<?php
include_once('config/config.php');
include_once('include/db_config.php');
session_start();
$action = ($_GET[action]) ? $_GET[action] : $_POST[action];
switch($action)
{
case 'logout': logout(); break;
case 'login' :
default : login(); break;
}
?>
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta http-equiv="Content-Type" content="text/html; charset=big5">
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="style/login.css">
<link rel="stylesheet" type="text/css" href="style/link.css">
</head>
<body>
<?php include_once("config/logo.php"); ?><br><br>
<form action="login.php" method=post>
<table width="380" border="0" cellspacing="0" cellpadding="0" align="center" class="newtable">
<tr><td class="newtd" colspan="2"><div align="center">登錄文件管理系統</div></td> </tr>
<tr>
<td class="newtd"><div align="right">帳號﹕</div></td>
<td class="newtd" width="280"><div align="left"><input name=accounts type=text id="accounts" size="20">
</div></td>
</tr>
<tr>
<td class="newtd"><div align="right">密碼﹕</div></td>
<td class="newtd"><div align="left"><input name=password type=password size="20"></div></td>
</tr>
<tr>
<td class="newtd"><div align="right">驗証碼﹕</div></td>
<td class="newtd"><input name=verifycode type=text value="" size="20">
請輸入 <img style="background: url('images/bg_logincode.gif')" src="include/getcode.php" align=absmiddle width="32" height="16"></td>
</tr>
<tr>
<td class="newtd"><div align="right"> </div></td>
<td class="newtd"><div align="left"><input class=button type=submit name=submit value=" 登 錄 "></div></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td colspan="2"><div align="center"><a href="../index.php">返回首頁</a></div></td>
</tr>
</table>
</form>
</body>
</html>
<?php
function login()
{
global $db_link;
if($_POST[submit])
{
$query="SELECT * FROM login_admin WHERE ACCOUNTS='$_POST[accounts]' ";
$result=mysql_query($query,$db_link);
if(mysql_num_rows($result)!=1)
{
echo "<meta http-equiv='Content-Type' content='text/html; charset=big5'>";
print ('<SCRIPT>window.alert("帳號不存在,無法進入系統﹗")</SCRIPT>');
}
else
{
$arrUser=mysql_fetch_array($result);
if($arrUser["PASSWORD"]!= md5($_POST[password]))
{
echo "<meta http-equiv='Content-Type' content='text/html; charset=big5'>";
print ('<SCRIPT>window.alert("密碼不正確,無法進入系統﹗")</SCRIPT>');
}
else
{
if( $_SESSION[verifycode] == $_POST[verifycode] )
{
$_SESSION[isaccounts] = 1;
$_SESSION[accounts] = $_POST[accounts];
header("Location: index.php");
}
else
{
echo "<meta http-equiv='Content-Type' content='text/html; charset=big5'>";
print ('<SCRIPT>window.alert("驗証碼沒有填寫或者填寫錯誤﹐無法進入系統﹗")</SCRIPT>');
}
}
}
}
else
{
session_unset($_SESSION[isaccounts]);
session_unset($_SESSION[accounts]);
}
}
function logout()
{
echo "<meta http-equiv='Content-Type' content='text/html; charset=big5'>";
unset($_SESSION[isaccounts]);
unset($_SESSION[accounts]);
print ('<SCRIPT>window.alert("你已經安全退出管理系統﹐請關閉瀏覽器﹗")</SCRIPT>');
}
?>
在其它網頁中加下下列語句
<?php
$action = ($_GET[action]) ? $_GET[action] : $_POST[action];
session_start();
if($_SESSION[isaccounts]!=1)
{
unset($_SESSION[isaccounts]);
unset($_SESSION[accounts]);
header("Location: login.php");
}
?>
記信密碼部分使用了 MD5 加密
驗証碼自己生成﹐很簡單﹗
我的驗証碼不能公布﹐否則我的算法就不安全了
