【www.gdgbn.com--mysql教程】
代码如下session_start();
include("mysql教程.class.php");
$db=new mysql("localhost", "root", "", "flx", "conn", "gbk");
// 为方便测试,这里只是简单定义了一个特定的用户,在实际操作中,用户信息从数据库教程中得出;
define("user","admin");
define("pw", 123);
$db->findall("limit_login");
$row=$db->fetch_array();
//print_r($row);
if($_post["submit"]){
$username=$_post["username"];
$pw=$_post["pw"];
$_session["time"]=time();
/* 错误次数超限判断*/
// 对于登陆出错超过三次的用户,如果现在时间,减去开始登陆的时间,小于特定的值时,就不允
许在登陆;
if($username==user){
//这里用户可以试着登陆3次,,下面写为2,是因为页面刷新与数据库的连接不同步,
// 就是说,第二次的错误信息插入数据库时,这里获取的信息,还是第一次的,实际用户出错的
次数已经多一次了;
if($row["login_times"]>2){
$current=time();
$passed_time=$current-$row["login_date"];
echo "现在已经过了".$passed_time."秒
";
// 设定时间 900秒,在此时间段内,特定用户不能登陆系统;按
if(($current-$row["login_date"])<900){
//$test_pw=substr(md5(rand()),0,10);
//现在admin (特定用户)用户已经登陆错误大于3次,那在限定的时间内,
//即使他的密码输入正确,也不能在登陆系统;
if($pw==pw){
exit("你密码输入错误次数大于三次,请在15分钟后登陆系统!");
}
// 当然,这位用户输入的密码不是正确的密码,也给出这样的提示;
if($pw!=pw){
exit("你密码输入错误次数大于三次,请在15分钟后登陆系统!");
}
}else{
//此时已经过了限制的时间,这位用户可以登陆了,在此用户在登陆之前,要把前次登陆的时间
清零;
$mod_content="`login_times`=0,`login_date`=0";
$condition="`id`=1";
$db->update("limit_login",$mod_content,$condition);
}
}
}
/* 用户登陆操作*/
if($username==user&&$pw==pw){
/* 用户登陆成功,*/
// 更新数据表;表登陆次数和时间,都置零;
$mod_content="`login_times`=0,`login_date`=0";
$condition="`id`=1";
$db->update("limit_login",$mod_content,$condition);
echo "<script language="网页特效" type="text/网页特效">" .
"window.location="success.php"</script>";
}else{
//在第一次出错时,设置密码出错次数为1,把登陆时是session 保存的时间放入数据库;
if($row["login_times"]==0&&$row["login_date"]==0){
$mod_content="`login_times`=1,`login_date`="".$_session["time"].""";
$condition="`id`=1";
$db->update("limit_login",$mod_content,$condition);
}else{
$mod_content="`login_times`=`login_times`+1";
$condition="`id`=1";
$db->update("limit_login",$mod_content,$condition);
}
/* 提示用户还有几次机会*/
if($row["login_times"]<3){
$row["login_times"]++;// 这里登陆次数加1,和上面的说的原因一样,是因不能同步连接
数据库所致;
echo"密码错误!错误次数为:".$row["login_times"]."次
";
$remain_times=3-$row["login_times"];
echo "你还有".$remain_times."登陆机会";
}
}
}else{
echo "用户名和密码不能为空!";
}
}
?>
//mysql.class.php代码
代码如下
class mysql {
private $db_host; //数据库主机
private $db_user; //数据库用户名
private $db_pwd; //数据库用户名密码
private $db_database; //数据库名
private $conn; //数据库连接标识;
private $result; //执行query命令的结果资源标识
private $sql; //sql执行语句
private $row; //返回的条目数
private $coding; //数据库编码,gbk,utf8,gb2312
private $bulletin = true; //是否开启错误记录
private $show_error = true; //测试阶段,显示所有错误,具有安全隐患,默认关闭
private $is_error = false; //发现错误是否立即终止,默认true,建议不启用,因为当有问题时用户什么也看不到是很苦恼的
/*构造函数*/
public function __construct($db_host, $db_user, $db_pwd, $db_database, $conn, $coding) {
$this->db_host = $db_host;
$this->db_user = $db_user;
$this->db_pwd = $db_pwd;
$this->db_database = $db_database;
$this->conn = $conn;
$this->coding = $coding;
$this->connect();
}
/*数据库连接*/
public function connect() {
if ($this->conn == "pconn") {
//永久链接
$this->conn = mysql_pconnect($this->db_host, $this->db_user, $this->db_pwd);
} else {
//即使链接
$this->conn = mysql_connect($this->db_host, $this->db_user, $this->db_pwd);
}
if (!mysql_select_db($this->db_database, $this->conn)) {
if ($this->show_error) {
$this->show_error("数据库不可用:", $this->db_database);
}
}
mysql_query("set names $this->coding");
}
