Backend Development
PHP Tutorial
[PHP&MySQL] Modify password + prevent forced entry into the system through URL
[PHP&MySQL] Modify password + prevent forced entry into the system through URL
●Use PHP MySQL to change the password
This article describes the specific code and operation process of using PHP MySQL to change the password.
Page:
index.php Login page, enter the default password to log in to the system
check.php verification page, pass Query the database to check whether the password is correct ——> If correct, enter the system or error, prompt "Incorrect password", return to the login page
system.php system page, containing the "Change Password" link
change.php Enter new password change page
changePwd.php Change password page
Key code:
index.php
<form action="check.php" method="post">
<p >请输入密码:</p><input type="password" name="psd" />
<button type="submit" name="submit" value="登录" />登录</button>
</form>check.php
<?php
$servername = "localhost";
$username = "用户";
$password = "密码";
$dbname = "数据库名";
// 创建连接
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("连接失败: " . $conn->connect_error);
}
$sql = "SELECT password FROM admin"; //此处涉及名称是admin的数据表,内部有name 和password两个字段,值分别是admin 和 1
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$adminkey = $row["password"]; //设$adminkey是管理员密码,将从数据表中读取的数据赋值进去
}
}
$conn->close();
/************************请在上方修改管理员密码,默认是'1' *************************/
if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){
if($_POST['psd'] == $adminkey){ //如果输入的密码和数据库中的默认密码相同,则进入系统
header("Location:system.php");
exit;
}else{
?>
<script language="javascript"> //如果密码错误,给出提示,返回登录页面
alert("password error");
window.location.href="index.php";
</script>
<?php
}
}
?>
system.php
<a href="change.php" class="chang">修改密码</a>change .php
##
<form action="changPwd.php" method="post" > 请输入新密码:<input type="password" name="new_psd"> <button type="submit" name="submit" value="修改" class="btn "/>修改</button> </form>
changePwd.php
<?php
if( isset($_POST["submit"]) && $_POST["submit"] = "修改"){
$nempas = $_POST["new_psd"];
$servername = "localhost";
$username = "用户名";
$password = "密码";
$dbname = "数据库名";
// 创建连接
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
mysqli_query($conn,"UPDATE admin SET password='{$nempas}' WHERE name='admin' ");
//使用UPDATE语句修改数据库中的password字段,并且新的值来自 change.php页面输入的新密码
WHERE语句必须写,否则会更新所有的字段
mysqli_close($conn);
?>
<script language="javascript">
alert("change success");
window.location.href="system.php";
</script>
<?php
}else{
echo 'alert("change error");
}
?>●Prevent forced entry into the system through URL
For example, the website name is www.xxx.com, and the viewer notices that it belongs to a certain system After logging in to the page, you may bypass entering the password and enter the system by trying http://www.xxx.com/system.php. . . . [Newbie Level]
You can add a check page checkInfo.php
Check the password first Pagecheck.php Change:
if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){
if($_POST['psd'] == $adminkey){
session_start();
$_SESSION["loginKey"] = 101; //101随缘弄的,别的也行
// session 变量用于存储关于用户会话(session)的信息,或者更改用户会话(session)的设置。Session 变量存储单一用户的信息,并且对于应用程序中的所有页面都是可用的
所以,可利用此,只有通过密码验证,才会生成$_SESSION["loginKey"],从而在之后的页面如system.php 的开头加入检查页面 checkInfo.php ,检查有没有生成的$_SESSION["loginKey"]
就可以辨别有没有绕过密码强行进入
header("Location:system.php");
exit;
}else{
?>
<script language="javascript">
alert("password error");
window.location.href="index.php";
</script>
<?php
}
}
?>checkInfo.php
<?php
session_start();
if(!isset($_SESSION["loginKey"])){
?>
<script language="javascript">
alert("please land first");
window.location.href="index.php";
</script>
<?php
}
?>Example
Add at the beginning of system.php:<?phpinclude 'checkInfo.php';?> <!doctype html> <html> ...... .. .. .. </html>
PHP video tutorial and mysql video tutorial learn.
The above is the detailed content of [PHP&MySQL] Modify password + prevent forced entry into the system through URL. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
How to fix mysql_native_password not loaded errors on MySQL 8.4
Dec 09, 2024 am 11:42 AM
One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely. This change affects PHP and other app
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
7 PHP Functions I Regret I Didn't Know Before
Nov 13, 2024 am 09:42 AM
If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op
Top 10 PHP CMS Platforms For Developers in 2024
Dec 05, 2024 am 10:29 AM
CMS stands for Content Management System. It is a software application or platform that enables users to create, manage, and modify digital content without requiring advanced technical knowledge. CMS allows users to easily create and organize content
How to Add Elements to the End of an Array in PHP
Feb 07, 2025 am 11:17 AM
Arrays are linear data structures used to process data in programming. Sometimes when we are processing arrays we need to add new elements to the existing array. In this article, we will discuss several ways to add elements to the end of an array in PHP, with code examples, output, and time and space complexity analysis for each method. Here are the different ways to add elements to an array: Use square brackets [] In PHP, the way to add elements to the end of an array is to use square brackets []. This syntax only works in cases where we want to add only a single element. The following is the syntax: $array[] = value; Example
