在没有数据库或用户名的情况下使用php密码保护文件夹/页面的最佳方法是什么 [英] What is the best way to password protect folder/page using php without a db or username

问题描述

在没有数据库或用户名但使用php的情况下，使用php密码保护文件夹的最佳方法是什么.基本上，我有一个页面，该页面将列出组织的联系人，并且需要使用密码保护该文件夹，而无需为每个用户提供帐户.只有一个密码会经常更改并分发给该组.我知道这不是很安全，但我想知道如何做到这一点永远不会少.最好的方式.

What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way.

如果用户正确输入密码后能记住一段时间，那就太好了.

It would be nice if the password is remembered for a while once user entered it correctly.

除了没有cookie之外，我所做的工作几乎与David Heggie所建议的一样.看起来确实不安全，但是最好设置一个不好的密码保护，然后再没有密码保护.

I am doing approximately what David Heggie suggested, except without cookies. It does seem insecure as hell, but it is probably better having a bad password protection then none at all.

这是针对内部站点的，人们在其中会记住自己的登录名和密码，并且永远不会经历注册过程...除非真的很简单，否则他们不会使用该系统完全没有.

This is for internal site where people would have hell of a time remembering their login and password and would never go through sign up process... unless it is really easy they would not use the system at all.

我想看看这个问题的其他解决方案.

I wanted to see other solutions to this problem.

对于不是非常精通技术的人组成的用户群，还有其他方法可以做到这一点.

With user base consisting of not very tech savvy people what are other ways to do this.

推荐答案

您可以使用以下内容:

//access.php

<?php
//put sha1() encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';

session_start();
if (!isset($_SESSION['loggedIn'])) {
    $_SESSION['loggedIn'] = false;
}

if (isset($_POST['password'])) {
    if (sha1($_POST['password']) == $password) {
        $_SESSION['loggedIn'] = true;
    } else {
        die ('Incorrect password');
    }
} 

if (!$_SESSION['loggedIn']): ?>

<html><head><title>Login</title></head>
  <body>
    <p>You need to login</p>
    <form method="post">
      Password: <input type="password" name="password"> <br />
      <input type="submit" name="submit" value="Login">
    </form>
  </body>
</html>

<?php
exit();
endif;
?>

然后将要保护的每个文件放在顶部:

Then on each file you want to protect, put at the top:

<?php
require('access.php');
?>
secret text

这不是一个很好的解决方案，但它可以满足您的要求

It isn't a very nice solution, but it might do what you want

修改

您可以添加一个logout.php页面，例如:

You could add a logout.php page like:

<?php
    session_start();
    $_SESSION['loggedIn'] = false;
?>
You have logged out   

这篇关于在没有数据库或用户名的情况下使用php密码保护文件夹/页面的最佳方法是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！