各位好,刚接触PHP,下了一个开放源码的应用程序学习,我看到FORM ACTION指向="{$site_admin}managers/login,可实际上根本就没有这个folder,为什么程序还能完成登陆验证呢,望指教
<form action="{$site_admin}managers/login" method="post">
<table width="100%" border="0" cellpadding="5" cellspacing="0" id="editor">
<tr>
<td width="100" class="title">用户名:</td>
<td width="240" class="content"><input name="username" type="text" id="username" value="{$smarty.post.username|default:$smarty.cookies.managerusername}" size="30" /></td>
<td class="content">
{if $errors.empty_username}<span class="warning">请输入用户名</span>
{elseif $errors.empty_member}<span class="warning">没有这个用户</span>
{elseif $errors.member_locked}<span class="warning">抱歉, 账户被锁</span>
{else}输入管理员账户 (注: 测试账户用户名/密码均为 admin)
{/if} </td>
</tr>
<tr>
<td class="title">密码:</td>
<td class="content"><input name="password" type="password" id="password" value="" size="30" /></td>
<td class="content">
{if $errors.empty_password}<span class="warning">密码不能为空</span>
{elseif $errors.wrong_password}<span class="warning">密码错误</span>
{else}输入登录密码
{/if} </td>
</tr>
<tr class="noline">
<td class="title">验证码:</td>
<td class="content"><input name="number" type="text" size="30" /></td>
<td class="content">
{if $errors.empty_number}<span class="warning">必须输入验证码:</span>
{elseif $errors.wrong_number}<span class="warning">验证码错误, 请重新输入:</span>
{else}请输入此右边四位数字:
{/if}
<img src="{$site_admin}managers/imagenumber" name="imagenumber" width="80" height="20" border="0" align="absmiddle" id="imagenumber" />
</td>
</tr>
</table>
<div class="fr mt10">
<input name="action" type="hidden" id="action" value="login" />
<input type="submit" value="登录" class="btn" />
</div>
</form>
{/if}
<form action="{$site_admin}managers/login" method="post">
<table width="100%" border="0" cellpadding="5" cellspacing="0" id="editor">
<tr>
<td width="100" class="title">用户名:</td>
<td width="240" class="content"><input name="username" type="text" id="username" value="{$smarty.post.username|default:$smarty.cookies.managerusername}" size="30" /></td>
<td class="content">
{if $errors.empty_username}<span class="warning">请输入用户名</span>
{elseif $errors.empty_member}<span class="warning">没有这个用户</span>
{elseif $errors.member_locked}<span class="warning">抱歉, 账户被锁</span>
{else}输入管理员账户 (注: 测试账户用户名/密码均为 admin)
{/if} </td>
</tr>
<tr>
<td class="title">密码:</td>
<td class="content"><input name="password" type="password" id="password" value="" size="30" /></td>
<td class="content">
{if $errors.empty_password}<span class="warning">密码不能为空</span>
{elseif $errors.wrong_password}<span class="warning">密码错误</span>
{else}输入登录密码
{/if} </td>
</tr>
<tr class="noline">
<td class="title">验证码:</td>
<td class="content"><input name="number" type="text" size="30" /></td>
<td class="content">
{if $errors.empty_number}<span class="warning">必须输入验证码:</span>
{elseif $errors.wrong_number}<span class="warning">验证码错误, 请重新输入:</span>
{else}请输入此右边四位数字:
{/if}
<img src="{$site_admin}managers/imagenumber" name="imagenumber" width="80" height="20" border="0" align="absmiddle" id="imagenumber" />
</td>
</tr>
</table>
<div class="fr mt10">
<input name="action" type="hidden" id="action" value="login" />
<input type="submit" value="登录" class="btn" />
</div>
</form>
{/if}
manager.….php 里面的login方法完成验证登陆的
真实情况要查路由分发机制
通常是这样:MVC模式下,重写到某个入口文件如 根目录/index.php 。然后调用控制器类managers的login方法
