Elvis L Posted January 19, 2015 Report Share Posted January 19, 2015 Sveiki, atradu internetā gatavu risinājumu, login sistēma, priekš 1 personas, man vajadzētu viņu nedaudz pielabot, lai manuāli ar roku varētu piereģistrēt vairāk kā vienu personu, vajadzētu apmēram pieciem lietotājiem, tapēc nav vērts vaidot db un reģistrēšanās sistēmu. Login sistēma atpazīst lietotāju pēc // username to login into page define('LOGIN_USER', "xxx1"); // password to login into page define('LOGIN_PASS', "xxx1"); Kas man būtu jādara, lai varētu piereģistrēt vairākus lietotājus, respektīvi, kas līdzīgs šim // username to login into page define('LOGIN_USER', "xxx1,xxx2"); // password to login into page define('LOGIN_PASS', "xxx1,xxx2"); Paldies jau iepriekš, gaidu Jūsu padomus Quote Link to comment Share on other sites More sharing options...
werd Posted January 19, 2015 Report Share Posted January 19, 2015 http://php.lv/f/topic/21956-paroles-drošība/?p=173686 Quote Link to comment Share on other sites More sharing options...
teiks Posted January 19, 2015 Report Share Posted January 19, 2015 (edited) Grūti spriest bez kōda. Palielam, konstantes varētu nomainīt uz masīviem. Un vietā kur skatās LOGIN_ būtu iterācija caur to masīvu, kur _USER un _PASS vietā skatītos pēc atslēgām no masīva. user => pass Failam, kurš glabā paroles noteikti, ka uzliec attiecīgas atļaujas. Un, ja tik tišām parole ir kā plain teksts, tad nenāktu par ļaunu nomainīt pret kādu algoritmisku outputu. (hah) Edited January 19, 2015 by teiks Quote Link to comment Share on other sites More sharing options...
zeCode Posted January 19, 2015 Report Share Posted January 19, 2015 define('LOGIN_USER', "user1,user2,user3,user4,user5");define('LOGIN_PASS', "pass1,pass2,pass3,pass4,pass5"); Varētu pārbaudīt kaut kā šādi$logged = checkLogin('user1','pass1'); md5 parolēm noderētu... Bet šāds variants jebkurā gadījumā nav optimālais risinājums! function checkLogin($name, $pass){ //explode posible usernames $users = explode(',',LOGIN_USER); //explode posible passwords $passwords = explode(',',LOGIN_PASS); // if(count($users) != count(array_unique($users))) die("I am dumb (no unique usernames)"); if(count($users) != count($passwords)) die('I am dumb (username count differs from passwords)'); // find username key $name_key = array_search($name,$users); // find password key $pass_key = array_search($pass,$passwords); return ($name_key !== false && $pass_key !== false && $name_key == $pass_key); } Quote Link to comment Share on other sites More sharing options...
Elvis L Posted January 20, 2015 Author Report Share Posted January 20, 2015 (edited) <?php # Name: Login.class.php # Description: simple single user login script # Author: ricocheting # Web: http://www.ricocheting.com/code/php # Update: 2010-06-06 # Version: 2.1 # Copyright 2003 ricocheting.com /* This script is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // username to login into page define('LOGIN_USER', "useris"); // password to login into page define('LOGIN_PASS', "parole"); ################################################################################################### ################################################################################################### ################################################################################################### # CLASS desc: for calling login authentication # CLASS req: looks for constants LOGIN_USER and LOGIN_PASS # Can be called: ?action=clear_login ?action=prompt class Login { // unique prefix that is used with this object (on cookies and password salt) var $prefix = "login_"; // days "remember me" cookies will remain var $cookie_duration = 21; // temporary values for comparing login are auto set here. do not set your own $user or $pass here var $user = ""; var $pass = ""; #-############################################# # desc: calls the rest of the functions depending on login state # returns: nothing, but will print login prompt and die if necessary function authorize() { //save cookie info to session if(isset($_COOKIE[$this->prefix.'user'])){ $_SESSION[$this->prefix.'user'] = $_COOKIE[$this->prefix.'user']; $_SESSION[$this->prefix.'pass'] = $_COOKIE[$this->prefix.'pass']; } // else{echo "no cookie<br>";} //if setting vars if(isset($_POST['action']) && $_POST['action'] == "set_login"){ $this->user = $_POST['user']; $this->pass = md5($this->prefix.