[PHP&MySQL] Modify password + prevent forced entry into the system through URL

little bottle
Release: 2023-04-05 21:24:01
forward
2891 people have browsed it

●Use PHP MySQL to change the password

This article describes the specific code and operation process of using PHP MySQL to change the password.

Page:

index.php Login page, enter the default password to log in to the system

check.php verification page, pass Query the database to check whether the password is correct ——> If correct, enter the system or error, prompt "Incorrect password", return to the login page

system.php system page, containing the "Change Password" link

change.php Enter new password change page

changePwd.php Change password page

Key code:

index.php

   <form action="check.php" method="post">    
   <p >请输入密码:</p><input type="password" name="psd"  />
    <button type="submit" name="submit" value="登录" />登录</button>
   </form>
Copy after login

check.php

<?php

$servername = "localhost";
$username = "用户";
$password = "密码";
$dbname = "数据库名";


// 创建连接
$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("连接失败: " . $conn->connect_error);
}

$sql = "SELECT password FROM admin";      //此处涉及名称是admin的数据表,内部有name 和password两个字段,值分别是admin 和 1
$result = $conn->query($sql);
 
if ($result->num_rows > 0) {
     while($row = $result->fetch_assoc()) {
    $adminkey = $row["password"];             //设$adminkey是管理员密码,将从数据表中读取的数据赋值进去
    }
}

$conn->close();

 

/************************请在上方修改管理员密码,默认是&#39;1&#39; *************************/


 if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){
    if($_POST[&#39;psd&#39;] == $adminkey){       //如果输入的密码和数据库中的默认密码相同,则进入系统
  header("Location:system.php");  
  exit;
 }else{
 ?>
 <script language="javascript">                //如果密码错误,给出提示,返回登录页面
  alert("password error");
  window.location.href="index.php";
 </script>
 <?php
   }
}

?>

system.php

<a href="change.php" class="chang">修改密码</a>
Copy after login

change .php

##

<form action="changPwd.php" method="post" >
  请输入新密码:<input type="password" name="new_psd">
  <button type="submit" name="submit" value="修改" class="btn "/>修改</button>
 </form>
Copy after login

changePwd.php

<?php

 if( isset($_POST["submit"]) && $_POST["submit"] = "修改"){
  $nempas = $_POST["new_psd"];
  $servername = "localhost";
  $username = "用户名";
  $password = "密码";
  $dbname = "数据库名";


  // 创建连接
  $conn = new mysqli($servername, $username, $password, $dbname);
  // Check connection
  
  mysqli_query($conn,"UPDATE admin SET password=&#39;{$nempas}&#39; WHERE name=&#39;admin&#39; ");

  //使用UPDATE语句修改数据库中的password字段,并且新的值来自 change.php页面输入的新密码

   WHERE语句必须写,否则会更新所有的字段

  mysqli_close($conn);
  ?>
  <script language="javascript">
   alert("change success");
   window.location.href="system.php";
  </script>
  <?php
 }else{
  echo &#39;alert("change error");
 }
  ?>
Copy after login

●Prevent forced entry into the system through URL

For example, the website name is www.xxx.com, and the viewer notices that it belongs to a certain system After logging in to the page, you may bypass entering the password and enter the system by trying http://www.xxx.com/system.php. . . . [Newbie Level]

You can add a check page checkInfo.php

Check the password first Page

check.php Change:

if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){

   if($_POST[&#39;psd&#39;] == $adminkey){

  session_start();
  $_SESSION["loginKey"] = 101;                   //101随缘弄的,别的也行
 // session 变量用于存储关于用户会话(session)的信息,或者更改用户会话(session)的设置。Session 变量存储单一用户的信息,并且对于应用程序中的所有页面都是可用的

所以,可利用此,只有通过密码验证,才会生成$_SESSION["loginKey"],从而在之后的页面如system.php 的开头加入检查页面 checkInfo.php ,检查有没有生成的$_SESSION["loginKey"]

就可以辨别有没有绕过密码强行进入

header("Location:system.php");  
  exit;
 }else{
 ?>
 <script language="javascript">
  alert("password error");
  window.location.href="index.php";
 </script>
 <?php
   }
}

?>
Copy after login

Then write

checkInfo.php

<?php
 session_start();
 if(!isset($_SESSION["loginKey"])){    
  ?>
  <script language="javascript">
  alert("please land first");
  window.location.href="index.php";
  </script>
  <?php
 }

?>
Copy after login

Example

Add at the beginning of system.php:

<?phpinclude &#39;checkInfo.php&#39;;?>
<!doctype html>
<html>
...... .. .. ..
</html>
Copy after login
Note: session_start(); When starting the session, the previous code cannot have any output! (Such as echo '...'; alert("....");)

It is recommended to throw it directly to the beginning

If you want to know more, please go to the PHP Chinese website

PHP video tutorial and mysql video tutorial learn.

The above is the detailed content of [PHP&MySQL] Modify password + prevent forced entry into the system through URL. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:cnblogs.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!