PHP用户名密码解决方案

我正在研究我的第一个基于PHP的网站，我想知道用户名/密码系统有哪些解决方案？我已经尝试过使用.htaccess文件进行基本安全性保护，虽然它可以工作，但我希望一些外行人能够更轻松地进行管理。有没有其他解决方案可以尝试？我没有可用的数据库服务器，因此它必须支持平面文件数据库......谢谢！PHP用户名密码解决方案

编辑我已经确定我有SQLite支持，所以我确实有一个数据库选项可用。另外，我觉得我应该提一点我需要的一些要求。我最初希望使用.htaccess来保护我的网站，因为我需要整个目录的安全性。我试图保护的大多数文件都是.pdf和.doc ...任何解决方案都必须允许我保护这些文件以及目录中的任何网页。

如果我能找到一个或多或少的“皮肤”的锁定目录的.htaccess方法，以便我可以做一些事情，如有一个实际的登录/注册页面等，那么我只会坚持.htaccess方法。然而，我想要一些更易于管理的东西，我只需要目录安全。

来源

2009-07-05 Nick DeMayo

我写了这个代码很快，它是句法正确的，但我没有测试过它。
有两件事我没有在这里做，首先，我没有提供删除用户的功能，其次我没有提供更改用户密码的功能，您必须自己写。
但是，这应该提供一个很好的起点。

这些功能将存储您的用户名/文件中的密码称为以下格式

username0:password0 
username1:password1 
username2:password2 
...

密码。

function authenticate($username, $password) 
{ 

    //ALWAYS use a salt to secure the encryption of your passwords, this can be any value of any 
    //length, the longer and the more characters the better 
    //I like to use a "perfect password" from Steve Gibbson's https://www.grc.com/passwords.htm 
    //This must the exactly the same as the salt in theaddUser() function 
    $salt = 'voDeaFWckErOPPGwiapYBwEoc4O2d1M60m2QsYc7A15PUshrLamoVioG1wUmEgF'; 

    //First we need to get the contents of the file that has the usernames/passwords in it. 
    //we don't want to use fopen() or we may end up with a locked file error if another access is 
    //attempted before we've closed it. 

    //this line will get the contents of the file named passwords and store it in the $fh variable 
    $fh = file_get_contents('passwords'); 

    //Now lets take the file and split it into an array where each line is a new element in the array. 
    $fh = split("\n", $fh); 

    //Now lets loop over the entire array spliting each row into it's username/password pair 
    foreach($fh as $r) 
    { 
     //Every time this loop runs $r will be populated with a new row 

     //Lets split the line into it's username/password pairs. 
     $p = split(':', $p); 

     //Since we don't need all the usernames/password to be in memory lets stop when we find the one we need 
     if($p[0] == $username && $p[1] == sha1($salt . $password)) 
     { 
      //We've found the correct use so lets stop looping and return true 
      return true; 
     } 
    } 
    //If we've reached this point in the code then we did not find the user with the correct password in the 'database' 
    //so we'll just return false 
    return false; 
} 
function addUser($username, $password) 
{ 
    //ALWAYS use a salt to secure the encryption of your passwords, this can be any value of any 
    //length, the longer and the more characters the better 
    //I like to use a "perfect password" from Steve Gibbson's https://www.grc.com/passwords.htm 
    //This must the exactly the same as the salt in the authenticate() function 
    $salt = 'voDeaFWckErOPPGwiapYBwEoc4O2d1M60m2QsYc7A15PUshrLamoVioG1wUmEgF'; 

    //We need to parse out some preticularly bad characters from the user name such as : which is used to seperate the username and password 
    //and \r and \n which is the new line character which seperates our lines 
    $username = preg_replace('/\r|\n|\:/', '', $username); 

    //Now lets encrypt our password with the salt added 
    $password = sha1($salt . $password); 

    //Lets build the new line that is going to be added 
    $line = $username . ':' . $password . "\n"; 

    //Lets open the file in append mode so that the pointer will be placed at the end of the file 
    $fh = fopen('passwords', 'a'); 

    //Write the new entry to the file 
    fwrite($fh, $line); 

    //Close the file 
    fclose($fh); 

    //Typicaly one would write a bunch of error handling code on the above statments and if something 
    //goes wrong then return false but if you make it this far in the code then return true 
    return true; 
}

来源

2009-07-05 21:28:05 UnkwnTech