$_POST['pass']); //hash password. salt with prefix $this->check();//dies if incorrect //if "remember me" set cookie if(isset($_POST['remember'])){ setcookie($this->prefix."user", $this->user, time()+($this->cookie_duration*86400));// (d*24h*60m*60s) setcookie($this->prefix."pass", $this->pass, time()+($this->cookie_duration*86400));// (d*24h*60m*60s) } //set session $_SESSION[$this->prefix.'user'] = $this->user; $_SESSION[$this->prefix.'pass'] = $this->pass; } //if forced log in elseif(isset($_GET['action']) && $_GET['action'] == "prompt"){ session_unset(); session_destroy(); //destroy any existing cookie by setting time in past if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25)); if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25)); $this->prompt(); } //if clearing the login elseif(isset($_GET['action']) && $_GET['action'] == "clear_login"){ session_unset(); session_destroy(); //destroy any existing cookie by setting time in past if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25)); if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25)); $msg = '<h2 class="msg">**Jūs veiksmīgi izgājāt no sistēmas**</h2>'; $this->prompt($msg); } //prompt for elseif(!isset($_SESSION[$this->prefix.'pass']) || !isset($_SESSION[$this->prefix.'user'])){ $this->prompt(); } //check the pw else{ $this->user = $_SESSION[$this->prefix.'user']; $this->pass = $_SESSION[$this->prefix.'pass']; $this->check();//dies if incorrect } }#-#authorize() #-############################################# # desc: compares the user info # returns: nothing, but will print login prompt and die if incorrect function check(){ if(md5($this->prefix . LOGIN_PASS) != $this->pass || LOGIN_USER != $this->user){ //destroy any existing cookie by setting time in past if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25)); if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25)); session_unset(); session_destroy(); $msg='<h2 class="warn">Nepareizs lietotājs, vai parole</h2>'; $this->prompt($msg); } }#-#check() #-############################################# # desc: prompt to enter password # param: any custom message to display # returns: nothing, but exits at end function prompt($msg=''){ ?> <html><head> <title>SPX Pieslēģšanās</title> <style> body{margin:15px;} table.login{border-collapse:collapse;} table.login td{font:bold 10pt verdana;color:black;border:1px #535353 solid;border-collapse:collapse;padding:2px 3px;text-align:center;background:#eeeeee;} table.login td.header{background-color:#cccccc;} .msg{font:bold 120% verdana;text-align:center;color:green;} .warn{font:bold 120% verdana;text-align:center;color:maroon;} </style> </head><body> <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post"> <input type="hidden" name="action" value="set_login"> <?php echo $msg; ?> <table align="center" width="300" class="login"> <tr><td class="header" colspan="2">Ievadiet pieslēgšanās informāciju</td></tr> <tr> <td class="desc"><label for="user">Emails:</label> <input type="text" name="user" id="user"></td> <td class="desc"><label for="pass">Parole:</label> <input type="password" name="pass" id="pass"></td> </tr> <tr><td class="desc" colspan="2" style="text-align:left;"> <input type="checkbox" name="remember" id="remember"> <label for="remember">Atcerēties mani šajā datorā</label> </td></tr> <tr><td class="desc" colspan="2" style="text-align:right;"><input type="submit" value="Pieslēgties"></td></tr> </table> </form> </body></html> <?php //don't run the rest of the page exit; }#-#prompt() }//CLASS Login ?> un šādi izsauc $login = new Login; // create object login $login->authorize(); // make user login Šis vispār domāts kā pagaidu variants, tādēļ nebija doma likt ko nopietnāku, jo sākotnēji nebija vispār autorizācijas Edited January 20, 2015 by Elvis L Quote Link to comment Share on other sites More sharing options...
ziedinjsh Posted January 20, 2015 Report Share Posted January 20, 2015 Var taču atrast netā vienkāršu reģistrācijas un autorizācijas kodus ar datubāzi, man vismaz tā liekas vieglāk Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.