尝试创建一个基本的php登录系统
这里是初学者编码器。我正在尝试使用 html 和 php 构建一个非常基本的 php 登录系统。但我需要一些帮助:
<html>
<head></head>
<body>
<form method="POST">
User <input type="text" name="user"></input><br/>
Pass <input type="password" name="pass"></input><br/>
<input type="submit" name="submit" value="Go"></input>
</form>
和:
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
$passw= md5($pass);
if ($user == "admin" && $passw == "8b1a9953c4611296a827abf8c47804d7") {
echo "Login completed";
} else {
echo "Try Again Please";
}
?>
</body>
</html>
但是这里有些东西不太正常,当我输入用户名和密码,然后单击按钮时,屏幕就像什么都没发生一样刷新。
我错过了什么?!
噜噜哒浏览 105回答 2
2回答
-
慕桂英3389331
通常在登录页面上有一个输入页面,您可以在其中输入您的凭据,即将变量提交到另一个站点。那么你必须有这样的东西,在巫婆中你包括凭证形式。<form method="post" action="https://example.com/landing_site.php"><?php include "credencial_html.php";?></form>credencial_html.php 看起来像这样(简单的 html 代码): User <input type="text" name="user"><br/> Pass <input type="password" name="pass"><br/> <input type="submit" name="submit" value="Go">现在你做了那个“如果”部分。...如果凭据正确,您可以发布,如果不正确,请再次输入输入框,然后说重试...<?phpdefine('rightpass', '8b1a9953c4611296a827abf8c47804d7');define('rightuser', '21232f297a57a5a743894a0e4a801fc3'); // md5('admin') ;-) $user = md5($_POST['user']);$pass = md5($_POST['pass']);if ($user == rightuser && $pass == rightpass) { echo "Login completed";} else { echo "Try Again Please"; include "credencial_html.php";}?> -
梵蒂冈之花
基本,我认为您的意思是不合逻辑且不安全。放松,我只是让你很难受。您应该加密您的密码(可能是 SHA2)并将它们存储在数据库中。我猜你想使用MySQL。步骤1创建两个数据库。一个用于您的加密密钥,一个用于您的用户名和密码。您应该可以通过某种控制面板(cPanel)来做到这一点。第2步创建一个安全restricted文件夹(权限 100)并将文件(权限 400)放入该文件夹中https.php。connect.phprestricted<?php /* restricted/https.php */if(!isset($_SERVER['HTTPS'])){ header("LOCATION:https://{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}"); die;}?>和<?php /* restricted/connect.php */$kb = new mysqli('keyHost', 'keyDatabaseUsername', 'keyDatabasePassword', 'keyDatabaseName');$db = new mysqli('userHost', 'userDatabaseUsername', 'userDatebasePassword', 'userDatabaseName');?>当然,您需要使用正确的'host', 'username', 'password','database'名称。步骤#3创建两个表。一个用于您的加密密钥,一个用于您的密码。此时我将使用 PHP 来创建 MySQL。我们称这个文件pass_create.php 为(权限 400)。也放到restricted文件夹里。<?php /* restricted/pass_create.php */require_once 'https.php'; require_once 'connect.php';if(!$kb || $!db)die('connection failure');$kb->query('CREATE TABLE passkeys( user TINYTEXT NOT NULL, pass TINYTEXT NOT NULL)ENGINE=InnoDB');$keyStatement = $kb->prepare('INSERT passkeys VALUES (?, ?)'); $keyStatement->bind_param('ss', 'iYa9Ab%5@3m', 'w*Fu4m^Ga92'); $keyStamement->execute();$db->query('CREATE TABLE passes( id BIGINT UNSIGNED AUTO_INCREMENT, PRIMARY KEY(id), user TINYBLOB NOT NULL, pass TINYBLOB NOT NULL)ENGINE=InnoDB');// normally you would do the new password inserts dynamically with AJAX - just an example$keyResult = $kb->query('SELECT user, pass FROM passkeys');$keyObj = $keyResult->fetch_object(); $userKey = $keyObj->user; $passKey = $keyObj->pass;$keyResult->free();$createPassStatement = $db->prepare('INSERT passes (user, pass) VALUES(DES_ENCRYPT(?, ?), DES_ENCRYPT(SHA2(?), ?))');$createPassStatement->bind_param('ssss', 'usernameHere', $userKey, 'passwordHere', $passKey);$createPassStatement->execute(); $kb->close(); $db->close();?>在 中创建并执行一个temp.php页面。在浏览器中运行文件,然后将其删除。更改为。_ 在on之后直接输入并重新保存它,或者干脆完全删除该页面。<? require_once 'restricted/https.php'; require_once 'restricted/pass_create.php'; ?>htdocstemp.php$keyStatement->bind_param('ss', 'iYa9Ab%5@3m', 'w*Fu4m^Ga92')restricted/pass_create.php$keyStatement->bind_param('ss', '', '')die('hacker');<?phprestricted/pass_create.php第4步创建一个js文件夹(权限 100)来保存您的 JavaScript 文件和一个小型库,以便将数据发送到服务器(见下文)。