<?php
ob_start();
session_start();
include_once("functions.inc.php");
$functions = new functions();
$stime = $functions->getmicrotime();
include_once("config.inc.php");
$config = new config();
if(!$config->installed) { header("location:start"); exit; } //
if(function_exists("date_default_timezone_set")) date_default_timezone_set($config->site_timezone); include_once("libs/mi.adodb.php");
$db = dbconn($config->db_host, $config->db_username, $config->db_password, $config->db_database, $config->db_type);
// $db->debug=1;
include_once("libs/mi.smarty.php");
$smarty = new MySmarty("libs/smarty");
$smarty->setTemplate($config->dir_template);
$smarty->setCache("caches");
$smarty->setPlugin("../../plugins");
include_once("template.inc.php");
$segment = array();
$uri = "";
$template = new template();
$template->content = preg_replace("/(\.\.\/)+/i", $config->site_url, $template->content);
$template->content = preg_replace("/\<\?PHP(.*)exit;(.*)\?\>\r\n/i", "", $template->content);
echo $template->content;
// echo "<p align='center'>System Execute ". round(($functions->getmicrotime()-$stime), 4). " Seconds.</p>";
ob_end_flush();
?>
<?php
class template {
var $content;
var $pathinfo; function template() {
global $config, $smarty, $uri; $smarty->assign("config", $config);
$smarty->assign("site_url", $config->site_url);
$smarty->assign("site_index", $config->site_index);
$smarty->assign("site_admin", $config->site_admin);
$smarty->assign("site_upload", $config->dir_uploads); if(!empty($_SERVER["PATH_INFO"])) $uri = substr($_SERVER['PATH_INFO'], 1);
$uri .= "/";
$this->run_template();
} function run_template() {
global $config, $smarty, $segment, $timestart, $uri; $para = $uri;
// 找到要显示的模板路径
while(!empty($uri)) {
$uri = substr($uri, 0, strrpos($uri, '/'));
$_path = "{$config->dir_template}/{$uri}"; if( file_exists($_path) && !is_dir($_path) ||
file_exists("{$_path}/index.php") ||
file_exists("{$_path}.php") ||
file_exists("{$_path}/index.html") ||
file_exists("{$_path}.html") ||
file_exists("{$_path}/index.htm") ||
file_exists("{$_path}.htm")
) break;
} //
$segment = split('/', substr($para, strlen($uri), -1));
$smarty->assign("segment", $segment);
$smarty->assign("uri", $uri); // 存储在Smarty中,以备使用
// 加载指定模块
$this->pathinfo = $pathinfo = split('/', $para);
if(!empty($pathinfo[2])) $this->run_module($pathinfo[0], $pathinfo[1], $pathinfo[2]);
elseif (!empty($pathinfo[1])) $this->run_module($pathinfo[0], $pathinfo[1]);
elseif (!empty($pathinfo[0])) $this->run_module($pathinfo[0]);
// 加载指定页面
$_path = "{$config->dir_template}/{$uri}"; // 在 run_module 时可能对uri做过修改,再赋值
if(file_exists($_path) && !is_dir($_path)) {
if(substr($uri, -4)=='.css') { header("Content-type: text/css"); $this->content = $smarty->fetch($uri); /* $this->content = file_get_contents($_path); */ }
elseif(substr($uri, -3)=='.js') { header("Content-type: text/javascript"); $this->content = $smarty->fetch($uri); /* $this->content = file_get_contents($_path); */ }
elseif(substr($uri, -4)=='.xml') { header("Content-Type: text/xml"); $this->content = $smarty->fetch($uri); }
else { $this->content = $smarty->fetch($uri); }
}
else {
header("Content-type: text/html; charset={$config->site_charset}");
if(file_exists("{$_path}.html")) { $this->content = $smarty->fetch("./{$uri}.html"); }
