1. 首页
  2. 问答
  3. 尝试(3倍),在用户登录的PHP

尝试(3倍),在用户登录的PHP

2016-04-17 28 views
0

你能帮助我..尝试(3倍),在用户登录的PHP

<?php 
    session_start(); // Starting Session 
$error=''; // Variable To Store Error Message 
if (isset($_POST['submit'])) { 
    if (empty($_POST['ID']) || empty($_POST['password'])) { 
     $error = "You must enter a username and password"; 
    } 
    else 
    { 
     // Define $username and $password 
     $date = date('m/d/y - h:i A'); 
     $ID=$_POST['ID']; 
     $password=$_POST['password']; 
     // To protect MySQL injection for Security purpose 
     $ID = stripslashes($ID); 
     $password = stripslashes($password); 
     $ID = mysql_real_escape_string($ID); 
     $password = mysql_real_escape_string($password); 
     // Selecting Database 
     $db = mysql_select_db($database, $connection); 

     // SQL query to fetch information of registerd users and finds user match. 
     $query = mysql_query("SELECT ID, password, pin, time FROM facultymember ". 
          "WHERE password='$password' AND ID='$ID'", $connection); 



     $query2 = mysql_query("SELECT time FROM facultymember ". 
          "WHERE password='$password' AND ID='$ID'", $connection); 
     $row = mysql_fetch_assoc($query); 

     list($lastlogin) = mysql_fetch_row($query2); 

     $update = mysql_query("UPDATE facultymember SET time=NOW() WHERE ID='$ID'",$connection); 
     $_SESSION['lastlogin'] = $lastlogin; 


     if (($_POST['ID']) != ($row['ID']) ||($_POST['password']) != ($row['password'])) { 
     $error = "You entered an invalid username or password, your attempt has been stored."; 

     } else { 

     if(false != $row){ // user info exists/correct 
      $_SESSION['login_user'] = $row['ID']; 

      if('1' == $row['pin']) { //not admin 
       header("location: homeFM.php"); // Redirecting To Other Page 
       die; 
      } else { 
       //admin 
       header("location: homeA.php"); // Redirecting To Other Page 
       die; 
      } 
     } else { //login doesn't exist 
      $error = "Username or Password is invalid"; 
     } 
     $_SESSION['login_user'] = 1; 
     mysql_close($connection); // Closing Connection 
    } 
} 

} 
?>

上面的代码登录代码PHP

我如何可以尝试针对特定用户ID登录?

我尝试了一些方法可以做到这一点,但没有成功

需要注意的是:该代码有连接到数据库,但我不写在这里。

来源

2016-04-17 m.m.aljazaeri

回答

0

所以才来纠正你,你已经粘贴以前的代码使用数据库:

// Selecting Database 
    $db = mysql_select_db($database, $connection); 

    // SQL query to fetch information of registerd users and finds user match. 
    $query = mysql_query("SELECT ID, password, pin, time FROM facultymember ". 
         "WHERE password='$password' AND ID='$ID'", $connection); 



    $query2 = mysql_query("SELECT time FROM facultymember ". 
         "WHERE password='$password' AND ID='$ID'", $connection); 
    $row = mysql_fetch_assoc($query); 

    list($lastlogin) = mysql_fetch_row($query2); 

    $update = mysql_query("UPDATE facultymember SET time=NOW() WHERE ID='$ID'",$connection); 
    $_SESSION['lastlogin'] = $lastlogin;

您的代码首先检查是否有人试图登录到您的网站的用户名和密码:

if (empty($_POST['ID']) || empty($_POST['password'])) { 
    $error = "You must enter a username and password"; 
} 
else 
{ .... }

然后你的代码保存的用户名和密码,用户写进两个变量,做了一点“清洁”的:

$date = date('m/d/y - h:i A'); 
    $ID=$_POST['ID']; 
    $password=$_POST['password']; 
    // To protect MySQL injection for Security purpose 
    $ID = stripslashes($ID); 
    $password = stripslashes($password);

现在回答您的问题:要登录用户,您必须将用户密码和用户名与其他地方存储的密码和用户名进行比较。我强烈建议使用数据库来保存这些存储的信息,因为它往往非常敏感,并且将用户名和密码存储在文本文件中的风险更高,并且在您需要时提取信息方面会更慢。现在,一旦比较了用户名和密码,如果它们匹配,则可以使用以下代码执行您的网站所需的任何操作,如果它们不匹配,则显示错误消息,说明它们不匹配:)。

来源

2016-04-17 19:28:50 Webeng

0

您将需要使用数据库。

如果您没有登录尝试存储在数据库中,您将如何防止用户再次尝试从不同的会话或不同的浏览器?

非常重要:

如果您存储在数据库中的密码,那么请不要将它们存储为纯文本。您应该散列密码并存储结果值,然后当用户尝试登录时,散列它们输入的密码并比较值以检查匹配。

作为首发,请参阅Secure hash and salt for PHP passwords

来源

2016-04-17 20:10:38

相关问题

 相关问题