/*数据库执行语句,可执行查询添加修改删除等任何sql语句*/
public function query($sql) {
if ($sql == "") {
$this->show_error("sql语句错误:", "sql查询语句为空");
}
$this->sql = $sql;
$result = mysql_query($this->sql, $this->conn);
if (!$result) {
//调试中使用,sql语句出错时会自动打印出来
if ($this->show_error) {
$this->show_error("错误sql语句:", $this->sql);
}
} else {
$this->result = $result;
}
return $this->result;
}
/*删除一个数据库*/
function drop_database($database_name){
if($database_name){
$sqldatabase="drop database $database_name";
$this->query($sqldatabase);
}else{
echo "数据库名不能为空!";
}
}
/*清空一个数据表*/
function truncate_table($table){
if($table){
$this->query("truncate table $table");
}else{
$this->show_error("数据表名不能为空!");
}
}
/*创建添加新的数据库*/
public function create_database($database_name) {
$database = $database_name;
$sqldatabase = "create database " . $database;
$this->query($sqldatabase);
}
/*查询服务器所有数据库*/
//将系统数据库与用户数据库分开,更直观的显示?
public function show_databases() {
$this->query("show databases");
echo "现有数据库:" . $amount = $this->db_num_rows($rs);
echo "
";
$i = 1;
while ($row = $this->fetch_array($rs)) {
echo "$i $row[database]";
echo "
";
$i++;
}
}
//以数组形式返回主机中所有数据库名
public function databases() {
$rsptr = mysql_list_dbs($this->conn);
$i = 0;
$cnt = mysql_num_rows($rsptr);
while ($i < $cnt) {
$rs[] = mysql_db_name($rsptr, $i);
$i++;
}
return $rs;
}
/*查询数据库下所有的表*/
public function show_tables($database_name) {
$this->query("show tables");
echo "现有数据库:" . $amount = $this->db_num_rows($rs);
echo "
";
$i = 1;
while ($row = $this->fetch_array($rs)) {
$columnname = "tables_in_" . $database_name;
echo "$i $row[$columnname]";
echo "
";
$i++;
}
}
/*
mysql_fetch_row() array $row[0],$row[1],$row[2]
mysql_fetch_array() array $row[0] 或 $row[id]
mysql_fetch_assoc() array 用$row->content 字段大小写敏感
mysql_fetch_object() object 用$row[id],$row[content] 字段大小写敏感
*/
/*取得结果数据*/
public function mysql_result_li() {
return mysql_result($str);
}
/*取得记录集,获取数组-索引和关联,使用$row["content"] */
public function fetch_array() {
return mysql_fetch_array($this->result);
}
//获取关联数组,使用$row["字段名"]
public function fetch_assoc() {
return mysql_fetch_assoc($this->result);
}
//获取数字索引数组,使用$row[0],$row[1],$row[2]
public function fetch_row() {
return mysql_fetch_row($this->result);
}
//获取对象数组,使用$row->content
public function fetch_object() {
return mysql_fetch_object($this->result);
}
//简化查询select
public function findall($table) {
$this->query("select * from $table");
}
//简化查询select
public function select($table, $columnname = "*", $condition = "", $debug = "") {
$condition = $condition ? " where " . $condition : null;
if ($debug) {
echo "select $columnname from $table $condition";
} else {
$this->query("select $columnname from $table $condition");
}
}
//简化删除del
public function delete($table, $condition, $url = "") {
if ($this->query("delete from $table where $condition")) {
if (!empty ($url))
$this->get_admin_msg($url, "删除成功!");
}
}
//简化插入insert
public function insert($table, $columnname, $value, $url = "") {
if ($this->query("insert into $table ($columnname) values ($value)")) {
//echo "ok";
if (!empty ($url))
$this->get_admin_msg($url, "添加成功!");
}
}
//简化修改update
public function update($table, $mod_content, $condition, $url = "") {
//echo "update $table set $mod_content where $condition"; exit();
