密码保护的网页没有使用PHP数据库访问 [英] Password protect a page without db access with php

问题描述

是否有可能密码保护网页，而不DB访问？我可能只有几页。不过，我应该能够更改密码，也节省会议等。而我想要一个安全的方式，因为它是对生产现场！

Is it possible to password protect a page without db access? I may have only few pages. But I should be able to change password and also save sessions etc. And I want a secure way as it's for production site!

它是如何在MD5后config.php文件存储：

How is it to store in a config.php after md5:

 <?php
 username="admin"; 
 password="1a1dc91c907325c69271ddf0c944bc72";
 ?>

如果这是一个不错的主意，有没有办法来限制只从一个脚本访问这个PHP
所谓check.php什么？

If this is a good idea, is there a way to restrict access to this php from only one script called check.php or something?

推荐答案

当然，为什么不？您可以在交通不便的目录（或的.htaccess出WWW根保护）使用平面文件，并把它作为一个数据库。

Sure, why not? You can use flat files in inaccessible directory (protected by .htaccess or out of the www root) and use that as a database.

下面是一个简单的登录类我已经刮起了：

Here's a simple login class I've whipped up:

class SimpleLogin {

    private $users;
    private $db = './pass.txt';

    function __construct() {
        $data = file_get_contents($this->db);

        if (!$data) {
           die('Can\'t open db');
        } else {
            $this->users = unserialize($data);
        }
    }

    function save() {
        if (file_put_contents($this->db, serialize($this->users)) === false)
            die('Couldn\'t save data');
    }

    function authenticate($user, $password) {
        return $this->users[$user] == $this->hash($password);
    }

    function addUser($user, $password) {
        $this->users[$user] = $this->hash($password);
        $this->save();
    }

    function removeUser($user) {
        unset($this->users[$user]);
        $this->save();
    }

    function userExists($user) {
        return array_key_exists($user, $this->users);
    }

    function userList() {
        return array_keys($this->users);
    }

    // you can change the hash function and salt here
    function hash($password) {
        $salt = 'jafo2ijr02jfsau02!)U(jf';
        return sha1($password . $salt);
    }

}

的注意的：你真的应该关闭错误报告，如果您打算在实际的服务器来使用它。这可以通过调用 error_reporting（）的或通过添加来完成'@'在的file_get_contents 和的file_put_contents （即前面：所以它变成 @file_get_contents ）

NOTE: You really should turn off error reporting if you are going to use this in an actual server. This can be done by calling error_reporting() or by adding '@' in front of file_get_contents and file_put_contents (ie: so it turns into @file_get_contents)

使用示例： http://left4churr.com/login/

这篇关于密码保护的网页没有使用PHP数据库访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！