能见见你的代码吗,
是你的PHP不能登录服务器还是其它的什么原因?
出错提示呢那篇文章已拜读
有这样一个想法用于验证的SQL
$query = "SELECT username,password FROM users WHERE username='$uname' and password=password('$pwd')";
如果我这样写入用户名与密码呢
$uname = 123' Or 'a'='a
$pwd = 123$query = "SELECT username,password FROM users WHERE username='123' Or 'a'='a' and password=password('123')";???
我想返回值应该有很多吧
是你的PHP不能登录服务器还是其它的什么原因?
出错提示呢那篇文章已拜读
有这样一个想法用于验证的SQL
$query = "SELECT username,password FROM users WHERE username='$uname' and password=password('$pwd')";
如果我这样写入用户名与密码呢
$uname = 123' Or 'a'='a
$pwd = 123$query = "SELECT username,password FROM users WHERE username='123' Or 'a'='a' and password=password('123')";???
我想返回值应该有很多吧
function authenticate() {
Header('WWW-authenticate: basic realm="会员区"');
Header('HTTP/1.0 401 Unauthorized');
echo "你必须输入正确的用户名和口令。\n";
exit;
}
function CheckUser($uname, $pwd) {
if ($uname == "" || $pwd == "") return 0;
$query = "SELECT username,password FROM users WHERE username='$uname' and password=password('$pwd')";
$db_id = mysql_connect('localhost', 'root', 'mypwd');
mysql_select_db('member',$db_id);
$result = mysql_query($query, $db_id);
$num=mysql_num_rows($result);
mysql_close($db_id);
if ($num>0) {
return 1; // 有效登录
} else {
return 0; // 无效登录
}
}
while($PHP_AUTH_USER==""||$PHP_AUTH_PW=="")
{
authenticate();
while(!CheckUser($PHP_AUTH_USER,$PHP_AUTH_PW))
authenticate();
}
echo "username".$PHP_AUTH_USER." password".$PHP_AUTH_PW;
?>
这样才行
这一项,改成register_global=on
然后重新启动apache
如果还不行检查CheckUser($uname, $pwd)这个函数写的对不对
+----------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+-------+
| username | varchar(20) | YES | | NULL | |
| password | varchar(20) | YES | | 1234 | |
+----------+-------------+------+-----+---------+-------+
2 rows in set (0.07 sec)
<?php
function authenticate() {
Header('WWW-authenticate: basic realm="会员区"');
Header('HTTP/1.0 401 Unauthorized');
echo "你必须输入正确的用户名和口令。\n";
exit;
}
function CheckUser($uname, $pwd) {
if ($uname == "" || $pwd == "") return 0;
$query = "SELECT username,password FROM users WHERE username='$uname' and password=password('$pwd')";
$db_id = mysql_connect('localhost', 'root');
mysql_select_db('member',$db_id);
$result = mysql_query($query, $db_id);
$num=mysql_num_rows($result);
mysql_close($db_id);
if ($num>0) {
return 1; // 有效登录
} else {
return 0; // 无效登录
}
}
?>
<?php
require('auth.inc');
if (CheckUser($PHP_AUTH_USER,$PHP_AUTH_PW)==0) {
authenticate();
} else {
echo "这是合法用户要访问的网页。"; //将此行改为向合法用户输出的网页
}
?>
if(!isset($PHP_AUTH_USER))
{
header("WWW-Authenticate:Basic realm=\"穿越时光\"");
header("HTTP/1.0 401 Unauthorized");
echo "身份验证失败,您无权登录本站!";
exit;
}
if(!mysql_pconnect("myhost","webuser","password"))
{
echo "无法连接数据库";
exit;
}
$sql = "select name,password,class from access where name='$PHP_AUTH_USER' and password='$PHP_AUTH_PW'";
$result = mysql_db_query("myweb",$sql);
$row = mysql_fetch_array($result);
if(!$row)
{
header(("WWW-Authenticate:Basic realm=\"穿越时光\"");
header("HTTP/1.0 401 Unauthorized");
echo "身份验证失败,您无权登录本站!";
exit;
}数据库为myweb
数据表是:access
create table access(
id int(9) not null auto_increment,
name varchar(20) not null,
password varchar(10) not null,
class char(2) default'0' not null,
primary key(id)
);
==>
if(empty($PHP_AUTH_USER))
试试看