGINE=InnoDB');$keyStatement = $kb->prepare('INSERT passkeys VALUES (?, ?)');&nbsp;$keyStatement->bind_param('ss', 'iYa9Ab%5@3m', 'w*Fu4m^Ga92'); $keyStamement->execute();$db->query('CREATE TABLE passes(&nbsp; id BIGINT UNSIGNED AUTO_INCREMENT, PRIMARY KEY(id),&nbsp; user TINYBLOB NOT NULL,&nbsp; pass TINYBLOB NOT NULL)ENGINE=InnoDB');// normally you would do the new password inserts dynamically with AJAX - just an example$keyResult = $kb->query('SELECT user, pass FROM passkeys');$keyObj = $keyResult->fetch_object(); $userKey = $keyObj->user; $passKey = $keyObj->pass;$keyResult->free();$createPassStatement = $db->prepare('INSERT passes (user, pass) VALUES(DES_ENCRYPT(?, ?), DES_ENCRYPT(SHA2(?), ?))');$createPassStatement->bind_param('ssss', 'usernameHere', $userKey, 'passwordHere', $passKey);$createPassStatement->execute(); $kb->close(); $db->close();?>在 中创建并执行一个temp.php页面。在浏览器中运行文件,然后将其删除。更改为。_ 在on之后直接输入并重新保存它,或者干脆完全删除该页面。<? require_once 'restricted/https.php'; require_once 'restricted/pass_create.php'; ?>htdocstemp.php$keyStatement->bind_param('ss', 'iYa9Ab%5@3m', 'w*Fu4m^Ga92')restricted/pass_create.php$keyStatement->bind_param('ss', '', '')die('hacker');<?phprestricted/pass_create.php第4步创建一个js文件夹(权限 100)来保存您的 JavaScript 文件和一个小型库,以便将数据发送到服务器(见下文)。我们将调用该文件external.js (Permission 444)。放入external.js你的js文件夹。//<![CDATA[/* js/external.js */var get, post, doc, html, bod, nav, mobile, M, I, S, Q, aC, rC, special, unspecial; // for use on other loadsaddEventListener('load', function(){get = function(url, success, context){&nbsp; var x = new XMLHttpRequest;&nbsp; var c = context || this;&nbsp; x.open('GET', url);&nbsp; x.onload = function(){&nbsp; &nbsp; if(success)success.call(c, JSON.parse(x.responseText));&nbsp; }&nbsp; x.send();}post = function(url, send, success, context){&nbsp; var x = new XMLHttpRequest;&nbsp; var c = context || this;&nbsp; x.open('POST', url);&nbsp; x.onload = function(){&nbsp; &nbsp; if(success)success.call(c, JSON.parse(x.responseText));&nbsp; }&nbsp; if(typeof send === 'object' && send && !(send instanceof Array)){&nbsp; &nbsp; if(typeof FormData !== 'undefined' && send instanceof FormData){&nbsp; &nbsp; &nbsp; x.send(send);&nbsp; &nbsp; }&nbsp; &nbsp; else{&nbsp; &nbsp; &nbsp; var s, r = [];&nbsp; &nbsp; &nbsp; for(var p in send){&nbsp; &nbsp; &nbsp; &nbsp; s = send[p];&nbsp; &nbsp; &nbsp; &nbsp; if(typeof s === 'object')s = JSON.stringify(s);&nbsp; &nbsp; &nbsp; &nbsp; r.push(encodeURIComponent(p)+'='+encodeURIComponent(s));&nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; x.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); x.send(r.join('&'));&nbsp; &nbsp; }&nbsp; }&nbsp; else{&nbsp; &nbsp; throw new Error('send argument must be an Object');&nbsp; }&nbsp; return x;}doc = document; html = doc.documentElement; bod = doc.body; nav = navigator;mobile = nav.userAgent.match(/Mobi/i) ? true : false;M = function(tag){&nbsp; return doc.createElement(tag);}I = function(id){&nbsp; return doc.getElementById(id);}S = function(selector, within){&nbsp; var w = within || doc;&nbsp; return w.querySelector(selector);}Q = function(selector, within){&nbsp; var w = within || doc;&nbsp; return w.querySelectorAll(selector);}aC = function(element, className, yFunc){&nbsp; var s = element.className.split(/\s+/), n = s.indexOf(className);&nbsp; if(n === -1){&nbsp; &nbsp; s.push(className); element.className = s.join(' ').trim();&nbsp; &nbsp; if(yFunc)yFunc(element);&nbsp; }&nbsp; return function(className, yFunc){&nbsp; &nbsp; return aC(element, className, yFunc);&nbsp; }}rC = function(element, className, yFunc){&nbsp; var s = element.className.split(/\s+/), n = s.indexOf(className);&nbsp; if(n !