查看完整版本 : 怎將代碼由一個用登入轉為多過一個用戶登入

89568956 2020-2-7 01:01 PM

怎將代碼由一個用登入轉為多過一個用戶登入

以下代碼是一個用戶登入:
可以怎樣加多過一個用戶登入?   :smile_27:  謝謝C HING 解答


[quote]<!--?
}
else if($name == "admin" && $password == "adminpass")
{
$login_user = $name;
echo "認證成功";
}
else
{
session_unregister("login_user");
echo "認證失敗";
}
?>[/quote]

xianrenb 2020-2-7 01:37 PM

[quote]原帖由 [i]89568956[/i] 於 2020-2-7 01:01 PM 發表 [url=https://computer.discuss.com.hk/redirect.php?goto=findpost&pid=514024861&ptid=28857495][img]https://computer.discuss.com.hk/images/common/back.gif[/img][/url]
以下代碼是一個用戶登入:
可以怎樣加多過一個用戶登入?   :smile_27:  謝謝C HING 解答


[/quote]

任何時候,處理密碼不應該使用 plaintext 。
以下值得看看:
[url=https://www.php.net/manual/en/function.password-hash.php]https://www.php.net/manual/en/function.password-hash.php[/url]
[url=https://www.php.net/manual/en/function.password-verify.php]https://www.php.net/manual/en/function.password-verify.php[/url]
另外你可能要用 database 或 file 記下相關的 data 。

89568956 2020-2-7 05:59 PM

上面那種研究不到, 本人找到下面, 嘗試用以下:
試左加入不同的username, password,都是不可以多用戶登入,  問C HING,要怎加/修改才能可以多用戶登入?:smile_39:
$username = "pe";
$password = "pe";
$username = "p1";
$password = "p1";
$username = "pe2";
$password = "pe2";

[quote]header("Content-Type: text/html;charset=utf-8");


$username = "pe";
$password = "pe";


if ($_POST['username'] == $username && $_POST['password'] == $password){


echo '登入成功';

}

else {
echo '登入錯誤,請重新登入。';
echo '[url=1.html]返回[/url]';
}
?>[/quote]

YjgfkHJj 2020-2-7 06:40 PM

good = true;
password = $_POST['p'];
un = $_POST['u'];
if( password == 'p1' && un=='u1'){
user = 'u1';
}
else if( password == 'p2' && un=='u2' ){
user = 'u2';
}
else if( password == 'p3' && un=='u3' ){
user = 'u3';
}
else{
good = false;
}
if(!good){
die('hack attempt, logged');
}

[[i] 本帖最後由 YjgfkHJj 於 2020-2-7 06:53 PM 編輯 [/i]]

YjgfkHJj 2020-2-7 07:05 PM

it's really basic stuff, if u are a employer, consider hiring someone in the long run

89568956 2020-2-7 08:09 PM

thx to reply it , Can u explain it in greater detail ,:smile_39:

error when add into it,

it seems to quite different with my original code.
which part can be changed?

Can these code add more users/password ?:smile_41:

[[i] 本帖最後由 89568956 於 2020-2-7 09:16 PM 編輯 [/i]]

YjgfkHJj 2020-2-7 09:22 PM

<!--?
}
else if($name == "admin" && $password == "adminpass")
{
$login_user = $name;
echo "認證成功";
}
[b]else if($name == "john" && $password == "jjjjjj")
{
$login_user = $name;
echo "認證成功";
}
else if($name == "mary" && $password == "kkkkk")
{
$login_user = $name;
echo "認證成功";
}
else if($name == "lee" && $password == "222222")
{
$login_user = $name;
echo "認證成功";
}[/b]
else
{
session_unregister("login_user");
echo "認證失敗";
}
?>

better?

