Biu~~Biu
展开/收缩
login.html
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>login</title> </head> <form action="login_action.php" method="post"> <table border="1" width="400px"> <tr> <td> <input type="text" name="username" ></tr> </td> <tr> <td> <input type="password" name="password" ></tr> </td> <tr> <td> <input type="submit" value="login" ></tr> </td> </table> </form> <body> </body> </html>
login_action.php
<?php include_once ("class/Class_Mysql.php"); include_once ("class/Fuction.php"); $MYSQL = new php_mysql("localhost", "test1", "qisini741", "test1", "conn", "utf8"); $username=$_POST['username']; $password=$_POST['password']; if (Login_Auth($username,$password,$MYSQL)) { session_start(); $_SESSION['username']=$username; //print_r($_SESSION); echo "<script>alert(\"success\");window.location.href='index.php'</script>"; } else { echo "<script>alert(\"error\");window.location.href='login.html'</script>"; } ?>
index.php
<?php include_once ("class/Fuction.php"); session_start(); if(Login_Check()) echo "6666"; else echo "<script>alert(\"please login\");window.location.href='login.html'</script>"; //print_r($_SESSION); ?>
Fuction.php
<?php function Login_Auth($username,$password,$MYSQL) { $username=base64_encode($username); $pass=md5($password); $sql=sprintf("select password from UserData where username = '%s'",$username); $MYSQL->query($sql); $row=$MYSQL->db_num_rows(); if ($row==0) return false; else {echo "dasdasd"; $data=$MYSQL->fetch_array(); if ($pass==$data['password']) return true; else return false; } } function Login_Check() { if (isset($_SESSION['username'])) { return true; } else return false; } ?>
Class_Mysql.php
<?php class php_mysql { private $db_host; //数据库主机 private $db_user; //数据库用户名 private $db_pwd; //数据库用户名密码 private $db_database; //数据库名 private $conn; //数据库连接标识; private $result; //执行query命令的结果资源标识 private $sql; //sql执行语句 private $row; //返回的条目数 private $coding; //数据库编码,GBK,UTF8,gb2312 private $bulletin = true; //是否开启错误记录 private $show_error = false; //测试阶段,显示所有错误,具有安全隐患,默认关闭 private $is_error = false; //发现错误是否立即终止,默认true,建议不启用,因为当有问题时用户什么也看不到是很苦恼的 /*构造函数*/ public function __construct($db_host, $db_user, $db_pwd, $db_database, $conn, $coding) { $this->db_host = $db_host; $this->db_user = $db_user; $this->db_pwd = $db_pwd; $this->db_database = $db_database; $this->conn = $conn; $this->coding = $coding; $this->connect(); } /*数据库连接*/ public function connect() { if ($this->conn == "pconn") { //永久链接 $this->conn = mysql_pconnect($this->db_host, $this->db_user, $this->db_pwd); } else { //及时链接 $this->conn = mysql_connect($this->db_host, $this->db_user, $this->db_pwd); } if (!mysql_select_db($this->db_database, $this->conn)) { if ($this->show_error) { $this->show_error("数据库不可用:", $this->db_database); } } mysql_query("SET NAMES $this->coding"); } /*数据库执行语句,可执行查询添加修改删除等任何sql语句*/ public function query($sql) { if ($sql == "") { $this->show_error("SQL语句错误:", "SQL查询语句为空"); } $this->sql = $sql; $result = mysql_query($this->sql, $this->conn); if (!$result) { //调试中使用,sql语句出错时会自动打印出来 if ($this->show_error) { $this->show_error("错误SQL语句:", $this->sql); } } else { $this->result = $result; } return $this->result; } /*创建添加新的数据库*/ public function create_database($database_name) { $database = $database_name; $sqlDatabase = 'create database ' . $database; $this->query($sqlDatabase); } /*查询服务器所有数据库*/ //将系统数据库与用户数据库分开,更直观的显示? public function show_databases() { $this->query("show databases"); echo "现有数据库:" . $amount = $this->db_num_rows($rs); echo "<br />"; $i = 1; while ($row = $this->fetch_array($rs)) { echo "$i $row[Database]"; echo "<br />"; $i++; } } //以数组形式返回主机中所有数据库名 public function databases() { $rsPtr = mysql_list_dbs($this->conn); $i = 0; $cnt = mysql_num_rows($rsPtr); while ($i < $cnt) { $rs[] = mysql_db_name($rsPtr, $i); $i++; } return $rs; } /*查询数据库下所有的表*/ public function show_tables($database_name) { $this->query("show tables"); echo "现有数据库:" . $amount = $this->db_num_rows($rs); echo "<br />"; $i = 1; while ($row = $this->fetch_array($rs)) { $columnName = "Tables_in_" . $database_name; echo "$i $row[$columnName]"; echo "<br />"; $i++; } } /* mysql_fetch_row() array $row[0],$row[1],$row[2] mysql_fetch_array() array $row[0] 或 $row[id] mysql_fetch_assoc() array 用$row->content 字段大小写敏感 mysql_fetch_object() object 用$row[id],$row[content] 字段大小写敏感 */ /*取得结果数据*/ public function mysql_result_li() { return mysql_result($str); } /*取得记录集,获取数组-索引和关联,使用$row['content'] */ public function fetch_array($resultt="") { if($resultt<>""){ return mysql_fetch_array($resultt); }else{ return mysql_fetch_array($this->result); } } //获取关联数组,使用$row['字段名'] public function fetch_assoc() { return mysql_fetch_assoc($this->result); } //获取数字索引数组,使用$row[0],$row[1],$row[2] public function fetch_row() { return mysql_fetch_row($this->result); } //获取对象数组,使用$row->content public function fetch_Object() { return mysql_fetch_object($this->result); } //简化查询select public function findall($table) { $this->query("SELECT * FROM $table"); } //简化查询select public function select($table, $columnName = "*", $condition = '', $debug = '') { $condition = $condition ? ' Where ' . $condition : NULL; if ($debug) { echo "SELECT $columnName FROM $table $condition"; } else { $this->query("SELECT $columnName FROM $table $condition"); } } //简化删除del public function delete($table, $condition, $url = '') { if ($this->query("DELETE FROM $table WHERE $condition")) { if (!empty ($url)) $this->Get_admin_msg($url, '删除成功!'); } } //简化插入insert public function insert($table, $columnName, $value, $url = '') { if ($this->query("INSERT INTO $table ($columnName) VALUES ($value)")) { if (!empty ($url)) $this->Get_admin_msg($url, '添加成功!'); } } //简化修改update public function update($table, $mod_content, $condition, $url = '') { //echo "UPDATE $table SET $mod_content WHERE $condition"; exit(); if ($this->query("UPDATE $table SET $mod_content WHERE $condition")) { if (!empty ($url)) $this->Get_admin_msg($url); } } /*取得上一步 INSERT 操作产生的 ID*/ public function insert_id() { return mysql_insert_id(); } //指向确定的一条数据记录 public function db_data_seek($id) { if ($id > 0) { $id = $id -1; } if (!@ mysql_data_seek($this->result, $id)) { $this->show_error("SQL语句有误:", "指定的数据为空"); } return $this->result; } // 根据select查询结果计算结果集条数 public function db_num_rows() { if ($this->result == null) { if ($this->show_error) { $this->show_error("SQL语句错误", "暂时为空,没有任何内容!"); } } else { return mysql_num_rows($this->result); } } // 根据insert,update,delete执行结果取得影响行数 public function db_affected_rows() { return mysql_affected_rows(); } //输出显示sql语句 public function show_error($message = "", $sql = "") { if (!$sql) { echo "<font color='red'>" . $message . "</font>"; echo "<br />"; } else { echo "<fieldset>"; echo "<legend>错误信息提示:</legend><br />"; echo "<div style='font-size:14px; clear:both; font-family:Verdana, Arial, Helvetica, sans-serif;'>"; echo "<div style='height:20px; background:#000000; border:1px #000000 solid'>"; echo "<font color='white'>错误号:12142</font>"; echo "</div><br />"; echo "错误原因:" . mysql_error() . "<br /><br />"; echo "<div style='height:20px; background:#FF0000; border:1px #FF0000 solid'>"; echo "<font color='white'>" . $message . "</font>"; echo "</div>"; echo "<font color='red'><pre>" . $sql . "</pre></font>"; $ip = $this->getip(); if ($this->bulletin) { $time = date("Y-m-d H:i:s"); $message = $message . "\r\n$this->sql" . "\r\n客户IP:$ip" . "\r\n时间 :$time" . "\r\n\r\n"; $server_date = date("Y-m-d"); $filename = $server_date . ".txt"; $file_path = "error/" . $filename; $error_content = $message; //$error_content="错误的数据库,不可以链接"; $file = "error"; //设置文件保存目录 //建立文件夹 if (!file_exists($file)) { if (!mkdir($file, 0777)) { //默认的 mode 是 0777,意味着最大可能的访问权 die("upload files directory does not exist and creation failed"); } } //建立txt日期文件 if (!file_exists($file_path)) { //echo "建立日期文件"; fopen($file_path, "w+"); //首先要确定文件存在并且可写 if (is_writable($file_path)) { //使用添加模式打开$filename,文件指针将会在文件的开头 if (!