密码保护一个没有db访问的页面 [英] Password protect a page without db access with php

查看:183
本文介绍了密码保护一个没有db访问的页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

可以通过密码保护没有db访问的页面吗?我可能只有几页。但我应该能够更改密码和保存会话等。我想要一个安全的方式,因为它是生产网站!

Is it possible to password protect a page without db access? I may have only few pages. But I should be able to change password and also save sessions etc. And I want a secure way as it's for production site!

如何存储在配置。 php after md5:

How is it to store in a config.php after md5:

 <?php
 username="admin"; 
 password="1a1dc91c907325c69271ddf0c944bc72";
 ?>

如果这是一个好主意,是否有一种方法来限制从一个脚本
调用check.php或者什么?

If this is a good idea, is there a way to restrict access to this php from only one script called check.php or something?

推荐答案

当然,为什么不呢?您可以在不可访问的目录中使用平面文件(由.htaccess保护或者由www根目录保护),并将其用作数据库。

Sure, why not? You can use flat files in inaccessible directory (protected by .htaccess or out of the www root) and use that as a database.

这里是一个简单的登录类打开:

Here's a simple login class I've whipped up:

class SimpleLogin {

    private $users;
    private $db = './pass.txt';

    function __construct() {
        $data = file_get_contents($this->db);

        if (!$data) {
           die('Can\'t open db');
        } else {
            $this->users = unserialize($data);
        }
    }

    function save() {
        if (file_put_contents($this->db, serialize($this->users)) === false)
            die('Couldn\'t save data');
    }

    function authenticate($user, $password) {
        return $this->users[$user] == $this->hash($password);
    }

    function addUser($user, $password) {
        $this->users[$user] = $this->hash($password);
        $this->save();
    }

    function removeUser($user) {
        unset($this->users[$user]);
        $this->save();
    }

    function userExists($user) {
        return array_key_exists($user, $this->users);
    }

    function userList() {
        return array_keys($this->users);
    }

    // you can change the hash function and salt here
    function hash($password) {
        $salt = 'jafo2ijr02jfsau02!)U(jf';
        return sha1($password . $salt);
    }

}

$ b b

:如果您要在实际的服务器中使用此功能,您应该关闭错误报告,这可以通过调用 error_reporting()或在前添加'@'file_get_contents file_put_contents (即:变成 @file_get_contents

NOTE: You really should turn off error reporting if you are going to use this in an actual server. This can be done by calling error_reporting() or by adding '@' in front of file_get_contents and file_put_contents (ie: so it turns into @file_get_contents)

使用示例 http://left4churr.com/login/

这篇关于密码保护一个没有db访问的页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