我们将调用该文件external.js (Permission 444)。放入external.js你的js文件夹。//<![CDATA[/* js/external.js */var get, post, doc, html, bod, nav, mobile, M, I, S, Q, aC, rC, special, unspecial; // for use on other loadsaddEventListener('load', function(){get = function(url, success, context){ var x = new XMLHttpRequest; var c = context || this; x.open('GET', url); x.onload = function(){ if(success)success.call(c, JSON.parse(x.responseText)); } x.send();}post = function(url, send, success, context){ var x = new XMLHttpRequest; var c = context || this; x.open('POST', url); x.onload = function(){ if(success)success.call(c, JSON.parse(x.responseText)); } if(typeof send === 'object' && send && !(send instanceof Array)){ if(typeof FormData !== 'undefined' && send instanceof FormData){ x.send(send); } else{ var s, r = []; for(var p in send){ s = send[p]; if(typeof s === 'object')s = JSON.stringify(s); r.push(encodeURIComponent(p)+'='+encodeURIComponent(s)); } x.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); x.send(r.join('&')); } } else{ throw new Error('send argument must be an Object'); } return x;}doc = document; html = doc.documentElement; bod = doc.body; nav = navigator;mobile = nav.userAgent.match(/Mobi/i) ? true : false;M = function(tag){ return doc.createElement(tag);}I = function(id){ return doc.getElementById(id);}S = function(selector, within){ var w = within || doc; return w.querySelector(selector);}Q = function(selector, within){ var w = within || doc; return w.querySelectorAll(selector);}aC = function(element, className, yFunc){ var s = element.className.split(/\s+/), n = s.indexOf(className); if(n === -1){ s.push(className); element.className = s.join(' ').trim(); if(yFunc)yFunc(element); } return function(className, yFunc){ return aC(element, className, yFunc); }}rC = function(element, className, yFunc){ var s = element.className.split(/\s+/), n = s.indexOf(className); if(n !== -1){ s.splice(n, 1); element.className = s.join(' ').trim(); if(yFunc)yFunc(element); } return function(className, yFunc){ return rC(element, className, yFunc); }}special = function(str){ return str.replace(/&/g, '&').replace(/'/g, ''').replace(/"/g, '"').replace(/</g, '<').replace(/>/g, '>');}unspecial = function(str){ return str.replace(/&/g, '&').replace(/'/g, "'").replace(/"/g, '"').replace(/</g, '<').replace(/>/g, '>');}}); // end load//]]>步骤#5创建一个css和login文件夹(权限均为 100)。在您的文件夹中放置一个名为external.css (Permission 444)的css文件。在您的文件夹中放置一个名为index.php (Permission 444)login的 html 页面。请看下面的代码:/* css/external.css */*{ box-sizing:border-box;}html,body{ padding:0; margin:0; width:100%; height:100%;}#logon{ background:#ccc; padding:5px 7px;}label{ display:inline-block; font-size:24px; width:100%;}input{ width:100%; font-size:24px; padding:3px 5px; margin-bottom:7px; border:1px solid #d00;}.yes{ border-color:#0a0;}#login{ background:linear-gradient(#0a0, #070); color:#fff; border-radius:5px; margin-top:7px; padding:5px 0;}.error{ color:#a00; text-align:center; padding-bottom:5px;}.hide{ display:none;}<?php /* login/index.php */ require_once '../restricted/https.php'; ?