สอนทำเว็บไซต์

หน้า login/logout ตรวจสอบ user password ผ่าน API

login.php

<form autocomplete="off" class="contact-form" method="post" action="checkuser.php" role="form"> <div class="row mt-5 mt-30"> <div class="col-md-4"></div> <div class="col-md-4"> <div class="card m-20"> <div class="row m-20"> <div class="col-md-12"> <div class="col-md-12 text-center mb-4"><img src="img/LogoLekjew.jpg" class="img-responsive" height="40"></div> <div class="col-lg-12 mb-4"> <div class="form-floating"> <input type="text" class="form-control" id="u_username" name="user" placeholder="UserName" required onKeyDown="return nextbox(event, 'u_password');"> <label for="u_username light-300">Name</label> </div> </div> <div class="col-lg-12 mb-4"> <div class="form-floating"> <input type="password" class="form-control" id="u_password" name="passw" placeholder="Password" required onKeyDown="return nextbox(event, 'ASubmit');"> <label for="u_password light-300">Password</label> </div> </div> <div class="col-md-12 col-12 m-auto text-center"> <button type="submit" class="btn btn-secondary rounded-pill px-md-5 px-4 py-2 radius-0 text-light light-300" id="ASubmit">Login</button> </div> <br><br> </div> </div> </div> </div> </div> </form> <script> $('#u_username').focus(); function nextbox(e, id) { // อ่าน keycode (cross browser) var keycode = e.which || e.keyCode; // ตรวจสอบ keycode (13 คือ กด enter) if (keycode == 13) { if(id=="ASubmit"){ $('#ASubmit').click(); } // ย้ายโฟกัสไปยัง input ที่ id document.getElementById(id).focus(); // return false เพื่อยกเลิกการ submit form return false; } } </script>

checkuser.php

<?php session_start(); $user = $_POST["user"]; $pwd = $_POST["passw"]; $url = "http://localhost:8013/api_check_user.php"; $redirecturl = json_decode(APILogIn( $url, $user, $pwd ), true); if($redirecturl[0]=="Y"){ include('connectDBMS.php'); $sqlchk = " SELECT s_code,s_username,s_password,s_userlastlogin FROM sysuser WHERE s_username = '$user' and s_password = '$pwd' "; $rs = sqlsrv_query($ConnDB, $sqlchk); while ( $row = sqlsrv_fetch_object($rs ) ){ if(!empty($row->s_username) === true && !empty($row->s_password) === true){ $_SESSION['s_username'] = $row->s_username; $_SESSION['s_code'] = $row->s_code; } } $urlgo = "dashboard.php"; }else{ $urlgo = "error.php"; } echo "<script>window.location='".$urlgo."';</script>"; function APILogIn( $url, $user, $pwd ){ $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => '', CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => 'POST', CURLOPT_POSTFIELDS => '{ "USERNAME" : "'.$user.'", "PASSWORD" : "'.$pwd.'" }', CURLOPT_HTTPHEADER => array( 'Content-Type: application/json', 'Authorization: Basic VVNFUkxFS0pFVzpQV0RMRUtKRVcxOQ==' ), )); $response = curl_exec($curl); curl_close($curl); return $response; } ?>

api_check_user.php

<?php header('Content-Type: application/json'); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); date_default_timezone_set("Asia/Bangkok"); $username = $_SERVER['PHP_AUTH_USER']; // username $password = $_SERVER['PHP_AUTH_PW']; // password $token = $_SERVER['HTTP_AUTHORIZATION']; $result = array(); $message = array(); $enddev = array(); // ส่ง username และ password มามั้ย ถ้าไม่ส่งมาไม่ต้องทำอะไรเลย if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="Basic '.$token.'"'); header('HTTP/1.0 401 Unauthorized'); $result[] = 'Authorization'; exit; } else { // ส่งมาถูกมั้ย if($username!="USERLEKJEW"){ $message[] = "USERNAME INCORRECT"; } if($password!="PWDLEKJEW19"){ $message[] = "PASSWORD INCORRECT"; } $numerr = sizeof($message); if($numerr==0){ include('connectDBMS.php'); if ($ConnDB) { sqlsrv_begin_transaction($ConnDB); try { $getdata = file_get_contents("php://input"); $data = json_decode($getdata,true); $user = $data['USERNAME']; $pwd = $data['PASSWORD']; $res = "N"; $sqlchk = " SELECT s_code,s_username,s_password,s_userlastlogin FROM sysuser WHERE s_username = '$user' and s_password = '$pwd' "; $rs = sqlsrv_query($ConnDB, $sqlchk); while ( $row = sqlsrv_fetch_object($rs ) ){ if(!empty($row->s_username) === true && !empty($row->s_password) === true){ $res = "Y"; } } $result[] = $res; } catch (Exception $ex) { $result[] = $ex->getMessage(); sqlsrv_rollback($ConnDB); } sqlsrv_close($ConnDB); }else{ $result[] = "ERROR CONNECTION"; } }else{ $result[] = $message; } } echo json_encode($result, JSON_UNESCAPED_UNICODE); ?>

checklogin.php

<?php session_start(); $scode=$_SESSION['s_code']; $username=$_SESSION["s_username"]; if($scode==""){ header( "location: error.php" ); exit(0); }else{ include('include/connectDBMS.php'); } ?>

header_login.php

dashboard.php

<?php include_once("checklogin.php"); ?> <!DOCTYPE html> <html lang="en"> <head> <title>Lekjew.com</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <?php include_once("include/style.php"); ?> </head> <body class="adminbody"> <?php include_once("include/header_login.php"); ?> <div id="main" > <?php include_once("leftmenu.php"); ?> <div class="content-page"> <div class="content"> <div class="col-md-12"> <div class="card pd-10"> DashBoard <br><br> </div> </div> </div> </div> </body> </html> <?php include_once("include/js.php"); ?>