Home > Article > Backend Development > [PHP&MySQL] Modify password + prevent forced entry into the system through URL
●Use PHP MySQL to change the password
This article describes the specific code and operation process of using PHP MySQL to change the password.
Page:
index.php Login page, enter the default password to log in to the system
check.php verification page, pass Query the database to check whether the password is correct ——> If correct, enter the system or error, prompt "Incorrect password", return to the login page
system.php system page, containing the "Change Password" link
change.php Enter new password change page
changePwd.php Change password page
Key code:
index.php
<form action="check.php" method="post"> <p >请输入密码:</p><input type="password" name="psd" /> <button type="submit" name="submit" value="登录" />登录</button> </form>
check.php
<?php $servername = "localhost"; $username = "用户"; $password = "密码"; $dbname = "数据库名"; // 创建连接 $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("连接失败: " . $conn->connect_error); } $sql = "SELECT password FROM admin"; //此处涉及名称是admin的数据表,内部有name 和password两个字段,值分别是admin 和 1 $result = $conn->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $adminkey = $row["password"]; //设$adminkey是管理员密码,将从数据表中读取的数据赋值进去 } } $conn->close(); /************************请在上方修改管理员密码,默认是'1' *************************/ if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){ if($_POST['psd'] == $adminkey){ //如果输入的密码和数据库中的默认密码相同,则进入系统 header("Location:system.php"); exit; }else{ ?> <script language="javascript"> //如果密码错误,给出提示,返回登录页面 alert("password error"); window.location.href="index.php"; </script> <?php } } ?> system.php <a href="change.php" class="chang">修改密码</a>
change .php
##
<form action="changPwd.php" method="post" > 请输入新密码:<input type="password" name="new_psd"> <button type="submit" name="submit" value="修改" class="btn "/>修改</button> </form>
changePwd.php
<?php if( isset($_POST["submit"]) && $_POST["submit"] = "修改"){ $nempas = $_POST["new_psd"]; $servername = "localhost"; $username = "用户名"; $password = "密码"; $dbname = "数据库名"; // 创建连接 $conn = new mysqli($servername, $username, $password, $dbname); // Check connection mysqli_query($conn,"UPDATE admin SET password='{$nempas}' WHERE name='admin' "); //使用UPDATE语句修改数据库中的password字段,并且新的值来自 change.php页面输入的新密码 WHERE语句必须写,否则会更新所有的字段 mysqli_close($conn); ?> <script language="javascript"> alert("change success"); window.location.href="system.php"; </script> <?php }else{ echo 'alert("change error"); } ?>
●Prevent forced entry into the system through URL
For example, the website name is www.xxx.com, and the viewer notices that it belongs to a certain system After logging in to the page, you may bypass entering the password and enter the system by trying http://www.xxx.com/system.php. . . . [Newbie Level]
You can add a check page checkInfo.php
Check the password first Pagecheck.php Change:
if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){ if($_POST['psd'] == $adminkey){ session_start(); $_SESSION["loginKey"] = 101; //101随缘弄的,别的也行 // session 变量用于存储关于用户会话(session)的信息,或者更改用户会话(session)的设置。Session 变量存储单一用户的信息,并且对于应用程序中的所有页面都是可用的 所以,可利用此,只有通过密码验证,才会生成$_SESSION["loginKey"],从而在之后的页面如system.php 的开头加入检查页面 checkInfo.php ,检查有没有生成的$_SESSION["loginKey"] 就可以辨别有没有绕过密码强行进入 header("Location:system.php"); exit; }else{ ?> <script language="javascript"> alert("password error"); window.location.href="index.php"; </script> <?php } } ?>Then write
checkInfo.php
<?php session_start(); if(!isset($_SESSION["loginKey"])){ ?> <script language="javascript"> alert("please land first"); window.location.href="index.php"; </script> <?php } ?>
Example
Add at the beginning of system.php:<?phpinclude 'checkInfo.php';?> <!doctype html> <html> ...... .. .. .. </html>Note: session_start(); When starting the session, the previous code cannot have any output! (Such as echo '...'; alert("....");)It is recommended to throw it directly to the beginningIf you want to know more, please go to the PHP Chinese website
PHP video tutorial and mysql video tutorial learn.
The above is the detailed content of [PHP&MySQL] Modify password + prevent forced entry into the system through URL. For more information, please follow other related articles on the PHP Chinese website!