Home >Backend Development >PHP Tutorial >How to implement PHP user login verification code_PHP tutorial
Next we use the Mysql database tutorial to store the user's identity. We need to extract the username and password of each account from the database to compare with the $PHP_AUTH_USER and $PHP_AUTH_PW variables to determine the authenticity of the user.
First, create a database in MySql to store user information
The database name is XinXiKu and the table name is user; the table definition is as follows:
View Code 1 create table user(
2 ID INT(4) NOT NULL AUTO_INCREMENT,
3 name VARCHAR(8) NOT NULL,
4 password CHAR(8) NOT NULL,
5 PRIMARY KEY(ID)
6)
Description:
1. ID is a serial number, which is not zero and is automatically incremented. It is the primary key;
2. name is the user name and cannot be empty;
3. Password is the user password and cannot be empty;
The following is the user authentication file login.php tutorial
View Code 1 //Determine whether the username is set
2 if(!isset($PHP_AUTH_USER))
3 {
4 header("WWW-Authenticate:Basic realm="Authentication function"");
5 header("HTTP/1.0 401 Unauthorized");
6 echo "Authentication failed, you do not have permission to share network resources!";
7 exit();
8}
9 /*Connect to database*/
10 $db=mysql tutorial_connect("localhost","root","");
11 //Select database
12 mysql_select_db("XinXiKu",$db);
13 //Check whether the user exists
14 $result=mysql_query("SELECT * FROM user where name='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'",$db);
15 if ($myrow = mysql_fetch_row($result))
16 {
17 //The following are related operations after successful identity verification
18...
19}
20 else
21 {
22 //Authentication is unsuccessful, prompt the user to re-enter
23 header("WWW-Authenticate:Basic realm="Authentication function"");
24 header("HTTP/1.0 401 Unauthorized");
25 echo "Authentication failed, you do not have permission to share network resources!";
26 exit();
27}
28 ?>
Program description:
In the program, first check whether the variable $PHP_AUTH_USER has been set. If it is not set, it means that authentication is required. The script sends an HTTP 401 error number header to tell the client's browser that authentication is required. The client's browser pops up an authentication window, prompting the user to enter the user name and password. After the input is completed, the connection Database, query whether the username and password are correct. If correct, allow login to perform related operations. If incorrect, continue to require the user to enter username and password.
Function description:
1. isset(): used to determine whether a variable has been assigned a value. Depending on whether the variable value exists, return true or false
2. header(): used to send specific HTTP headers. Note that when using the header() function, be sure to call it before any HTML or PHP code that produces the actual output.
3. mysql_connect(): Open the MySQL server connection.
4. mysql_db_query(): Send query string (query) to MySQL database.
5. mysql_fetch_row(): Returns each field of a single column.
2. Use session to implement server verification
For pages that require authentication, it is best to use apache server authentication. However, the interface of apache server verification is not friendly enough. Moreover, PHP in CGI mode and PHP under IIS cannot be verified using the Apache server. In this way, we can use session to save the user's identity between different pages to achieve identity verification.
On the backend, we also use the above Mysql database to store user information.
We first write a user login interface, the file name is login.php, the code is as follows:
View Code 1
login1.php processes the submitted form, the code is as follows:
View Code 1 $db=mysql_connect("localhost","root","");
2 mysql_select_db("XinXiKu",$db);
3 $result=mysql_query("SELECT * FROM user where name='$name' and password='$pass'",$db);
4 if ($myrow = mysql_fetch_row($result))
5 {
6 //Registered user
7 session_start();
8 session_register("user");
9 $user=$myrow["user"];
10 // Identity verification successful, perform related operations
11...
12}
13 else
14 {
15 echo "Authentication failed, you do not have permission to share network resources!";
16}
17 ?>
What needs to be noted here is that users can use **http://domainname/next.php?user=username ** in subsequent operations to bypass authentication. Therefore, subsequent operations should first check whether the variable is registered: if it is registered, perform the corresponding operation, otherwise it will be regarded as illegal login. The relevant code is as follows:
View Code 1 session_start();
2 if (!session_is_registered("user"))
3 {
4 echo "Authentication failed, illegal login!";
5}
6 else
7 {
8 //Successfully log in to perform related operations
9 ...
10}
11 ?>