== -1){&nbsp; &nbsp; s.splice(n, 1); element.className = s.join(' ').trim();&nbsp; &nbsp; if(yFunc)yFunc(element);&nbsp; }&nbsp; return function(className, yFunc){&nbsp; &nbsp; return rC(element, className, yFunc);&nbsp; }}special = function(str){&nbsp; return str.replace(/&/g, '&amp;').replace(/'/g, '&apos;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');}unspecial = function(str){&nbsp; return str.replace(/&amp;/g, '&').replace(/&apos;/g, "'").replace(/&quot;/g, '"').replace(/&lt;/g, '<').replace(/&gt;/g, '>');}}); // end load//]]>步骤#5创建一个css和login文件夹(权限均为 100)。在您的文件夹中放置一个名为external.css (Permission 444)的css文件。在您的文件夹中放置一个名为index.php (Permission 444)login的 html 页面。请看下面的代码:/* css/external.css */*{&nbsp; box-sizing:border-box;}html,body{&nbsp; padding:0; margin:0; width:100%; height:100%;}#logon{&nbsp; background:#ccc; padding:5px 7px;}label{&nbsp; display:inline-block; font-size:24px; width:100%;}input{&nbsp; width:100%; font-size:24px; padding:3px 5px; margin-bottom:7px; border:1px solid #d00;}.yes{&nbsp; border-color:#0a0;}#login{&nbsp; background:linear-gradient(#0a0, #070); color:#fff; border-radius:5px; margin-top:7px;&nbsp;&nbsp; padding:5px 0;}.error{&nbsp; color:#a00; text-align:center; padding-bottom:5px;}.hide{&nbsp; display:none;}<?php /* login/index.php */ require_once '../restricted/https.php'; ?><!DOCTYPE html><html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en'>&nbsp; <head>&nbsp; &nbsp; <meta charset='UTF-8' /><meta name='viewport' content='width=device-width, height=device-height, initial-scale:1, user-scalable=no' />&nbsp; &nbsp; <title>Title Here</title>&nbsp; &nbsp; <link type='text/css' rel='stylesheet' href='css/external.css' />&nbsp; &nbsp; <script src='../js/external.js'></script>&nbsp; &nbsp; <script src='../js/login.js'></script>&nbsp; </head><body>&nbsp; <div class='main'>&nbsp; &nbsp; <div id='logon'>&nbsp; &nbsp; &nbsp; <label for='user'>Username</label>&nbsp; &nbsp; &nbsp; <input id='user' type='text' maxlength='64' />&nbsp; &nbsp; &nbsp; <label for='pass'>Password</label>&nbsp; &nbsp; &nbsp; <input id='pass' type='password' maxlength='64' />&nbsp; &nbsp; &nbsp; <input id='login' type='button' value='LOGIN' />&nbsp; &nbsp; &nbsp; <div id='login_error' class='error'>Username and Password Required</div>&nbsp; &nbsp; </div>&nbsp; </div></body></html>步骤#6在您已创建的同一文件夹中创建一个名为login.js (Permission 444)的文件。