密码保护的网页没有使用PHP数据库访问 [英] Password protect a page without db access with php
问题描述
是否有可能密码保护网页,而不DB访问?我可能只有几页。不过,我应该能够更改密码,也节省会议等。而我想要一个安全的方式,因为它是对生产现场!
Is it possible to password protect a page without db access? I may have only few pages. But I should be able to change password and also save sessions etc. And I want a secure way as it's for production site!
它是如何在MD5后config.php文件存储:
How is it to store in a config.php after md5:
<?php
username="admin";
password="1a1dc91c907325c69271ddf0c944bc72";
?>
如果这是一个不错的主意,有没有办法来限制只从一个脚本访问这个PHP
所谓check.php什么?
If this is a good idea, is there a way to restrict access to this php from only one script called check.php or something?
推荐答案
当然,为什么不?您可以在交通不便的目录(或的.htaccess出WWW根保护)使用平面文件,并把它作为一个数据库。
Sure, why not? You can use flat files in inaccessible directory (protected by .htaccess or out of the www root) and use that as a database.
下面是一个简单的登录类我已经刮起了:
Here's a simple login class I've whipped up:
class SimpleLogin {
private $users;
private $db = './pass.txt';
function __construct() {
$data = file_get_contents($this->db);
if (!$data) {
die('Can\'t open db');
} else {
$this->users = unserialize($data);
}
}
function save() {
if (file_put_contents($this->db, serialize($this->users)) === false)
die('Couldn\'t save data');
}
function authenticate($user, $password) {
return $this->users[$user] == $this->hash($password);
}
function addUser($user, $password) {
$this->users[$user] = $this->hash($password);
$this->save();
}
function removeUser($user) {
unset($this->users[$user]);
$this->save();
}
function userExists($user) {
return array_key_exists($user, $this->users);
}
function userList() {
return array_keys($this->users);
}
// you can change the hash function and salt here
function hash($password) {
$salt = 'jafo2ijr02jfsau02!)U(jf';
return sha1($password . $salt);
}
}
的注意的:你真的应该关闭错误报告,如果您打算在实际的服务器来使用它。这可以通过调用 error_reporting()的或通过添加来完成'@'在的file_get_contents
和的file_put_contents
(即前面:所以它变成 @file_get_contents
)
NOTE: You really should turn off error reporting if you are going to use this in an actual server. This can be done by calling error_reporting() or by adding '@' in front of file_get_contents
and file_put_contents
(ie: so it turns into @file_get_contents
)
使用示例: http://left4churr.com/login/
这篇关于密码保护的网页没有使用PHP数据库访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!