密码保护页面？（具有数据库访问权限）

发布于 2024-12-02 00:07:24 字数 1768 浏览 1 评论 0原文

这里有几个问题：我的最终目标是用密码保护文件logged_in.php。

注意：我只是一个初学者/中级程序员，所以我想要清晰的解释。

首先，我在数据库表中设置了用户名和密码。

我有两个页面：login.php和logged_in.php（名称仅用于示例目的）。我如何“要求”用户首先通过login.php（登录过程）才能访问logged_in.php（如果输入的用户名/密码正确）？
这是用密码保护页面的最佳方式吗？

我尝试过的：

<?php
            $db_host="host";
            $db_user="user";
            $db_pass="pass";
            $db_name="name";
            $db_table="table";
            $user = mysql_real_escape_string(strip_tags($_POST['user']));
            $pass = mysql_real_escape_string(strip_tags($_POST['pass']));

            mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
            mysql_select_db($db_name) or die(mysql_error());

            if(isset($user) && isset($pass))
            {
                $sql = "SELECT * FROM $db_table WHERE username='$user' AND password='$pass'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if($count == 1)
                {
                    header("location:logged_in.php");
                }
                else
                    header("location:bad_login.html");
            }
        ?>

目前我的代码的问题是，有人可以直接输入logged_in.php的URL并访问该页面，而无需“要求”通过login.php首先（我相信这对每个人来说都是显而易见的..）。
我把require(login.php);放在logged_in.php的顶部；然而，这并没有成功。
我在谷歌上查了一些关于这个主题的好教程，不幸的是我找不到任何有明确解释的教程。
我还在 stackoverflow 上看到了有关此主题的一些其他问题，但它们并没有真正帮助我。

我还对能够使用 phpMyAdmin 使用的方法来传递保护我的页面感兴趣（当您输入 URL 并按 Enter 键时，它会从浏览器顶部下拉菜单，要求输入用户名/密码）。我不知道这是如何运作的。如果有人可以告诉我这是如何工作的，我愿意完全忽略我目前尝试使用的方法（如果 phpMyAdmin 方法足够安全并且相当容易实现）。

提前致谢！

原文

Couple questions here: My end goal is to password protect the file logged_in.php.

Note: I'm only a beginner/intermediate programmer so i would like clear explanations, please.

First off, i have set a username and password within a database table.

I have two pages: login.php and logged_in.php(names are just for example purposes). How do i "require" a user to first go through login.php(the log in process) in order to gain access to logged_in.php(if the entered username/password are correct)?
Is this the best way to password protect a page?

What i've tried:

<?php
            $db_host="host";
            $db_user="user";
            $db_pass="pass";
            $db_name="name";
            $db_table="table";
            $user = mysql_real_escape_string(strip_tags($_POST['user']));
            $pass = mysql_real_escape_string(strip_tags($_POST['pass']));

            mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
            mysql_select_db($db_name) or die(mysql_error());

            if(isset($user) && isset($pass))
            {
                $sql = "SELECT * FROM $db_table WHERE username='$user' AND password='$pass'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if($count == 1)
                {
                    header("location:logged_in.php");
                }
                else
                    header("location:bad_login.html");
            }
        ?>

The problem with my code at the moment is that, someone can directly type in the URL of logged_in.php and access the page without being "required" to go through login.php first(i'm sure this is obvious to everyone..).
I put require(login.php); at the top of logged_in.php; however, that didn't work out.
I've checked google for some good tutorials on this topic, unfortunately i couldn't find any that had clear explanations.
I also saw a few other questions regarding this topic on stackoverflow, but they didn't really help me out.

I'm also interested in being able to pass-protect my page using the method phpMyAdmin uses(when you type in the URL and press enter it drops down a menu from the top of the browser asking for a username/password). I don't know how that works. If someone can tell me how that works i'm willing to completely disregard the method i'm attempting to use at the moment(if the phpMyAdmin method is secure enough and is fairly easy to implement).

Thanks in advance!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

快乐很简单 2024-12-09 00:07:24

使用$_SESSION变量：

<?php

            session_start();

            $db_host="host";
            $db_user="user";
            $db_pass="pass";
            $db_name="name";
            $db_table="table";

            mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
            mysql_select_db($db_name) or die(mysql_error());

            $user = mysql_real_escape_string(strip_tags($_POST['user']));
            $pass = mysql_real_escape_string(strip_tags($_POST['pass']));

            if(isset($user) && isset($pass))
            {
                $sql = "SELECT * FROM $db_table WHERE username='$user' AND password='$pass'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if($count == 1)
                {
                    $_SESSION['username'] = $user;
                    header("location:logged_in.php");
                    exit();
                }
                else
                    header("location:bad_login.html");
                    exit();
            }
        ?>

logged_in.php：

<?php

session_start();

// check if $_SESSION was setting before
if (!isset($_SESSION['username']))
{
    header("Location: login.php?e=access_denied");
    exit();
}
?>

phpMyAdmin登录不同，因为使用MySQL用户名和密码登录，所以phpMyAdmin不需要像您的代码一样创建数据库和表来登录

还需要注销：

logout.php

<?php

session_start(); // <-- Oops!!

// unset all $_SESSION variables
session_unset();
session_destroy();
header("Location: logged_in.php?m=logout_success");
exit;

?>

Use $_SESSION variable:

<?php

            session_start();

            $db_host="host";
            $db_user="user";
            $db_pass="pass";
            $db_name="name";
            $db_table="table";

            mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
            mysql_select_db($db_name) or die(mysql_error());

            $user = mysql_real_escape_string(strip_tags($_POST['user']));
            $pass = mysql_real_escape_string(strip_tags($_POST['pass']));

            if(isset($user) && isset($pass))
            {
                $sql = "SELECT * FROM $db_table WHERE username='$user' AND password='$pass'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if($count == 1)
                {
                    $_SESSION['username'] = $user;
                    header("location:logged_in.php");
                    exit();
                }
                else
                    header("location:bad_login.html");
                    exit();
            }
        ?>

logged_in.php:

<?php

session_start();

// check if $_SESSION was setting before
if (!isset($_SESSION['username']))
{
    header("Location: login.php?e=access_denied");
    exit();
}
?>

The phpMyAdmin login is different because use the MySQL username and password to login, so phpMyAdmin does not need to create a database and table to login like your code

Also you need the logout:

logout.php

<?php

session_start(); // <-- Oops!!

// unset all $_SESSION variables
session_unset();
session_destroy();
header("Location: logged_in.php?m=logout_success");
exit;

?>

回复收藏 0 原文

~没有更多了~