PHP练习6 使用MySQL实现简单身份验证

用户信息存储在auth数据库中,form表单传递的用户名、密码信息若与auth数据库表中匹配,则转正常页面。

1. secretdb.php

<?php
  $name = $_POST['name'];
  $password = $_POST['password'];

  if ((!isset($name)) || (!isset($password))) {
  //Visitor needs to enter a name and password
?>
    <h1>Please Log In</h1>
    <p>This page is secret.</p>
    <form method="post" action="secretdb.php">
    <p>Username: <input type="text" name="name"></p>
    <p>Password: <input type="password" name="password"></p>
    <p><input type="submit" name="submit" value="Log In"></p>
    </form>

<?php
  } else {
    // connect to mysql
    $mysql = mysqli_connect("www.anyone.com", "webauth", "webauth");
    if(!$mysql) {
      echo "Cannot connect to database.";
      exit;
    }
    // select the appropriate database
    $selected = mysqli_select_db($mysql, "auth");
    if(!$selected) {
      echo "Cannot select database.";
      exit;
    }

    // query the database to see if there is a record which matches
    $query = "select count(*) from authorised_users where
              name = '".$name."' and
            password = '".$password."'";
     //  password = sha1('".$password."')";

    $result = mysqli_query($mysql, $query);
    if(!$result) {
      echo "Cannot run query.";
      exit;
    }
    $row = mysqli_fetch_row($result);
    $count = $row[0];

    if ($count > 0) {
      // visitor's name and password combination are correct
      echo "<h1>Here it is!</h1>
            <p>I bet you are glad you can see this secret page.</p>";
    } else {
      // visitor's name and password combination are not correct
      echo "<h1>Go Away!</h1>
            <p>You are not authorized to use this resource.</p>";
    }
  }
?>

2. 创建auth数据库,用户表

create database auth;
use auth;
create table authorised_users ( name varchar(20), 
                                password varchar(40),
                                        primary key     (name)
                              );
insert into authorised_users values ( 'username', 
                                      'password' );

insert into authorised_users values ( 'testuser', 
                                      sha1('password') );
grant select on auth.* 
             to 'webauth' 
             identified by 'webauth';
flush privileges;

 mysql> select * from authorised_users;
+----------+------------------------------------------+
| name     | password                                 |
+----------+------------------------------------------+
| testuser | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 |
| username | password                                 |
+----------+------------------------------------------+
2 rows in set (0.00 sec)
 

3. 用username和 testuser账户分别测试

testuser测试需要修改secretdb.php 内容  password = sha1('".$password."')";

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
使用Spring Security和MySQL进行身份验证,您需要完成以下步骤: 1. 添加Spring Security和MySQL的依赖。您可以在Maven或Gradle中添加以下依赖: ```xml <!-- Spring Security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.5.1</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>5.5.1</version> </dependency> <!-- MySQL --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>8.0.26</version> </dependency> ``` 2. 创建一个用户表。您需要在MySQL中创建一个用户表,用于存储用户信息和密码。例如: ```sql CREATE TABLE users ( id INT NOT NULL AUTO_INCREMENT, username VARCHAR(50) NOT NULL, password VARCHAR(100) NOT NULL, enabled TINYINT NOT NULL, PRIMARY KEY (id), UNIQUE KEY unique_username (username) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; ``` 3. 实现UserDetailsService接口。您需要创建一个实现UserDetailsService接口的类,用于查询用户信息并返回UserDetails对象。例如: ```java @Service public class UserDetailsServiceImpl implements UserDetailsService { @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username); if (user == null) { throw new UsernameNotFoundException("User not found"); } List<GrantedAuthority> authorities = new ArrayList<>(); for (Role role : user.getRoles()) { authorities.add(new SimpleGrantedAuthority(role.getName())); } return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), user.isEnabled(), true, true, true, authorities); } } ``` 其中,UserRepository是一个自定义的JpaRepository,用于从数据库中查询用户信息。User类包含了用户名、密码、是否可用等信息,以及一个Role列表,用于存储此用户所拥有的角色。 4. 配置Spring Security。您需要在Spring Security的配置文件中指定UserDetailsService和PasswordEncoder,并配置身份验证规则。例如: ```java @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/user/**").hasAnyRole("USER", "ADMIN") .antMatchers("/", "/login").permitAll() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/") .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/") .and() .csrf().disable(); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } } ``` 在上述配置中,我们使用了BCryptPasswordEncoder作为PasswordEncoder的实现类,用于对用户密码进行加密。在configure(HttpSecurity http)方法中,我们设置了不同URL需要的角色权限,并指定了登录页、登出URL等相关信息。 5. 创建登录页和主页。最后,您需要创建一个登录页和主页,用于用户登录和展示相关信息。例如: ```html <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Login</title> </head> <body> <h1>Login</h1> <form method="post" action="/login"> <div> <label>Username:</label> <input type="text" name="username"> </div> <div> <label>Password:</label> <input type="password" name="password"> </div> <button type="submit">Login</button> </form> </body> </html> ``` ```html <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Home</title> </head> <body> <h1>Welcome!</h1> <p>Logged in as: <strong><sec:authentication property="name"/></strong></p> <p>Roles: <strong><sec:authentication property="authorities"/></strong></p> <a href="/logout">Logout</a> </body> </html> ``` 以上就是使用Spring Security和MySQL进行身份验证的基本步骤。您可以根据自己的需求进行修改和扩展。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值