用户信息存储在auth数据库中,form表单传递的用户名、密码信息若与auth数据库表中匹配,则转正常页面。
1. secretdb.php
<?php
$name = $_POST['name'];
$password = $_POST['password'];
if ((!isset($name)) || (!isset($password))) {
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
<p>This page is secret.</p>
<form method="post" action="secretdb.php">
<p>Username: <input type="text" name="name"></p>
<p>Password: <input type="password" name="password"></p>
<p><input type="submit" name="submit" value="Log In"></p>
</form>
<?php
} else {
// connect to mysql
$mysql = mysqli_connect("www.anyone.com", "webauth", "webauth");
if(!$mysql) {
echo "Cannot connect to database.";
exit;
}
// select the appropriate database
$selected = mysqli_select_db($mysql, "auth");
if(!$selected) {
echo "Cannot select database.";
exit;
}
// query the database to see if there is a record which matches
$query = "select count(*) from authorised_users where
name = '".$name."' and
password = '".$password."'";
// password = sha1('".$password."')";
$result = mysqli_query($mysql, $query);
if(!$result) {
echo "Cannot run query.";
exit;
}
$row = mysqli_fetch_row($result);
$count = $row[0];
if ($count > 0) {
// visitor's name and password combination are correct
echo "<h1>Here it is!</h1>
<p>I bet you are glad you can see this secret page.</p>";
} else {
// visitor's name and password combination are not correct
echo "<h1>Go Away!</h1>
<p>You are not authorized to use this resource.</p>";
}
}
?>
2. 创建auth数据库,用户表
create database auth;
use auth;
create table authorised_users ( name varchar(20),
password varchar(40),
primary key (name)
);
insert into authorised_users values ( 'username',
'password' );
insert into authorised_users values ( 'testuser',
sha1('password') );
grant select on auth.*
to 'webauth'
identified by 'webauth';
flush privileges;
mysql> select * from authorised_users;
+----------+------------------------------------------+
| name | password |
+----------+------------------------------------------+
| testuser | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 |
| username | password |
+----------+------------------------------------------+
2 rows in set (0.00 sec)
3. 用username和 testuser账户分别测试
testuser测试需要修改secretdb.php 内容 password = sha1('".$password."')";