PHP + MySQL authentication method

PHP + MySQL authentication method

Author: Wutong

Date: 2001/8/29

Recently, when I made an ICP filing for a school, I needed identity verification. After comparison, I decided to use PHP + MySQL for identity verification.
　　
We have previously considered using cookies or sessions. However, when a user goes offline and goes online again

It can still be online without logon, which is a hidden risk for Internet cafes. In addition, users can disable cookies for identity authentication.

The certificate fails. We have also considered using session. During the browsing process, the session constantly adds the access information to the session. If the user

During a long period of time on the website, a large number of pages are browsed, which leads to a larger session and a lower browsing speed. In the end, only the user can log on again,

Although this situation is rare, it is not what we hope.

　　
My idea for this authentication is to record browsing information while authenticating the identity.

The User ID is transmitted between each page. The id value is encrypted using the MD5 () function. The verification function is validate_id (), and the return value is

(0, 1). The success value is "1 ".

Ideas:

Determine whether the input ID is an anonymous logon ID (a684dd572b1887661782981659331eed), 32 bits. If 0 is returned, and

Add browsing information to the database. If no, query the database to check whether the user ID, user IP address, and input ID and IP address value in the database are equal.

And the last browsing time is less than 20 minutes from the current time.
　　　　
The number of records obtained. If it is 0, it is considered offline. log on to the browser with an anonymous ID and return 0. If the record is not 0, Set

User ID, user IP value, join database, return 1.

 

Create a database:
　　
Create Table Logging {

Id int unsigned not null primary key auto_increment,

User_id char (32) not null, // user ID

Logging_ip varchar (20) not null, // record the user IP Address

Page_name varchar (30) not null, // view Web Page name

View_time timestamp not null,

Student_id varchar (20)

);

Create a function:

 

/* ----- Begin function validate-ID ()---------------
Verify that the user has logged on

------------------------------------------------*/
Function validate_id ($ link, $ id, $ IP, $ page_name, $ student_id = ""){
If ($ id = a684dd572b1887661782981659331eed or $ id = ''){
$ Query = 'insert into logging (user_id, logging_ip, page_name, student_id) values ("a684dd572b1887661782981659331eed ","'. $ IP. '","'. $ page_name. '"," anonym ");';
$ Result = mysql_db_query ("Web", $ query, $ link );
Return (0 );
}
Else {
$ Year = strftime ("% Y ");
$ Month = strftime ("% m ");
$ Day = strftime ("% d ");
$ Hour = strftime ("% H ");
$ Min = strftime ("% m ");
$ Sec = strftime ("% s ");
Echo $ time_string = $ year. $ month. $ day. $ hour. $ min. $ sec;
// Echo ("<br> ");
// Echo "$ year-$ month-$ day $ hour-$ Min-$ sec <br> ";
File: // --------- begin if's ---------------------------
If ($ Min-= 20) <0 ){
$ Min + = 60;
If ($ hour-= 1) =-1 ){
$ Hour + = 24;
If ($ day-= 1) = 0 ){
Switch ($ month ){
Case 12: $ days = 30; break;
Case 1: $ days = 31; break;
Case 2: If ($ year/4 = 0) and ($ year/100! = 0) or ($ year/400 = 0 )){
$ Days = 29 ;}
Else {$ days = 28 ;}
Break;
Case 3: $ days = 31; break;
Case 4: $ days = 30; break;
Case 5: $ days = 31; break;
Case 6: $ days = 30; break;
Case 7: $ days = 31; break;
Case 8: $ days = 31; break;
Case 9: $ days = 30; break;
Case 10: $ days = 31; break;
Case 11: $ days = 30; break;
}
$ Day + = $ days;
If ($ month-= 1) = 0 ){
$ Month + = 12;
$ Year-= 1;
}
}
}
}
File: // ------------------------------------ end if's
Settype ($ month, "integer ");
If ($ month <10 ){
Settype ($ month, "string ");
$ Month = '0'. $ month ;}
Settype ($ Day, "integer ");
If ($ day <10 ){
Settype ($ Day, "string ");
$ Day = '0'. $ day ;}
Settype ($ hour, "integer ");
If ($ hour <10 ){
Settype ($ min, "string ");
$ Hour = '0'. $ hour ;}
Settype ($ min, "integer ");
If ($ min <10 ){
Settype ($ min, "string ");
$ Min = '0'. $ min ;}

Echo '<br>'. $ time_string = $ year. $ month. $ day. $ hour. $ min. $ sec;
// Echo "<br> $ year-$ month-$ day $ hour-$ Min-$ sec <br> ";
// Echo ("<br> ");
$ Query = "select ID from logging where user_id = '$ id' and logging_ip =' $ ip' and view_time> '$ time_string ';";
$ Result = mysql_db_query ("Web", $ query, $ link );
$ COUNT = mysql_num_rows ($ result );
If ($ COUNT = 0 ){
// Echo $ query = "insert into logging (user_id, logging_ip, page_name) values ('a684dd572b1887661782981659331ed', '$ ip',' $ page_name ');";
$ Result = mysql_db_query ("Web", $ query, $ link );
Return (0 );
}
Else {
$ Query = "insert into logging (user_id, logging_ip, page_name) values ('$ id',' $ ip', '$ page_name ')";
$ Result = mysql_db_query ("Web", $ query, $ link );
Return (1 );

}
} // End if
}
File: // ---------------------------- END function validate-ID ---------
This verification method is very simple, and does not take into account the user login after login, you can add yourself.

If you use cookies, you may use setcookies () to create a user ID and then read it from the environment variable $ http_cookie or $ http_cookie_vars.

. They are all the same, but we should ensure that users do not have cookies.