在 PHP 中创建登录系统

2022-01-22 00:00:00 passwords php login

有人可以帮帮我吗?我的用户名是 Blimeo,密码是密码",但是当我输入凭据时,它显示拒绝访问",就像我告诉它的那样.我 100% 确定我的 mySQL 数据库配置正确.

Can someone please help me? My username is Blimeo and my password is "password" but when I put my credentials in, it says "Access denied" like I told it to. I am 100% sure that I configured my mySQL database correctly.

<html>
<body>
<?php
echo sha1('Blimeo');
if (isset($_REQUEST['attempt'])) {

    $link = mysql_connect('localhost', 'root', 'password') or die('Could not connect to database');
    $user = mysql_real_escape_string($_POST['user']);
    $password = sha1(mysql_real_escape_string($_POST['password']));
    mysql_select_db('test_users');
    $query = mysql_query(
        "SELECT user 
        FROM users 
        WHERE user = '$user' 
        AND password = '$password'
        ") or die(mysql_error());
    mysql_fetch_array($query);
    $total = mysql_num_rows($query);
    if ($total > 0) {
        session_start();
        $_SESSION['user'] = 'blah';
        header('location: dashboard.php');
    }
    else {
        echo '<br>Access denied!';

    }
}


?>
<form method="post" action="login.php?attempt">
    Enter your username:<input type="text" name="user"/><br/>
    Enter your password:<input type="password" name="password"/><br/>
    <input type="submit"/>
</form>
</body>
</html>

推荐答案

2016 年更新

请仅使用现有的登录系统,这些系统几乎在每个 PHP 框架中都是开箱即用的!完全没有理由自己写这篇文章,因为用户身份验证是一个很大的话题,编写一个严肃、稳定和现代的登录解决方案需要几个月(几年)的时间.

Please only use existing login systems, which are provided out-of-the-box in nearly every PHP framework! There's absolutly no reason to write this by yourself, as user authentication is a big topic and it will take months (years) to write a serious, stable and modern login solution.

原文,自 2012 年起:

由于登录系统是一个安全问题,每个人都会一遍又一遍地犯同样的错误,我可以清楚地说:

As login systems are a security issue and EVERYBODY makes the same mistakes over and over again, i can clearly say:

使用专业脚本并通过代码来了解发生了什么,什么是散列和加盐以及会话可能会出现什么问题.

Take a professional script and work through the code to understand whats happening, what hashing and salting is and what problems session can have.

[删除过期链接]

以下是您可能需要的三个项目:

Here are three projects that might be what you need:

https://github.com/panique/php-login-one-file

https://github.com/panique/php-login-minimal

https://github.com/panique/huge

相关文章