js//<![CDATA[/* ..js/login.js - up a level because we're in the login folder - requires ..js/external.js */addEventListener('load', function(){var user = I('user'), pass = I('pass'), login = I('login'), error = I('login_error');function emptyTests(){&nbsp; var uv = user.value, pv = pass.value;&nbsp; if(uv.value === ''){&nbsp; &nbsp; if(pv.value === ''){&nbsp; &nbsp; &nbsp; rC(pv, 'yes'); error.innerHTML = 'Username &amp; Password Required';&nbsp; &nbsp; }&nbsp; &nbsp; else{&nbsp; &nbsp; &nbsp; aC(pv, 'yes'); error.innerHTML = 'Username Required';&nbsp; &nbsp; }&nbsp; &nbsp; rC(uv, 'yes'); rC(login, 'yes'); rC(error, 'hide'); // remove error and hide classes&nbsp; }&nbsp; else if(pv.value === ''){&nbsp; &nbsp; aC(uv, 'yes'); rC(pv, 'yes'); rC(login, 'yes'); error.innerHTML = 'Password Required';&nbsp;&nbsp; &nbsp; rC(error, 'hide');&nbsp; }&nbsp; else{&nbsp; &nbsp; aC(uv, 'yes'); aC(pv, 'yes'); aC(login, 'yes'); aC(error, 'hide'); // no require error - hide error class&nbsp; &nbsp; return true;&nbsp; }&nbsp; return false;}function logTest(){&nbsp; if(emptyTests()){&nbsp; &nbsp; var fd = new FormData;&nbsp; &nbsp; fd.append('pepper', 'lim7it8!#WTF'); fd.append(user, user.value);&nbsp;&nbsp; &nbsp; fd.append(pass, pass.value);&nbsp; &nbsp; post('login.php', fd, function(r){&nbsp; &nbsp; &nbsp; var o = JSON.parse(r);&nbsp; &nbsp; &nbsp; if(o && o.good){&nbsp; &nbsp; &nbsp; &nbsp; location = 'login_success.php';&nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; else{&nbsp; &nbsp; &nbsp; &nbsp; // don't give username password details&nbsp; &nbsp; &nbsp; &nbsp; error.innerHTML = 'Login Error'; rC(user, 'yes'); rC(pass, 'yes');&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; rC(login, 'yes'); rC(error, 'hide');&nbsp; &nbsp; });&nbsp; }}&nbsp;&nbsp;user.onkeyup = pass.onkeyup = function(e){&nbsp; if(e.key === 'Enter'){&nbsp; &nbsp; logTest();&nbsp; }&nbsp; else{&nbsp; &nbsp; emptyTests();&nbsp; }}login.onclick = logTest;}); // end load//]]>步骤 #7创建一个index.php文件(权限 444)并将其放入login您已经创建的文件夹中:<?phpsession_start(); // send before headersrequire_once '../restricted/https.php'; $o = new StdClass; $o->good = false;if(isset($_POST['pepper'], $_POST['user'], $_POST['pass']) && $_POST['pepper'] === 'lim7it8!#WTF' && strlen($_POST['user']) < 65 && strlen($_POST['pass']) < 65){ // limit and test for submission&nbsp; require_once '../restricted/connect.php';&nbsp; $user = $_POST['user']; $pass = $_POST['user']; $o = new StdClass;&nbsp; $keyRes = $kb->query('SELECT user, pass FROM passkeys'); $keyObj = $keyRes->fetch_object();&nbsp; $userKey = $keyObj->user; $passKey = $keyObj->pass; $keyRes->free(); $kb->close();&nbsp; $logStmt = $db->prepare("SELECT 'good' FROM passes WHERE user=DES_ENCRYPT(?, ?) && pass=DES_ENCRYPT(SHA2(?), ?)");&nbsp; $logStmt->bind_param('ssss', $user, $userKey, $pass, $passKey); $logStmt->execute();&nbsp; $logStmt->bind_result($yes);&nbsp; if($logStmt->fetch() && $yes === 'good'){&nbsp; &nbsp; $o->good = true; $_SESSION['login'] = 'can!B4Hard2?';&nbsp; }&nbsp; $logStmt->free(); $db->close();&nbsp; echo json_encode($o);}else{&nbsp; echo json_encode($o);&nbsp; die('hacker');}步骤 #8在您的文件夹中创建您的login_success.php (许可 444)htdocs:<?php /* login_success.php - you should really call this what you want&nbsp; &nbsp;- just make sure the location in the JavaScript AJAX is the same */session_start(); // before headersrequire_once 'restricted/https.php';if(!isset($_SESSION['login']) || $_SESSION['login'] !== 'can!B4Hard2?')die('hacker');?><!-- now create your other html page -->现在您可以告诉您的用户登录yourdomain/login!!! 确保你服务结束https。而且...是的,我知道其中一些步骤实际上是多个步骤。它们实际上只是供您提问的参考。
随时随地看视频慕课网APP
我要回答