Requirements Purpose: The same site, no unauthorized users, general authorized users and power users can see and use different pages.
Implementation: In the page to be protected include different levels of security inspection Touch Board.
Precautions:
1 > To avoid the user browser does not use cookies and can not browse the protected page (session defaults to use the client's cookie).
2 > To prevent permissions from being embezzled. (The default survival period for PHP 4 's session is from the start of sessions to the closing of browsers.) )
How to use:
1 > code at the front of the page that requires general protection Plus include ("Secturity2"). PHP "); It's okay.
2 > code at the front of the page that requires special protection plus include ("Secturity1"). PHP "); and include ("secturity2.php"); It's okay.
(Assuming all files are in the same folder)
Program code and detailed explanation:
Security1. PHP Special User page protection Touch Board
Security2. PHP General user page Protection Touch Board
Login2. PHP User Login Page
Let's look at login2 first. PHP (User login page) code:
-->Php
Session_register ("user"); #增加用户名变数
Session_register ("password"); #增加密码变数
Session_register ("Tmlast"); #增加时间变数
if ($user = = "") {#判断是否是第一次登陆
$error = "chooseyounameandinputthepasswordplease!";
}
$tmLast =date ("U"); #记录登陆时间
if ($user 1)
$user =trim ($user 1); #记录用户名 (Reference user1 variable is why?) Ask readers to think for themselves. )
$password =trim ($password 1); #记录密码
if ($user 1&& $password 1) {
if ($password 1==888) {#判断登陆密码是否是默认密码888结束 PHP program
$sid = "phpsessid=". session_id (); #保存当前session的ID号
$warning = "Yourpasswordisstillthedefaultpassword888,pleasechangeit.";
Header ("Location:changePassword.PHP $sid &warning= $warning"); #传递警告参数warning到changePassword. PHP page
Exit (); #立刻结束 PHP Program
}
if (Strtolower ($user) = = "Root") {#判断登陆用户是否是超级用户, you can expand your user
$fileName = "Backend_index." PHP ";
}
else{
if (! $fileName) #判断进入登陆页面的上一页是否是受保护页面
$fileName = "index. PHP ";
}
$sid = "phpsessid=". session_id (); #保存当前session的ID号
Header ("Location: $fileName $sid); #登陆成功进入指定页面, passing the ID number of the current session to prevent users from not using cookies and reading session values
Exit (); #立刻结束 PHP Program
}
?>
-->Php
echo "$error"; #显示登陆提示
?>
Php
Include ("Class/dbclass.inc"); #调用dbclass. Inc, use the same as the Mysql.inc class
$q =newdb_sql; #定义一个新的对象
$q->connect ($Host, $Database, $User, $Password); #连接 MySQL Database
$query = "Selectchrusername,chrfirstname,chrlastname".
"Fromuser".
"Wherechrfirstname!= '".
"Orderbychrfirstname";
$q->query ($query); #执行sql语句
echo "";
while ($q->next_record ()) {#从数据库中调出一般用户
if ($user = = $q->f (0)) #判断是否是当前用户
$select = "selected"; #是当前用户则设置为默认值
Else
$select = "";
echo "" Andchrpasswd= ' $password ' ";
$q->query ($query);
if (! $q->num_rows ()) {#判断是否找到密码匹配的用户
$error =urlencode ("Passwordiswrongornoprivilegeuser.");
Header ("location:login2.") Php?filename= $fileName &error= $error &user= $user "); #跳到密码错误登陆页
}
else{
$sid = "phpsessid=". session_id ();
$q->next_record ();
$USERID = $q->f (iduser); #保存通过验证用户的ID号, easy to use later
}
?>
Security1. PHP (Special user page protection Touch Board):
-->Php
Session_register ("user"); #说明同上
$privilege = "Root,macro,jackie"; #设置超级用户名单列表, separated by ","
$pieces =explode (",", $privilege); #取得单个超级用户名单
For ($i =0 $i if (strtolower ($user) = = $pieces [$i]) {#判断是否是超级用户
$hASPrivilege = 1;
Break #跳出判断循环
}
}
if (! $hASPrivilege) {
if ($fileName = = "")
$fileName = $PHP _self;
$error =urlencode ("youhavenoprivilegetoviewthispage!");
Header ("location:login2.") Php?filename= $fileName &error= $error &id= $id ");
Exit (); #跳到无权用户登陆页面
}
?>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