><!DOCTYPE html><html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en'> <head> <meta charset='UTF-8' /><meta name='viewport' content='width=device-width, height=device-height, initial-scale:1, user-scalable=no' /> <title>Title Here</title> <link type='text/css' rel='stylesheet' href='css/external.css' /> <script src='../js/external.js'></script> <script src='../js/login.js'></script> </head><body> <div class='main'> <div id='logon'> <label for='user'>Username</label> <input id='user' type='text' maxlength='64' /> <label for='pass'>Password</label> <input id='pass' type='password' maxlength='64' /> <input id='login' type='button' value='LOGIN' /> <div id='login_error' class='error'>Username and Password Required</div> </div> </div></body></html>步骤#6在您已创建的同一文件夹中创建一个名为login.js (Permission 444)的文件。js//<![CDATA[/* ..js/login.js - up a level because we're in the login folder - requires ..js/external.js */addEventListener('load', function(){var user = I('user'), pass = I('pass'), login = I('login'), error = I('login_error');function emptyTests(){ var uv = user.value, pv = pass.value; if(uv.value === ''){ if(pv.value === ''){ rC(pv, 'yes'); error.innerHTML = 'Username & Password Required'; } else{ aC(pv, 'yes'); error.innerHTML = 'Username Required'; } rC(uv, 'yes'); rC(login, 'yes'); rC(error, 'hide'); // remove error and hide classes } else if(pv.value === ''){ aC(uv, 'yes'); rC(pv, 'yes'); rC(login, 'yes'); error.innerHTML = 'Password Required'; rC(error, 'hide'); } else{ aC(uv, 'yes'); aC(pv, 'yes'); aC(login, 'yes'); aC(error, 'hide'); // no require error - hide error class return true; } return false;}function logTest(){ if(emptyTests()){ var fd = new FormData; fd.append('pepper', 'lim7it8!#WTF'); fd.append(user, user.value); fd.append(pass, pass.value); post('login.php', fd, function(r){ var o = JSON.parse(r); if(o && o.good){ location = 'login_success.php'; } else{ // don't give username password details error.innerHTML = 'Login Error'; rC(user, 'yes'); rC(pass, 'yes'); rC(login, 'yes'); rC(error, 'hide'); }); }} user.onkeyup = pass.onkeyup = function(e){ if(e.key === 'Enter'){ logTest(); } else{ emptyTests(); }}login.onclick = logTest;}); // end load//]]>步骤 #7创建一个index.php文件(权限 444)并将其放入login您已经创建的文件夹中:<?phpsession_start(); // send before headersrequire_once '../restricted/https.php'; $o = new StdClass; $o->good = false;if(isset($_POST['pepper'], $_POST['user'], $_POST['pass']) && $_POST['pepper'] === 'lim7it8!#WTF' && strlen($_POST['user']) < 65 && strlen($_POST['pass']) < 65){ // limit and test for submission require_once '../restricted/connect.php'; $user = $_POST['user']; $pass = $_POST['user']; $o = new StdClass; $keyRes = $kb->query('SELECT user, pass FROM passkeys'); $keyObj = $keyRes->fetch_object(); $userKey = $keyObj->user; $passKey = $keyObj->pass; $keyRes->free(); $kb->close(); $logStmt = $db->prepare("SELECT 'good' FROM passes WHERE user=DES_ENCRYPT(?, ?) && pass=DES_ENCRYPT(SHA2(?), ?)"); $logStmt->bind_param('ssss', $user, $userKey, $pass, $passKey); $logStmt->execute(); $logStmt->bind_result($yes); if($logStmt->fetch() && $yes === 'good'){ $o->good = true; $_SESSION['login'] = 'can!B4Hard2?'; } $logStmt->free(); $db->close(); echo json_encode($o);}else{ echo json_encode($o); die('hacker');}步骤 #8在您的文件夹中创建您的login_success.php (许可 444)htdocs:<?php /* login_success.php - you should really call this what you want - just make sure the location in the JavaScript AJAX is the same */session_start(); // before headersrequire_once 'restricted/https.php';if(!isset($_SESSION['login']) || $_SESSION['login'] !== 'can!B4Hard2?')die('hacker');?><!-- now create your other html page -->现在您可以告诉您的用户登录yourdomain/login!!! 确保你服务结束https。而且...是的,我知道其中一些步骤实际上是多个步骤。它们实际上只是供您提问的参考。
随时随地看视频慕课网APP
PHP