[[i] 本帖最後由 YjgfkHJj 於 2020-2-7 09:23 PM 編輯 [/i]]

xianrenb 2020-2-7 09:46 PM

[quote]原帖由 [i]89568956[/i] 於 2020-2-7 05:59 PM 發表 [url=https://computer.discuss.com.hk/redirect.php?goto=findpost&pid=514039075&ptid=28857495][img]https://computer.discuss.com.hk/images/common/back.gif[/img][/url]
上面那種研究不到, 本人找到下面, 嘗試用以下:
試左加入不同的username, password,都是不可以多用戶登入,  問C HING,要怎加/修改才能可以多用戶登入?:smile_39:
$username = "pe";
$password = "pe";
$username = "p1";
$password = "p1";
$username = "pe2";
$p ... [/quote]
[url=https://en.wikipedia.org/wiki/Cryptographic_hash_function#Password_verification]https://en.wikipedia.org/wiki/Cryptographic_hash_function#Password_verification[/url]
[quote]...Password verification commonly relies on cryptographic hashes. Storing all user passwords as cleartext can result in a massive security breach if the password file is compromised. One way to reduce this danger is to only store the hash digest of each password. To authenticate a user, the password presented by the user is hashed and compared with the stored hash. A password reset method is required when password hashing is performed; original passwords cannot be recalculated from the stored hash value....[/quote]

呢 d 是基本概念。
搞得 password 就要這樣搞,否則不如唔好用 password 。

89568956 2020-2-7 10:12 PM

thx the code is changed

when types in right or wrong user/pass, it's also appearing blank page

how can i change?

i forget to write login page, for the reference:
[quote]

<html>
<head>
<title>ttttt</title>
</head>
<body>
<form action="test.php" method="POST">
<center><p>tttt</p></center>
<p align="center">
帳號:<input type="text" name="username">
<br/>
密碼:<input type="password" name="password">
<br/>
<input type="submit" name="login"  value="Login">
</p>
</form>
</body>
</html>

[/quote]

[[i] 本帖最後由 89568956 於 2020-2-7 10:15 PM 編輯 [/i]]

YjgfkHJj 2020-2-7 10:29 PM

in ur code, if wrong password, should run these 2 lines wor:
session_unregister("login_user");
echo "認證失敗";

煙民母親生賤種 2020-2-8 03:20 AM

一般唔會用 else if 去做登入。要多用戶,必先要懂 read file 或 SQL。
$sql = "SELECT username, password FROM user;

$password;

if ($result = $mysqli -> query($sql)) {
  while ($row = $result -> fetch_row()) {   

       $password = $row[1];

  }
  $result -> free_result();
}

$mysqli -> close();




if ($pass == $password)
{
//do something

}
else

die("login failed");

動感超人打怪獸 2020-2-8 06:13 AM

個password起碼要hash左佢

wtf_name 2020-2-9 06:08 AM

唔入流,仲用緊二三十年前的方法。
不如直接用google firebase 登入算

xianrenb 2020-2-9 09:26 AM

以下值得看看:
[url=https://en.wikipedia.org/wiki/Professional_negligence_in_English_law]https://en.wikipedia.org/wiki/Professional_negligence_in_English_law[/url]
[url=https://en.wikipedia.org/wiki/OpenID]https://en.wikipedia.org/wiki/OpenID[/url]
[url=https://en.wikipedia.org/wiki/OpenID_Connect]https://en.wikipedia.org/wiki/OpenID_Connect[/url]
[url=https://openid.net/developers/certified/]https://openid.net/developers/certified/[/url]
[url=https://bitbucket.org/PEOFIAMP/phpoidc/src/default/]https://bitbucket.org/PEOFIAMP/phpoidc/src/default/[/url]

煙民母親生賤種 2020-2-9 11:37 PM

[quote]原帖由 [i]xianrenb[/i] 於 2020-2-9 09:26 AM 發表 [url=https://www.discuss.com.hk/redirect.php?goto=findpost&pid=514107745&ptid=28857495][img]https://www.discuss.com.hk/images/common/back.gif[/img][/url]
以下值得看看:
[url]https://en.wikipedia.org/wiki/Professional_negligence_in_English_law[/url]
[url]https://en.wikipedia.org/wiki/OpenID[/url]
[url]https://en.wikipedia.org/wiki/OpenID_Connect[/url]
[url]https://openid.net/developers/certifi[/url] ... [/quote]
沒用的。假如有反革命組織諗住武力推翻政府。靠一個 Website  聯繫。要  Login  先睇到。唔通呢類 Site 會用  openid  呢類野??

