Science and technology enterprise website (7) - login module day after tomorrow

Keywords: Session PHP


1. Administrator authority control technology
Difficulty: how to prevent users from logging into the background management interface over the form
Solution: in order to show the feasibility of crossing the form, the author intentionally writes the SESSION variable to the controller in the website program, so that any user can log in to the background management interface of the website. But the user still can't do anything. If you click any link button, an error message will pop up, such as "you do not have permission to operate, and you will jump automatically in 4 seconds. If you do not jump, please click here".

The common SESSION operations in ThinkPHP are as follows:
get(name) / / get the SESSION value
set(name,value) / / set the value of SESSION
Is? Set (name) / / check whether the value of SESSION is set
clear() / / clear SESSION
destroy() / / destroy SESSION

The HTML code of the form is as follows:

<form action="__URL__/adminManager" method="post">
        <b>administrators:</b><input class="inOne" type="text" name="text" />
        <b>dense&nbsp;&nbsp;&nbsp;&nbsp;Code:</b><input class="inOne" type="password" name="pwd" /><br /><br />
        <input class="inTwo" type="submit" name="sub" value="Submission" />&nbsp;&nbsp;&nbsp;&nbsp;
        <input class="inThree" type="reset" value="Reset" />

The key codes of the Home module / Index controller / adminManager method are as follows:

public function adminManager(){
        $username = I('text');          // Receive the parameters passed from the form
        $userpwd = I('pwd');
        define(PHP,'_php');             // Define a constant PHP

        // MD5 encrypt the received page data
        $username = md5($username.PHP);
        $userpwd = md5($userpwd.PHP);

        echo $username.'<br />';
        echo $userpwd.'<br />';

        $user = M('admin');             // Instantiate basic model class

        // Gets the specified field in the data table
        $user = $user->field('user,pwd')->select();
        //  dump($user);
        // Determine whether the data in the data table is equal to the encrypted data
        if($username == $user[0]['user'] && $userpwd == $user[0]['pwd']){
            $this->assign('hint','Login successful');
            // Set SESSION variable
            session('PHP','');      // Set session variable
            // echo(session('PHP')).'<br />';
            $this->assign('hint','Login failed');

Posted by spectsteve7 on Mon, 04 May 2020 15:12:16 -0700