Talking about the method of PHP MySQL authentication
Author: Indus
Date: 2001/8/29
Recently, when making alumni recordings for school, authentication is required, and it is decided to use PHP MYSQL after comparison. Previous considerations have been considered with cookies or session. But with cookies, after the user is offline, as long as cookies is
No online, you can still stay online without logging in, which is a hidden danger for Internet cafes. And users can close cookies so as follows
Certificate is unsuccessful. Also considering the session, Session continues to join the access information during the browsing process, if the user
There is a long time in the website, there are many pages that browse, and use it to get the session, the browsing speed is lowered, and finally only logins.
Although this situation is almost seen, it is not what we hope.
I do what I am doing this authentication is that the browsing information is recorded while authenticating.
The user ID passes between each page, the ID value is encrypted with the MD5 () function. The verification function is validate_id (), the return value is
(0, 1), success is "1".
Idea:
Is it judged whether the incoming ID value is an anonymous login ID (A684DD572B1887661782981659331EED), 32 bits, if it returns 0, and
Join the browse information to the database. If no, query the database, see the user ID in the database, the user IP and the incoming ID, whether the IP value is equal
And recently browsing the time less than 20 minutes from the current time. Judging the number of records, if 0, it is considered offline, and logged in to the browsing information with anonymous ID, and returns 0. When the record is not 0,
User ID, user IP value, add the database, return 1.
Create a database: CREATE TABLE Logging {
ID INT UNSIGNED NOT NULL Primary Key Auto_Increment,
User_id char (32) Not null, // User ID
Logging_ip varchar (20) Not null, // Record the user IP address
Page_name varchar (30) Not null, // Browse the web name
View_time TimeStamp Not NULL,
Student_Id Varchar (20)
);
Create a function:
/ * ----- Begin function validate-id () ------------- Verify that the user is logged in
----------------------------------------------- * / function validate_id ($ link, $ id, $ ip, $ page_name, $ student_id = "") {if ($ id == a684dd572b1887661782981659331eed or $ id = '') {$ query = 'insert into logging (user_id, logging_ip, page_name VALUES ("A684DD572B18876617782981659331EED", "'. $ IP.'", "$ page_name. '", "anonym");'; $ results = mysql_db_query ("Web", $ query, $ link); Return (0);} else {$ Year = strftime ("% y"); $ month = strftime ("% m"); $ day = strftime ("% d"); $ hour = strftime ("% h" $ min = strftime ("% m"); $ sec = strftime ("% s"); Echo $ TIME_STRING = $ Year. $ Month. $ DAY. $ HOUR. $ min. $ sec; // echo "
"); // echo "$ YEAR- $ MONTH- $ DAY $ HOUR- $ min- $ sec
"; file: // --------- Begin if's --- ------------------------ IF ($ min- = 20) <0) {$ min = 60; if ($ Hour- = 1 ) == - 1) {$ Hour = 24; IF ($ day- = 1) == 0) {Switch ($ MONTH) {Case 12: $ days = 30; Break; Case 1: $ days = 31; Break; Case 2: IF ($ YEAR / 4 == 0) AND ($ YEAR / 100! = 0) OR ($ YEAR / 400 == 0)) {$ days = 29;} else {$ days = 28 Break; Case 3: $ Days = 31; Break; Case 4: $ Days = 30; Break; Case 5: $ Days = 31; BREAK; CA SE 6: $ days = 30; Break; Case 7: $ days = 31; break; case 8: $ days = 31; break; casse 9: $ days = 30; break; case 10: $ days = 31; Case 11: $ days = 30; Break;} $ day = $ days; if ($ MONTH- = 1) == 0) {$ MONTH = 12; $ Year- = 1;}}}} file: // ---------------------------------- Endiff's settype ($ MONTH, "Integer"); if ($ MONTH) <10) {settype ($ MONTH, "String"); $ MONTH = '0'. $ MONTH;
} SETTYPE ($ Day, "Integer"); IF ($ Day <10) {settype ($ Day, "String"); $ day = '0'. $ day;} settype ($ Hour, "integer"); IF ($ HOUR <10) {settype ($ min, "string"); $ Hour = '0'. $ Hour;} settype ($ min, "integer"); if ($ min <10) {settype ($ Min, "string"); $ min = '0'. $ min;} echo '
'. $ TIME_STRING = $ Year. $ Month. $ DAY. $ HOUR. $ min. $ sec; // echo "
$ YEAR - $ MONTH- $ DAY $ Hour- $ min- $ sec
"; // echo ("
"); $ query =" SELECT ID from logging where user_id = '$ ID' And logging_ip = '$ ip' and view_time> '$ time_string'; "$ result = mysql_db_query (" Web ", $ query, $ link); $ count = mysql_num_rows ($ result); if ($ count == 0) {// echo $ query = "insert into logging (user_id, logging_ip, page_name) values ( 'a684dd572b1887661782981659331eed', '$ ip', '$ page_name');"; $ result = mysql_db_query ( "web", $ query, $ LINK); RETURN (0);} else {$ query = "INTO logging (user_id, logging_ip, page_name) VALUES ('$ ID', '$ IP', '$ Page_name')"; $ Result = mysql_db_query (" Web ", $ query, $ link); return (1);
}} // end if} file: // -------------------------- End Function Validate-id ------ --- This verification method is simple, and does not consider the case where the user logs in after logging in, you can add it.
If you use cookies, you may use SetCookies () to create user ID, then read from environment variable $ http_cookie or $ http_cookie_vars.
take. It is the same, but it should be guaranteed that the user has no cookies.