使登录更安全 [英] Making login more secure
问题描述
我使用此代码进行管理员登录。只有当用户输入正确的用户名和密码时才应该打开loginhome.php。但之后,我意识到这根本不安全。任何人都可以直接进入mywebsite / loginhome.php而无需登录。注销后,可以使用后退按钮打开loginhome.php。
I have used this code for admin login. loginhome.php should be opened only when a user enter correct username and password. But then, i realized this is not secure at all. anybody could directly go to mywebsite/loginhome.php without logging in. and after logout, the loginhome.php can be opened using back button. How Can i make this more securely?
<?php
$submit=isset($_POST['submit']);
if($submit)
{
$first=$_POST['first'];
$password=$_POST['password'];
$db = new mysqli("localhost", "root","","learndb");
$sql = "select * from admin where username = '" . $first . "' and password = '". $password . "'";
$result = $db->query($sql);
$result=mysqli_num_rows($result);
if($result>0)
{
include_once "loginhome.php";
}
else
{
include_once"errorlogin.php";
}
如果需要,这里是html表单。
Here is the html form if required.
<form method="post" action="input.php">
Username:<input type="Text" name="first"><br>
password:<input type="password" name="password"><br>
<input type="submit" name="submit" value="LOGIN">
</form>
推荐答案
安全。
首先,在登录页面(例如 login.php
)将用户重定向到 loginhome.php
。
You can use a PHP Session instead to make it more secure.
Firstly, redirect users to loginhome.php
in the Login Page (eg. login.php
).
session_start();
$_SESSION['logged_in'] = true;
header("Location: loginhome.php");
在 loginhome.php
文件中,你可以检查会话,如果没有设置,然后重定向用户回到登录页面。
And in the loginhome.php
file, you can check for the session, if not set, then redirect users back to the Login Page.
<?php
include "include.php";
session_start();
if(!$_SESSION['logged_in']){
session_destroy();
header("Location: login.php");
}
?>
要注销,请销毁Session。
To logout, destroy the Session.
<?php
session_start();
$_SESSION['logged_in'] = 0;
session_destroy();
header("Location: login.php");
?>
include.php
档案。
<?php
$link = mysqli_connect
("host", "user", "password", "database");
?>
只是提示,您应该加密用户的用户名和密码。希望这有助于!
Just a tip, you should encrypt the users' usernames and passwords. Hope this helps!
这篇关于使登录更安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!