Home > Article > Backend Development > PHP的一段登陆代码,该怎么解决
PHP的一段登陆代码
现在有段PHP代码, 我要把登陆密码设为指定的数字, 不从数据库里面取, 大家给我看看改如何修改?
/**
**============================================================================
* ============================================================================
*/
$dir_name=str_replace('\\','/',dirname(__FILE__));
$admindir=substr($dir_name,strrpos($dir_name,'/')+1);
define('CMS_PATH',str_replace($admindir,'',$dir_name));
define('INC_PATH',CMS_PATH.'includes/');
define('DATA_PATH',CMS_PATH.'data/');
include(INC_PATH.'fun.php');
include(DATA_PATH.'confing.php');
include(INC_PATH.'mysql.class.php');
if(file_exists(DATA_PATH.'sys_info.php')){
include(DATA_PATH.'sys_info.php');
}
$mysql=new mysql(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME,DB_CHARSET,DB_PCONNECT);
session_start();
$_SESSION['login_in']=empty($_SESSION['login_in'])?'':$_SESSION['login_in'];
$_SESSION['admin']=empty($_SESSION['admin'])?'':$_SESSION['admin'];
if($_SESSION['login_in']&&$_SESSION['admin']){header("location:admin.php");}
$action=empty($_GET['action'])?'login':$_GET['action'];
$password=empty($_POST['password'])?'':$_POST['password'];
$user=empty($_POST["user"])?'':$_POST['password'];
$code=empty($_POST['code'])?'':$_POST['code'];
$submit=empty($_POST['submit'])?'':$_POST['submit'];
go_url($action);
function login(){
global $_sys;
include('template/admin_login.html');
}
function ck_login(){
global $submit,$user,$password,$_sys,$code;
$submit=$_POST['submit'];
$user=fl_html(fl_value($_POST['user']));
$password=fl_html(fl_value($_POST['password']));
$code=$_POST['code'];
if(!isset($submit)){
msg('请从登陆页面进入');
}
if(empty($user)||empty($password)){
msg("密码或用户名不能为空");
}
if(!empty($_sys['safe_open'])){
foreach($_sys['safe_open'] as $k=>$v){
if($v=='3'){
if($code!=$_SESSION['code']){msg("验证码不正确!");}
}
}
}
check_login($user,$password);
}
function out(){
login_out();
}
?>
------解决方案--------------------
那你将你的check_login($user,$password);
方法的$password变量直接设置为数字就可。在方法里面就将你传递的数字在你的方法里面进行比对。
------解决方案--------------------
fun.php 贴出这个文件的代码
------解决方案--------------------
check_login($user,$password) {
($password == '12345') ? $_SESSION['login_in'] = yes : die("error");
}
------解决方案--------------------
有几个注释的地方自己看看 因为不知道你其他代码是否有用到那些变量处理.
function check_login($user, $password) {
/*
$rel=$GLOBALS['mysql']->fetch_asc("select id,admin_name,admin_password,admin_purview,is_disable from ".DB_PRE."admin where admin_name='".$user."' limit 0,1");
$rel=empty($rel)?'':$rel[0];
if(empty($rel)){
msg('不存在该管理用户','login.php');
}
$password=md5($password);
if($rel['is_disable']){
msg('该账号已经被锁定,无法登陆');
}
*/
$oldPassword = '12345'; //默认固定密码
if ($password != $oldPassword) {
msg("输入的密码不正确");
}
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['admin'] = $rel['admin_name'];
//$_SESSION['admin_purview'] = $rel['admin_purview']; //这里需要根据车给你需代码进行处理
//$_SESSION['admin_id'] = $rel['id']; 这里id 需要根据程序代码进行处理
$_SESSION['admin_time'] = time();
$_SESSION['login_in'] = 1;
$_SESSION['login_time'] = mktime();
$ip = fl_value(get_ip());
$ip = fl_html($ip);
$_SESSION['admin_ip'] = $ip;
//unset($rel);
header("location:admin.php");
}