$handle = fopen($file_path, 'a')) { echo "不能打开文件 $filename"; exit; } //将$somecontent写入到我们打开的文件中。 if (!fwrite($handle, $error_content)) { echo "不能写入到文件 $filename"; exit; } //echo "文件 $filename 写入成功"; echo "——错误记录被保存!"; //关闭文件 fclose($handle); } else { echo "文件 $filename 不可写"; } } else { //首先要确定文件存在并且可写 if (is_writable($file_path)) { //使用添加模式打开$filename,文件指针将会在文件的开头 if (!$handle = fopen($file_path, 'a')) { echo "不能打开文件 $filename"; exit; } //将$somecontent写入到我们打开的文件中。 if (!fwrite($handle, $error_content)) { echo "不能写入到文件 $filename"; exit; } //echo "文件 $filename 写入成功"; echo "——错误记录被保存!"; //关闭文件 fclose($handle); } else { echo "文件 $filename 不可写"; } } } echo "<br />"; if ($this->is_error) { exit; } } echo "</div>"; echo "</fieldset>"; echo "<br />"; } //释放结果集 public function free() { @ mysql_free_result($this->result); } //数据库选择 public function select_db($db_database) { return mysql_select_db($db_database); } //查询字段数量 public function num_fields($table_name) { //return mysql_num_fields($this->result); $this->query("select * from $table_name"); echo "<br />"; echo "字段数:" . $total = mysql_num_fields($this->result); echo "<pre>"; for ($i = 0; $i < $total; $i++) { print_r(mysql_fetch_field($this->result, $i)); } echo "</pre>"; echo "<br />"; } //取得 MySQL 服务器信息 public function mysql_server($num = '') { switch ($num) { case 1 : return mysql_get_server_info(); //MySQL 服务器信息 break; case 2 : return mysql_get_host_info(); //取得 MySQL 主机信息 break; case 3 : return mysql_get_client_info(); //取得 MySQL 客户端信息 break; case 4 : return mysql_get_proto_info(); //取得 MySQL 协议信息 break; default : return mysql_get_client_info(); //默认取得mysql版本信息 } } //析构函数,自动关闭数据库,垃圾回收机制 public function __destruct() { if (!empty ($this->result)) { $this->free(); } mysql_close($this->conn); } //function __destruct(); /*获得服务器端真实的IP地址*/ function getsip() { $str = file_get_contents('http://pv.sohu.com/cityjson'); $str1= explode('{"cip": "',$str); $str2=(explode('", "cid":',$str1['1'])); $last = $str2['0']; return $last; } function getip() { if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) { $ip = getenv("HTTP_CLIENT_IP"); } else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); } else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) { $ip = getenv("REMOTE_ADDR"); } else if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) { $ip = $_SERVER['REMOTE_ADDR']; } else { $ip = "unknown"; } return ($ip); } function inject_check($sql_str) { //防止注入 $check = eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); if ($check) { echo "警告:安全检查不通过,检测到SQL注入迹象!"; exit (); } else { return $sql_str; } } function checkurl($URL) { //检查来路 if (preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) !== preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) { echo "<script language='javascript' type='text/javascript'> window.location.href='".$URL."'</script>"; exit(); } } function try_sip() { $url="../../IP/GetIP.php"; $public_key=Get256(); $private_key=md5("IPMD5".$public_key); $header= $header= array( 'Content-Type: multipart/form-data; ', ); $content['public_key']=$public_key;$content['private_key']=$private_key; $data=send_post($url, $header, $content); if($data['state']!='ok') return "error"; return $data['IP']; } } ?>
关于作者