English 中文(简体)
这一标识是否好/现在/安全?
原标题:Is this login script good / current / secure?

这是网站的认证书。 这是安全的吗? 最近的方案拟定是否? 它是否陈旧? 是否有“更加安全的方法”我是很新的,但我看不到太多的地方使用头盔授权。

任何帮助都值得赞赏。 这是我有史以来第一次使用的标识,也是登记。 然而,我不相信我像头脑授权一样。

<?php
require_once( connectvars.php );
IF (!isset($_SERVER[ PHP_AUTH_USER ]) || !isset($_SERVER[ PHP_AUTH_PW ])) {
header( HTTP/1.1 401 Unauthorized );
header( WWW-Authenticate: Basic realm="Register" );
exit( <h3> You must enter your username & password to continue );
}
$Dbc  = mysqli_connect( localhost ,  root ,   ,  learn );
$user_username = mysqli_real_escape_string($Dbc, trim($_SERVER[ PHP_AUTH_USER ]));
$user_password = mysqli_real_escape_string($Dbc, trim($_SERVER[ PHP_AUTH_PW ]));
$query = "SELECT ID, Username from members where Username =  $user_username  AND " .
"Password = SHA1( $user_password )";
$data = mysqli_query($Dbc, $query);
if (mysqli_num_rows($data) == 1) {
$row = mysqli_fetch_array($data);
$user_id = $row[ ID ];
$username = $row[ Username ];
}
else {
header( http/1.1 401 unauthorized );
header( www-authenticate: basic realm="Register" );
}
echo ( <p class="Login"> yo are logged in as   . $user_username .  .</p> ); 

if (isset($_POST[ submit ])) {
$username = $_POST[ username ];
$password = $_POST[ password ];
$email = $_POST[ email ];

if (empty($username) ){ 
echo "you forgot to enter a username.</br>";
}
if (empty($password)) {
echo "you forgot to enter a password.</br>";
}   
if (empty($email)) {
echo "you forgot to enter an email.</br>";
}

if(!empty($username) && !empty($password) && !empty($email))  {
$dbc = mysqli_connect( localhost ,  root ,   ,  learn );
$checkusername =  SELECT username FROM members where username = " .$username. " ;
if (mysqli_num_rows(mysqli_query($dbc, $checkusername)) != 0) 
{
    echo "<font color = red> Username <font color = black><u>           $username</u></font> already exists in the database.</font></br>";

$checkemail =  Select email FROM members where email = " .$email. " ;
if (mysqli_num_rows(mysqli_query($dbc, $checkemail)) != 0)
        echo "<font color = red> Email <font color = black><u>     $email</u></font> already exists in the database.</font>";
    mysqli_close($dbc);
}
else 
{
$query = "INSERT INTO members VALUES (0,  $username , SHA1( $password ),  $email )";
mysqli_query($dbc, $query);
echo " Username: <font color = green ><u> $username</u></font> & Password: <font color = green><u> $password</u></font> have been added to the database.";
mysqli_close($dbc);
}
}   
}

?>
最佳回答

它是错误的。 我sqli支持不平衡的询问;使用这些询问。

时间:2012-04-11 01:29:18
问题回答

暂无回答


上一篇:
下一篇:


相关问题
SQL SubQuery getting particular column

I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...

时间:2009-11-13 05:35:38 回答:3 展示:1
please can anyone check this while loop and if condition

<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...

时间:2009-11-13 05:25:03 回答:3 展示:1
php return a specific row from query

Is it possible in php to return a specific row of data from a mysql query? None of the fetch statements that I ve found return a 2 dimensional array to access specific rows. I want to be able to ...

时间:2009-11-09 16:40:04 回答:2 展示:1
Character Encodings in PHP and MySQL

Our website was developed with a meta tag set to... <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> This works fine for M-dashes and special quotes, etc. However, I ...

时间:2009-11-09 16:15:32 回答:3 展示:1
Pagination Strategies for Complex (slow) Datasets

What are some of the strategies being used for pagination of data sets that involve complex queries? count(*) takes ~1.5 sec so we don t want to hit the DB for every page view. Currently there are ~...

时间:2009-11-09 16:02:04 回答:5 展示:1
Averaging a total in mySQL

My table looks like person_id | car_id | miles ------------------------------ 1 | 1 | 100 1 | 2 | 200 2 | 3 | 1000 2 | 4 | 500 I need to ...

时间:2009-11-09 14:43:41 回答:4 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全