当前位置: 文江博客话题详情

密码保护拒绝对某些文件的访问

发布于 2024-11-04 23:24:16 字数 3242 浏览 0 评论 0原文

我正在尝试设置密码保护以用于某些文件。我遵循了在线教程,并取得了一些成功,但在其他情况下,尽管执行的操作似乎完全相同,但仍不断收到拒绝访问页面的调用。

从我的登录页面,登录脚本调用 php 登录页面,该页面应存储会话 ID。然后,我有一个单独的页面来检查会话 ID 是否已存储,并且该页面(称为 auth.php)包含在我试图保护的页面中。我将 php 代码放在文件的最开头,正如我所说,对于某些测试页面它可以工作,但对于我需要它的页面,它会恢复到拒绝访问页面,这对我来说意味着它没有识别出会话 ID 已被存储。我没有收到任何与连接问题相关的错误消息,因此我的重点是会话 ID 问题。任何想法将不胜感激。

包含代码:

<?php
require_once('auth.php');
?>

auth.php 代码:

<?php
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
    header("location: access-denied.php");
    exit();
}
  ?>

登录脚本代码的相关部分:

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) == 1) {
        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
        $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
        session_write_close();
        header("location: member-index.php");
        exit();
    }else {
        //Login failed
        header("location: login-failed.php");
        exit();
    }
}else {
    die("Query failed");
}

完整登录代码:

<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;


//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
    $errmsg_arr[] = 'Login ID missing';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: login-form.php");
    exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) == 1) {
        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
        $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
        session_write_close();
        header("location: member-index.php");
        exit();
    }else {
        //Login failed
        header("location: login-failed.php");
        exit();
    }
}else {
    die("Query failed");
}

?>

原文

I am trying to setup password protection to use with certain files. I have followed an online tutorial, and get some success but in other instances keep getting a call to a page denying access despite what appears to be the exact same operations being performed.

From my login page, the login script calls a php login page, which should store session ID. I then have a separate page that checks if the session ID has been stored, and that page (called auth.php) is included in the pages I am trying to protect. I put the php code at the very beginning of the file, and as I said for some test pages it works but for the pages I need it for it reverts to the access-denied page, which to me means it is not recognizing that the session ID has been stored. I'm not getting any error messages relating to connection issues, so my focus is on the session ID issue. Any thoughts would be appreciated.

Include code:

<?php
require_once('auth.php');
?>

auth.php code:

<?php
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
    header("location: access-denied.php");
    exit();
}
  ?>

Pertinent portion of login script code:

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) == 1) {
        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
        $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
        session_write_close();
        header("location: member-index.php");
        exit();
    }else {
        //Login failed
        header("location: login-failed.php");
        exit();
    }
}else {
    die("Query failed");
}

Full login code:

<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;


//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
    $errmsg_arr[] = 'Login ID missing';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: login-form.php");
    exit();
}

//Create query
$qry="SELECT * FROM members WHERE login='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) == 1) {
        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
        $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
        session_write_close();
        header("location: member-index.php");
        exit();
    }else {
        //Login failed
        header("location: login-failed.php");
        exit();
    }
}else {
    die("Query failed");
}

?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

妞丶爷亲个 2024-11-11 23:24:16

我没有看到任何 session_start() 您需要它(请参阅 手册)在任何使用会话的 php 文件的开头...

I'm not seeing any session_start() You need it (see the manual ) in the beginning of any php file that uses sessions...

回复 原文
~没有更多了~

关于作者

冷弦

暂无简介

0 文章
0 评论
786 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

苦中寻乐

文章 0 评论 0

lueluelue

文章 0 评论 0

嗼ふ静

文章 0 评论 0

王权女流氓

文章 0 评论 0

与花如笺

文章 0 评论 0

残酷

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文