密码保护一个没有db访问的页面 [英] Password protect a page without db access with php
问题描述
可以通过密码保护没有db访问的页面吗?我可能只有几页。但我应该能够更改密码和保存会话等。我想要一个安全的方式,因为它是生产网站!
Is it possible to password protect a page without db access? I may have only few pages. But I should be able to change password and also save sessions etc. And I want a secure way as it's for production site!
如何存储在配置。 php after md5:
How is it to store in a config.php after md5:
<?php
username="admin";
password="1a1dc91c907325c69271ddf0c944bc72";
?>
如果这是一个好主意,是否有一种方法来限制从一个脚本
调用check.php或者什么?
If this is a good idea, is there a way to restrict access to this php from only one script called check.php or something?
推荐答案
当然,为什么不呢?您可以在不可访问的目录中使用平面文件(由.htaccess保护或者由www根目录保护),并将其用作数据库。
Sure, why not? You can use flat files in inaccessible directory (protected by .htaccess or out of the www root) and use that as a database.
这里是一个简单的登录类打开:
Here's a simple login class I've whipped up:
class SimpleLogin {
private $users;
private $db = './pass.txt';
function __construct() {
$data = file_get_contents($this->db);
if (!$data) {
die('Can\'t open db');
} else {
$this->users = unserialize($data);
}
}
function save() {
if (file_put_contents($this->db, serialize($this->users)) === false)
die('Couldn\'t save data');
}
function authenticate($user, $password) {
return $this->users[$user] == $this->hash($password);
}
function addUser($user, $password) {
$this->users[$user] = $this->hash($password);
$this->save();
}
function removeUser($user) {
unset($this->users[$user]);
$this->save();
}
function userExists($user) {
return array_key_exists($user, $this->users);
}
function userList() {
return array_keys($this->users);
}
// you can change the hash function and salt here
function hash($password) {
$salt = 'jafo2ijr02jfsau02!)U(jf';
return sha1($password . $salt);
}
}
$ b b
:如果您要在实际的服务器中使用此功能,您应该关闭错误报告,这可以通过调用 error_reporting()或在前添加'@'file_get_contents
和 file_put_contents
(即:变成 @file_get_contents
)
NOTE: You really should turn off error reporting if you are going to use this in an actual server. This can be done by calling error_reporting() or by adding '@' in front of file_get_contents
and file_put_contents
(ie: so it turns into @file_get_contents
)
使用示例: http://left4churr.com/login/
这篇关于密码保护一个没有db访问的页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!