How to implement PHP user login verification Code _php Tutorial

Below we use MySQL database tutorial to store the user's identity. We need to extract the user name and password for each account from the database to compare the $php_auth_user and $PHP_AUTH_PW variables to determine the authenticity of the user.

First, create a database that holds user information in MySQL

The database name is Xinxiku, the table name is user, and the table is defined as follows:

View Code 1 CREATE TABLE User (
2 ID INT (4) Not NULL auto_increment,
3 name VARCHAR (8) Not NULL,
4 Password CHAR (8) Not NULL,
5 PRIMARY KEY (ID)
6)

Description

1, ID is a serial number, not zero and automatically increment, the primary key;

2, name is the user name, can not be empty;

3, password for the user password, can not be empty;

The following is a user authentication file login.php Tutorial

View Code 1//Determine if user name is set
2 if (!isset ($PHP _auth_user))
3 {
4 Header ("Www-authenticate:basic realm=" Authentication function "");
5 Header ("http/1.0 401 Unauthorized");
6 echo "Authentication failed, you do not have permission to share network resources!";
7 exit ();
8}
9/* Connect to Database */
Ten $db =mysql tutorial _connect ("localhost", "root", "" ");
11//Select Database
mysql_select_db ("Xinxiku", $db);
13//Query whether the user exists
$result =mysql_query ("select * from user where name= ' $PHP _auth_user ' and password= ' $PHP _auth_pw '", $db);
if ($myrow = Mysql_fetch_row ($result))
16 {
17//The following is the relevant operation after successful authentication
18 ...
19}
Else
21 {
22//Authentication unsuccessful, prompting user to re-enter
The header ("Www-authenticate:basic realm=" authentication function ");
The header ("http/1.0 401 Unauthorized");
echo "Authentication failed, you do not have permission to share network resources!";
+ exit ();
27}
?>

Program Description:

In the program, first check whether the variable $php_auth_user has been set. If there is no setting, the instructions need to be verified, the script issued an HTTP 401 error xwould flag, tells the client browser needs to authenticate, the client's browser pops up an authentication window, prompting the user to enter a user name and password, enter the completion, connect to the database, query the user name and password is correct, If it is correct, allow the login to do so, and if it is not correct, continue to require the user to enter a user name and password.

Function Description:

1, Isset (): Used to determine whether a variable has been assigned a value. Returns TRUE or false depending on whether the value of the variable exists

2. Header (): Used to send a specific HTTP header. Note that when using the header () function, be sure to call the function in front of any HTML or PHP code that produces the actual output.

3, mysql_connect (): Open the MySQL server connection.

4. Mysql_db_query (): Send query string to MySQL database.

5, Mysql_fetch_row (): Returns the fields of a single column.

Second, use the session to implement server authentication

For pages that require authentication, it is best to use Apache server Authentication. However, the Apache server verifies that the interface is not friendly. Furthermore, PHP under the php,iis of CGI mode cannot be verified with Apache server. In this way, we can use the session to save the user identity between different pages, to achieve the purpose of authentication.

In the backend we also use the MySQL database above to store user information.

We first write a user login interface, the file name is login.php, code post:

View Code 1

Login1.php process the submitted form with the following code:
View Code 1 $db =mysql_connect ("localhost", "root", "");
2 mysql_select_db ("Xinxiku", $db);
3 $result =mysql_query ("select * from user where name= ' $name ' and password= ' $pass '", $db);
4 if ($myrow = Mysql_fetch_row ($result))
5 {
6//Registered user
7 session_start ();
8 Session_register ("User");
9 $user = $myrow ["User"];
10//Authentication successful, related operation
11 ...
12}
All else
14 {
echo "Authentication failed, you do not have permission to share network resources!";
16}
?>

It is necessary to note that users can bypass authentication by using **http://domainname/next.php?user= username * * in subsequent operations. Therefore, the subsequent operation should check whether the variable is registered: registered, then the corresponding operation, otherwise considered illegal login. The relevant code is as follows:
View Code 1 session_start ();

2 if (!session_is_registered ("user"))
3 {
4 echo "Authentication failed, belongs to illegal login!";
5}
6 Else
7 {
8//Successful login for related operations
9 ...
10}
?>

http://www.bkjia.com/PHPjc/630746.html www.bkjia.com true http://www.bkjia.com/PHPjc/630746.html techarticle below we use MySQL database tutorial to store the user's identity. We need to extract the username and password for each account from the database in order to compare it to the $php_auth_user and $PHP_AUTH_PW variables ...

