[PHP&MySQL] Modify password + prevent forced entry into the system through URL

●Use PHP MySQL to change the password

This article describes the specific code and operation process of using PHP MySQL to change the password.

Page:

index.php Login page, enter the default password to log in to the system

check.php verification page, pass Query the database to check whether the password is correct ——> If correct, enter the system or error, prompt "Incorrect password", return to the login page

system.php system page, containing the "Change Password" link

change.php Enter new password change page

changePwd.php Change password page

Key code:

index.php

 
请输入密码：
 登录 

check.php

connect_error) { die("连接失败: " . $conn->connect_error); } $sql = "SELECT password FROM admin"; //此处涉及名称是admin的数据表，内部有name 和password两个字段，值分别是admin 和 1 $result = $conn->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $adminkey = $row["password"]; //设$adminkey是管理员密码，将从数据表中读取的数据赋值进去 } } $conn->close(); /************************请在上方修改管理员密码，默认是'1' *************************/ if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){ if($_POST['psd'] == $adminkey){ //如果输入的密码和数据库中的默认密码相同，则进入系统 header("Location:system.php"); exit; }else{ ?>   system.php 修改密码

change .php

##

 请输入新密码： 修改 

changePwd.php

●Prevent forced entry into the system through URL

For example, the website name is www.xxx.com, and the viewer notices that it belongs to a certain system After logging in to the page, you may bypass entering the password and enter the system by trying http://www.xxx.com/system.php. . . . [Newbie Level]

You can add a check pagecheckInfo.php

Check the password first Page

check.phpChange:

if( isset($_POST["submit"]) && $_POST["submit"] = "登录"){ if($_POST['psd'] == $adminkey){ session_start(); $_SESSION["loginKey"] = 101; //101随缘弄的，别的也行 // session 变量用于存储关于用户会话（session）的信息，或者更改用户会话（session）的设置。Session 变量存储单一用户的信息，并且对于应用程序中的所有页面都是可用的 所以，可利用此，只有通过密码验证，才会生成$_SESSION["loginKey"]，从而在之后的页面如system.php 的开头加入检查页面 checkInfo.php ，检查有没有生成的$_SESSION["loginKey"] 就可以辨别有没有绕过密码强行进入 header("Location:system.php"); exit; }else{ ?>  

Then write

checkInfo.php

Example

Add at the beginning of system.php:

   ...... .. .. .. 

Note: session_start(); When starting the session, the previous code cannot have any output! (Such as echo '...'; alert("....");)

It is recommended to throw it directly to the beginning

If you want to know more, please go to the PHP Chinese website

PHP video tutorialandmysql video tutoriallearn.

The above is the detailed content of [PHP&MySQL] Modify password + prevent forced entry into the system through URL. For more information, please follow other related articles on the PHP Chinese website!