YjgfkHJj 2020-2-9 11:59 PM

IT ppl tends to use free services nowadays, giving up control and security in favor of loading speed and ease of development ... someday this will become a problem

煙民母親生賤種 2020-2-10 01:36 AM

[quote]原帖由 [i]YjgfkHJj[/i] 於 2020-2-9 11:59 PM 發表 [url=https://computer.discuss.com.hk/redirect.php?goto=findpost&pid=514144715&ptid=28857495][img]https://computer.discuss.com.hk/images/common/back.gif[/img][/url]
IT ppl tends to use free services nowadays, giving up control and security in favor of loading speed and ease of development ... someday this will become a problem [/quote]就是這樣。比著我係唔會用呢D service。:fst_011:

Qoo記 2020-2-10 01:46 AM

希望樓主呢個唔係出街product
上[url=https://haveibeenpwned.com/]https://haveibeenpwned.com/[/url]搵到plain password leaked真係火都黎
寫冇encryption at rest連u student都不如

煙民母親生賤種 2020-2-11 03:43 AM

[quote]原帖由 [i]Qoo記[/i] 於 2020-2-10 01:46 AM 發表 [url=https://computer.discuss.com.hk/redirect.php?goto=findpost&pid=514147810&ptid=28857495][img]https://computer.discuss.com.hk/images/common/back.gif[/img][/url]
希望樓主呢個唔係出街product
上[url=https://haveibeenpwned.com/搵到plain]https://haveibeenpwned.com/搵到plain[/url] password leaked真係火都黎
寫冇encryption at rest連u student都不如 [/quote]我今日整左個 login system。md5應該足夠 :fst_011:
[url]https://phpdemohk.000webhostapp.com/login.html[/url]

YjgfkHJj 2020-2-14 11:19 PM

[quote]原帖由 [i]煙民母親生賤種[/i] 於 2020-2-11 03:43 AM 發表 [url=https://computer.discuss.com.hk/redirect.php?goto=findpost&pid=514192536&ptid=28857495][img]https://computer.discuss.com.hk/images/common/back.gif[/img][/url]
我今日整左個 login system。md5應該足夠 :fst_011:
[url=https://phpdemohk.000webhostapp.com/login.html]https://phpdemohk.000webhostapp.com/login.html[/url] [/quote]
md5 hash is a bit dangerous la, attacker can birthday attack you ... have some new tricks now, see here: [url]https://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash[/url]

煙民母親生賤種 2020-2-15 01:17 AM

[quote]原帖由 [i]YjgfkHJj[/i] 於 2020-2-14 11:19 PM 發表 [url=https://computer.discuss.com.hk/redirect.php?goto=findpost&pid=514367196&ptid=28857495][img]https://computer.discuss.com.hk/images/common/back.gif[/img][/url]

md5 hash is a bit dangerous la, attacker can birthday attack you ... have some new tricks now, see here: [url=https://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash]https://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash[/url] [/quote]add salt 係有用,但只用 md5 其實都很安全。除非用好 common 的 password。其實唔可以話 hack 到,只係D人搜集資料做左個 dictionary table ,反向對照。好似我呢個咁,基本無 table 對照,不知其長度,也不可能 brutal force attack。:fst_011:

[table][tr][td]編號[/td][td]登記名稱[/td][td]密碼[/td][td]自訂訊息[/td][/tr][tr][td]18[/td][td]陳大文[/td][td]4d9ba08ebf8260f24f4ce49b1448e4ab[/td][td]md5 咗。點 hack?[/td][/tr][/table]
頁: [1]
查看完整版本: 怎將代碼由一個用登入轉為多過一個用戶登入