Php login verification code implementation method

Next we will use the Mysql database tutorial to store the user's identity. We need to extract the username and password of each account from the database to compare with the $ PHP_AUTH_USER and $ PHP_AUTH_PW variables to determine the authenticity of the user.

First, create a database for storing user information in MySql.

The database name is XinXiKu and the table name is user. The table definition is as follows:

View Code 1 create table user (
2 id int (4) not null AUTO_INCREMENT,
3 name VARCHAR (8) not null,
4 password CHAR (8) not null,
5 primary key (ID)
6)

Note:

1. ID is a serial number, which is not zero and increases automatically. It is the primary key;

2. name is the user name and cannot be blank;

3. The password is a user password and cannot be blank;

The following is a user authentication file login. php tutorial

View Code 1 // determine whether the user name is set
2 if (! Isset ($ PHP_AUTH_USER ))
3 {
4 header ("WWW-Authenticate: Basic realm =" authentication function "");
5 header ("HTTP/1.0 401 Unauthorized ");
6. echo "authentication failed. You do not have permission to share network resources! ";
7 exit ();
8}
9/* connect to the database */
10 $ db = mysql tutorial _ connect ("localhost", "root ","");
11 // select a database
12 mysql_select_db ("XinXiKu", $ db );
13 // query whether a user exists
14 $ result = mysql_query ("SELECT * FROM user where name = '$ PHP_AUTH_USER' and password = '$ PHP_AUTH_PW'", $ db );
15 if ($ myrow = mysql_fetch_row ($ result ))
16 {
17 // perform the following operations after successful authentication
18...
19}
20 else
21 {
22 // The authentication fails, prompting the user to re-enter
23 header ("WWW-Authenticate: Basic realm =" authentication function "");
24 header ("HTTP/1.0 401 Unauthorized ");
25 echo "authentication failed. You do not have permission to share network resources! ";
26 exit ();
27}
28?>

Program description:

In the program, first check whether the variable $ PHP_AUTH_USER has been set. If no authentication is set, the script sends an HTTP 401 error header, telling the client browser that authentication is required. An Authentication Window is displayed in the client browser, prompt the user to enter the user name and password. after entering the password, connect to the database and check whether the user name and password are correct. If the user name and password are correct, Allow logon to perform related operations. If the user name and password are incorrect, the user is required to enter the user name and password.

Function Description:

1. isset (): used to determine whether a variable has been assigned a value. Returns true or false based on whether the variable value exists.

2. header (): used to send specific HTTP headers. Note: when using the header () function, you must call this function before any HTML or PHP code that generates the actual output.

3. mysql_connect (): Open the MySQL server connection.

4. mysql_db_query (): Send the query string to the MySQL database.

5. mysql_fetch_row (): Return fields in a single column.

Ii. Server verification using session

For pages that require authentication, it is best to use the apache server for authentication. However, the interface for apache server authentication is unfriendly. In addition, php in cgi Mode and php in iis cannot be verified using the apache server. In this way, we can use the session to save the user identity between different pages to achieve the purpose of identity authentication.

At the backend, we also use the above Mysql database to store user information.

First, we compile a user login interface named login. php. The Code class is as follows:

View Code 1 <form action = "login1.php">
2 Username: <input type = "text" name = "name"> <br>
Three commands: <input type = "text" name = "pass"> <br>
4 <input type = "submit" value = "login">
5 </form>

The code for login1.php to process the submitted form is as follows:
View Code 1 $ db = mysql_connect ("localhost", "root ","");
2 mysql_select_db ("XinXiKu", $ db );
3 $ result = mysql_query ("SELECT * FROM user where name = '$ name' and password =' $ pass'", $ db );
4 if ($ myrow = mysql_fetch_row ($ result ))
5 {
6 // register a user
7 session_start ();
8 session_register ("user ");
9 $ user = $ myrow ["user"];
10 // authentication successful, perform related operations
11...
12}
13 else
14 {
15 echo "authentication failed. You do not have permission to share network resources! ";
16}
17?>

You can use ** http: // domainname/next. php? User = username ** to bypass authentication. Therefore, follow-up operations should first check whether the variable is registered: if it is already registered, perform the corresponding operations; otherwise, it is deemed as illegal logon. The related code is as follows:
View Code 1 session_start ();
 

2 if (! Session_is_registered ("user "))
3 {
4 echo "authentication failed, illegal logon! ";
5}
6 else
7 {
8 // Successful Logon
9...
10}
11?>