我有一个登录脚本,其中一个页面(index.php)可以请求用户登录(protect.php)但是我在index.php上看到的所有内容都是空白屏幕,没有来源和没有错误消息。我至少应该看到login.php要求用户登录。这个脚本适用于几个小步骤,而不仅仅是决定停止工作
这个确切的脚本以前在我创建的许多其他Web应用程序中都有用,但是这个不起作用。经过几个小时的调试后,我仍然无法找到解决这个问题的方法。
的index.php:
<?php
$allow=array('0','1','2');
require("users/protect.php");
?>
<script>window.location="/setup.php";</script>
protect.php:
<?php
session_start();
// --------------------------------THE VARIABLES---------------------------------- //
@include ("config.php");
// ----------------------------------THE CODE ------------------------------------ //
function clearance ($user_value, $pass_value, $level_value, $userlevel_value, $table_value, $column1, $column2, $path) { // Function to see if user can login
$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE email='$user_value' AND password='$pass_value'"); // Query to see if user exists
$verify = mysql_num_rows ($check);
$get = mysql_fetch_array ($check);
if (count ($level_value) != 0) { // If the allow array contains userlevels
if (in_array ($get[$userlevel_value], $level_value) && $verify > 0) { // Search allow to see if userlevels match
$_SESSION['username'] = $user_value; // Register sessions
$_SESSION['password'] = sha1 ($pass_value); // sha1 password for extra security
$_SESSION['userlevel'] = $get[$userlevel_value];
}
} else {
if ($verify == 0) { // If attempt fails then redirect to login page
$_SESSION = array();
$error = "Sorry but your login details were incorrect";
@include ("login.php");
exit;
}
if ($verify > 0) { // If attempt is good then register the user
$_SESSION['username'] = $user_value;
$_SESSION['password'] = sha1 ($pass_value);
}
}
}
function protect ($level_value, $password_value, $userlevel_value, $table_value, $column1, $path) { // Function to keep pages secure
if (!isset ($_SESSION['username'])) { // If session doesn't exist then get user to login
if (isset ($_POST['username']) && isset ($_POST['password'])) {
$error = "Sorry but your login details were incorrect";
}
$_SESSION = array();
@include ("login.php");
exit;
} else { // If user is logged in check to see if session is valid and that they have the required userlevel
$check = mysql_query ("SELECT $password_value, $userlevel_value FROM $table_value WHERE $column1='$_SESSION[username]'"); // Query to see if user exists
$verify = mysql_num_rows ($check);
$get = mysql_fetch_array ($check);
if ($verify == 0) {
$_SESSION = array();
$error = "Sorry but your login details were incorrect";
@include ("login.php");
exit;
}
if ($verify > 0 && count ($level_value) != 0) {
if (!in_array ($get[$userlevel_value], $level_value)) { // Check to see if the users userlevel allows them to view the page
$error = "Sorry but your login details were incorrect";
@include ("login.php");
exit; // Ensure no other data is sent
}
}
}
}
if (isset ($_POST['username']) && isset ($_POST['password'])) { // If user submits login information then validate it
clearance ($_POST['username'], $_POST['password'], $allow, $userlevel, $table, $username, $password, $path);
}
protect ($allow, $password, $userlevel, $table, $username, $path);
mysql_close ($link); // Close the database connection for security reasons
// -----------------------------------THE END ------------------------------------ //
?>