Using AJAX to verify the user login is a benefit is not to refresh the jump page, plus the use of the verification code is more secure, groping to write down. Altogether three files are used:
yz.php: generate the code of PHP file, will verify the code will be in the session, for log in compared to call
index.php: HTML file for user login
logincheck.php: Verifying files that users log on to
The following one by one resolves:
yz.php File
<?php
session_start ();
Generate a validation code map
Header ("Content-type:image/png");
Long and wide
$im = Imagecreate (44,18);
Set background color:
$back = Imagecolorallocate ($im, 245,245,245);
Fill background color:
imagefill ($im, 0,0, $back);
Srand (Double) microtime () *1000000);
$vcodes;
Generates a 4-digit number
for ($i =0 $i <4; $i + +) {
$font = imagecolorallocate ($im, Rand (100,255), Rand (0,100), Rand (100,255 ));
$authnum =rand (1,9);
$vcodes. = $authnum;
Imagestring ($im, 5, $i *10, 1, $authnum, $font);
Add the jamming pixel for
($i =0 $i <100; $i + +) {
$randcolor = imagecolorallocate ($im, Rand (0,255), Rand (0,255), Rand ( 0,255));
Imagesetpixel ($im, Rand ()%70, Rand ()%30, $randcolor);
Imagepng ($im);
Imagedestroy ($im);
The four-bit verification code is saved in the session, and when you log in, compare
$_session["Vcode"]= $vcodes;
? >
index.php: Note, do not take $_session["Vcode" in this file, or you will take a step later, refresh to display the last Captcha
It's good to be logincheck.php in the test room.
<! DOCTYPE HTML PUBLIC "-//w3c//dtd HTML 4.01 transitional//en" "Http://www.w3.org/TR/html4/loose.dtd" >
logincheck.php verifying files that users log on to
<?php
session_start ();
Include (".. /conn/conndb.php ");
Get the parameters of the POST:
$username =$_post["username"];
$password =md5 ($_post["password"]);
$authCode =$_post["Authcode"];
$feedback = "no";
Compare whether the ==session in the verification code, can not be placed on the client, otherwise take incorrect value
if ($authCode ==$_session["Vcode"]) {
$SQL = "SELECT * from Users where Username= ' $username ' and password= ' $password ';
$result =mysql_query ($SQL);
$rows =mysql_num_rows ($result);
if ($rows ==1) //Verify success
$feedback = "OK";
$_session["admin"]=true; In order to secure the background, save the session, indicating that ADMIN is logged in for later call
}
echo $feedback;
? >
The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.