else if(file_exists("{$_path}/index.html")) { $this->content = $smarty->fetch("./{$uri}/index.html"); }
else if(file_exists("{$_path}.htm")) { $this->content = $smarty->fetch("./{$uri}.htm"); }
else if(file_exists("{$_path}/index.htm")) { $this->content = $smarty->fetch("./{$uri}/index.htm"); }
else if(file_exists("{$_path}.php")) { $this->content = $smarty->fetch("./{$uri}.php"); }
else if(file_exists("{$_path}/index.php")) { $this->content = $smarty->fetch("./{$uri}/index.php"); }
} } function run_module($module="", $class="", $function="") {
global $$module; if(!empty($module) && file_exists("modules/{$module}/index.php")) {
include_once("modules/{$module}/index.php");
$$module = new $module();
} if(!empty($class) && file_exists("modules/{$module}/mod.{$class}.php")) {
include_once("modules/{$module}/mod.{$class}.php");
$obj = new $class();
if(!empty($function) && method_exists($class, $function)) $obj->$function();
else if (method_exists($class, "index")) $obj->index();
}
}
}?>
<?php
class config {
var $db_type = "mysql";
var $db_host = "localhost";
var $db_username = "root";
var $db_password = "1234";
var $db_database = "yalei_os";
var $db_prefix = "ts_"; var $site_url = "/";
var $site_index = "index.php";
var $site_admin = "admin";
var $site_name = "亚雷";
var $site_timezone = "Asia/Shanghai";
var $site_charset = "gbk"; var $dir_uploads = "uploads";
var $dir_template = "templates"; var $installed = "1";
function config() {
$this->site_index = str_replace("//", "/", $this->site_url.$this->site_index."/");
$this->site_admin = str_replace("//", "/", $this->site_index.$this->site_admin."/");
}
}
?>
1.< html>
2.< head>< title>e
3.< /title>
4.< /head>
5.< body>
6.< form action="login.php"
method="POST" >
用户:1.< input type="text"
name="username">
2.< br>
密码:1.< input type="password"
name="password">
2.< input type ="Submit"
value ="确定">
3.< input type ="reset"
value ="取消">
4.< /form>
5.< /body>
6.< /html>
----------------conn.php--------------------------1.< ?php
2.$host='127.0.0.1';
3.$mysql_user='root';
4.$mysql_password='qeephp';
5.$mydb='learn';
6.$link = mysql_connect($host,
$mysql_user , $mysql_password)
7.or die("无法连接数据库: "
. mysql_error());
8.mysql_select_db($mydb);
9.?>
----------------------------login.php------------------1.< ?
2.$username=$_POST['username'];
3.$password=$_POST['password'];
4.if ($username==""){
5.echo "< script language='javascript'> alert('非法操作!'); location.href= 'index.php'; < /script>";
6.exit;
7.}
8.require_once("conn.php");
9.$sql="SELECT * FROM admin where username='$username'";
10.$result=mysql_query($sql);
11.$row=mysql_fetch_array($result);
12.if ($row['username']==""){
13.echo "< script language='javascript'> alert('用户名有误!'); location.href= 'index.php'; < /script>";
14.exit;
15.}else if ($row['password']!=$password){
16.echo "< script language='javascript'> alert('密码有误!'); location.href='index .php'; < /script>";
17.echo "密码有误";
18.exit;
19.}else{
20.session_start();
21.$_SESSION['user']=$username;
22.echo "< script language='javascript'> alert('登陆成功!'); location.href= 'list.php'; < /script>";
23.}
24.?>
还有验证是否登录的代码:http://www.phpnewer.com/index.php/Dmaq/detail/id/173
你看到的地方{$site_admin}managers/login
这应用了模板技术,文字被替换了,看源码找地址
那就是url地址
找一个叫.htaccess的文件,或是apache下的配置
这个是伪静态实现,可以把url导向另外的路径,而不会在乎原url是否真的存在