<!-- 应该还有很多东西未考虑到,还请大家帮我指正 --------------->
<form name="ff" action="<?=$_SERVER['PHP_SELF']?>" method="post">
用户名:<input type="text" name="accounts" /><BR />
密 码: <input type="password" name="pw" />
<input type="submit" value="登陆" />
</form>
//---------------------------------------------------------------
<?php
/* email:ljxok2001@qq.com 网名:快乐园 */
//原理,过程说明:
/*根据管理员账号,密码,IP地址判断是否登陆.
*
*1.建立一个用于保存当前登陆用户的数据表 "login"
*2.获得用户输入账号,密码,用户IP地址
*3.检查是否存在该账号,密码是否正确
处理暴力猜测机制:
1.建立一个记录错误登陆IP地址的表格
2.如果该来自该IP的访问者登陆错误次数到达一定次数(比如十次),则限制该访问者当天不能再登陆.
*4.如果不正确则发出警告,终止检验,不能访问特定文件;
*5.如果正确则在登陆的数据表 "login"里注册用户的IP地址.
*6.以后该用户再访问特定网页的时候,检查数据表里是否存在该用户的IP,存在则已登陆,不存在则未登陆.
*7.注销登陆时将该IP从表格里移除.
*/
?>
<?php
//conn.php
//连接数据库服务器:
$host = "localhost";
$user = "root";
$pw = "123456";
$db = "mydb";
$link = mysql_connect($host, $user, $pw) or exit("Could not connect Mysql server - ".mysql_error());
mysql_select_db($db, $link) or exit("Could not open database - ".mysql_error());
?>
<?php
/*
//create_login_table.php
//会员表:
$sql = "CREATE TABLE member(
id INT PRIMARY KEY AUTO_INCREMENT,
accounts VARCHAR(30),
password VARCHAR(100))";
mysql_query($sql) or exit("<br />Failed to create table [login_state] -".mysql_error());
//登陆记录表格:
$sql = "CREATE TABLE login_state(
id INT PRIMARY KEY AUTO_INCREMENT,
ip VARCHAR(20),
user_accounts VARCHAR(20),
itime DATETIME )";
mysql_query($sql, $link) or exit("<br />Failed to create [login_state] table -".mysql_error());
echo "<br />Creating Table [login_state] successful";
//访问者错误登陆次数记录表.
$sql = "CREATE TABLE login_error_times(
id INT PRIMARY KEY AUTO_INCREMENT,
ip VARCHAR(20),
last_time DATETIME,
times INT
)";
mysql_query($sql,$link) or exit("<br />Failed to create table [login_error_times] -".mysql_error());
*/
?>
<?php
//create_login_table.php
/*
//会员表:
$sql = "CREATE TABLE member(
id INT PRIMARY KEY AUTO_INCREMENT,
accounts VARCHAR(30),
password VARCHAR(100))";
mysql_query($sql) or exit("<br />Failed to create table [login_state] -".mysql_error());
//登陆记录表格:
$sql = "CREATE TABLE login_state(
id INT PRIMARY KEY AUTO_INCREMENT,
ip VARCHAR(20),
user_accounts VARCHAR(20),
itime DATETIME)";
mysql_query($sql, $link) or exit("<br />Failed to create [login_state] table -".mysql_error());
echo "<br />Creating Table [login_state] successful";
//访问者错误登陆次数记录表.
$sql = "CREATE TABLE login_error_times(
id INT PRIMARY KEY AUTO_INCREMENT,
ip VARCHAR(20),
last_time DATE,
times INT
)";
mysql_query($sql,$link) or exit("<br />Failed to create table [login_error_times] -".mysql_error());
*/
?>
<?php
//用户输入错误次数上限:
$error_times_limit = 4;
//获得用户输入:
if(!isset($_POST['accounts']))
exit();
$accounts = $_POST['accounts'];
$pw = $_POST['pw'];
$ip = get_user_ip(); //此为自定义函数.