if ($this->query("update $table set $mod_content where $condition")) {
if (!empty ($url))
$this->get_admin_msg($url);
}
}
/*取得上一步 insert 操作产生的 id*/
public function insert_id() {
return mysql_insert_id();
}
//指向确定的一条数据记录
public function db_data_seek($id) {
if ($id > 0) {
$id = $id -1;
}
if (!@ mysql_data_seek($this->result, $id)) {
$this->show_error("sql语句有误:", "指定的数据为空");
}
return $this->result;
}
// 根据select查询结果计算结果集条数
public function db_num_rows() {
if ($this->result == null) {
if ($this->show_error) {
$this->show_error("sql语句错误", "暂时为空,没有任何内容!");
}
} else {
return mysql_num_rows($this->result);
}
}
// 根据insert,update,delete执行结果取得影响行数
public function db_affected_rows() {
return mysql_affected_rows();
}
//输出显示sql语句
public function show_error($message = "", $sql = "") {
if (!$sql) {
echo "" . $message . "";
echo "
";
} else {
echo "
echo "
";
}
//释放结果集
public function free() {
@ mysql_free_result($this->result);
}
//数据库选择
public function select_db($db_database) {
return mysql_select_db($db_database);
}
//查询字段数量
public function num_fields($table_name) {
//return mysql_num_fields($this->result);
$this->query("select * from $table_name");
echo "
";
echo "字段数:" . $total = mysql_num_fields($this->result);
echo "
";";
for ($i = 0; $i < $total; $i++) {
print_r(mysql_fetch_field($this->result, $i));
}
echo "
echo "
";
}
//取得 mysql 服务器信息
public function mysql_server($num = "") {
switch ($num) {
case 1 :
return mysql_get_server_info(); //mysql 服务器信息
break;
case 2 :
return mysql_get_host_info(); //取得 mysql 主机信息
break;
case 3 :
return mysql_get_client_info(); //取得 mysql 客户端信息
break;
case 4 :
return mysql_get_proto_info(); //取得 mysql 协议信息
break;
default :
return mysql_get_client_info(); //默认取得mysql版本信息
}
}
//析构函数,自动关闭数据库,垃圾回收机制
public function __destruct() {
if (!empty ($this->result)) {
$this->free();
}
mysql_close($this->conn);
} //function __destruct();
/*获得客户端真实的ip地址*/
function getip() {
if (getenv("http_client_ip") && strcasecmp(getenv("http_client_ip"), "unknown")) {
$ip = getenv("http_client_ip");
} else
if (getenv("http_x_forwarded_for") && strcasecmp(getenv("http_x_forwarded_for"), "unknown")) {
$ip = getenv("http_x_forwarded_for");
} else
if (getenv("remote_addr") && strcasecmp(getenv("remote_addr"), "unknown")) {
$ip = getenv("remote_addr");
} else
if (isset ($_server["remote_addr"]) && $_server["remote_addr"] && strcasecmp($_server["remote_addr"], "unknown")) {
$ip = $_server["remote_addr"];
} else {
$ip = "unknown";
}
return ($ip);
}
function inject_check($sql_str) { //防止注入
$check = eregi("select|insert|update|delete|"|/*|*|../|./|union|into|load_file|outfile", $sql_str);
if ($check) {
echo "输入非法注入内容!";
exit ();
} else {
return $sql_str;
}
}
function checkurl() { //检查来路
if (preg_replace("/https教程?://([^:/]+).*/i", "\1", $_server["http_referer"]) !== preg_replace("/([^:]+).*/", "\1", $_server["http_host"])) {
header("location: http://www.111cn.net");
exit();
}
}
}
?>
//==============数据表=========================
table `limit_login` (
`id` smallint(6) not null auto_increment,
`login_times` smallint(6) not null default "0",
`login_date` int(11) not null,
primary key (`id`)
) engine=innodb default charset=latin1 auto_increment=2 ;
--
-- 导出表中的数据 `limit_login`
--
insert into `limit_login` (`id`, `login_times`, `login_date`) values
(1, 3, 1259647944);