$to_url = "";
$from_url = "";
login();
//处理用户登陆请求:
function login()
{
global $accounts, $pw, $ip, $error_times_limit;
//检查是否该 IP 是否错误登陆次数超过上限次数10,
//若然,限制该 IP 不能再登陆:
$re = mysql_query("SELECT *
FROM login_error_times
WHERE ip='$ip'
AND times>=$error_times_limit
AND last_time=date(now())");
$num = mysql_num_rows($re);
if($num>0)
{
global $link;
mysql_close($link);
alert("对不起,你已经被限制,今天不能再登陆!!!");
die();
}
//若错误次数未超上限,继续以下处理:
//如果登陆了,则退出检验:
$re = mysql_query("SELECT * FROM login_state WHERE user_accounts='$accounst' AND ip='$ip'");
if(mysql_num_rows($re)>0)
{
alert( "<font color=red>$accounts</font> 你已经登陆 ");
exit();
}
//若尚未登陆,继续以下处理:
//如果输入正确,记录到登陆表中,则到达用户指定文件:
$re = mysql_query("SELECT * FROM member WHERE accounts='$accounts' AND password='$pw'");
if(mysql_num_rows($re)> 0)
{
mysql_query("INSERT INTO login_state(user_accounts,ip,itime)
VALUES('$accounts',
'$ip',
now())") or die("登陆失败".mysql_error());
alert("登陆成功");
exit();
}
//用户输入错误,记录错误数,终止检验,用户不能到达目标文件:
//第一次错误:
$num = mysql_num_rows(mysql_query("SELECT * FROM login_error_times WHERE ip='$ip'"));
if($num==0)
{
mysql_query("INSERT INTO login_error_times(ip,times,last_time) VALUES('$ip',1,date(now()))")
or die(mysql_error());
}
else
{
mysql_query("UPDATE login_error_times SET ip='$ip', times=times+1, last_time=now()");
}
alert('输入错误,登陆失败');
die();
}
//检验访问者是否为登陆了,是否为合法用户:
//(此函数还没调试)
function is_login()
{
global $ip;
if(count_rows("SELECT * FROM login WHERE ip='$ip'")>0)
return true;
else
return false;
}
//退出登陆:
//(未调试)
function quit_login()
{
global $ip,$link;
return mysql_query("DELETE FROM login_state WHERE ip='$ip'");
}
//清空历史错误登陆记录:
//(未调试)
function clear_login_error()
{
global $link;
return mysql_query("DELETE FROM login_state WHERE last_time != date(now())");
}
?>
//------------------------------------------------------------------
<?php
//用到的一些自定义函数:
//得到用户的IP地址:
function get_user_ip()
{
if(isset($onlineip))
unset($onlineip);
if($_SERVER['HTTP_CLIENT_IP']){
$onlineip=$_SERVER['HTTP_CLIENT_IP'];
}elseif($_SERVER['HTTP_X_FORWARDED_FOR']){
$onlineip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$onlineip=$_SERVER['REMOTE_ADDR'];
}
return $onlineip;
}
function alert($text,$back_href="#",$back_text="返回")
{//当发生某错误,显示一个警告页面:
if($back_href=="#" || $back_href=="")
{
$onclick = "onclick='window.history.go(-1)'";
$back_href = "#";
}
$text = strlen($text)<=40? "<center>".$text."</center>" : $text;
$alert =
<<<EOT
<div id="alert_div" style="position:absolute;text-align:left;
border:3px double #0af;background-color:white;
color:#333;font-size:14px;left:300px;
line-height:24px;top:150px;
width:400px;height:180px;padding:10px;">
<span style="color:red;font-size:16px;float:left;">
★★友好提示★★
</span><a href="$back_href" ōnclick="document.getElementById('alert_div').style.display='none'"
style="float:right;color:#0cf;" $onclick>$back_text</a>
<br />
$text
<br /></div>
EOT;
echo $alert;
}//-------------------------------------------
?>
删除
Guest
发布于2008-05-25 22:57:04