晕那里,
我有一个PHP脚本和一个登录表单,当我尝试登录时没有显示错误。当它假设登录时,它会清除我的用户名和密码字段。它没有通过。
以下是我的代码。
<?php session_start(); ?>
<?php ob_start(); ?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>
<?php include ("db.php") ?>
<?php include ("phpmkrfn.php") ?>
<?php
// User levels
define("ewAllowAdd", 1, true);
define("ewAllowDelete", 2, true);
define("ewAllowEdit", 4, true);
define("ewAllowView", 8, true);
define("ewAllowList", 8, true);
define("ewAllowReport", 8, true);
define("ewAllowSearch", 8, true);
define("ewAllowAdmin", 16, true);
if (@$HTTP_POST_VARS["submit"] <> "") {
$bValidPwd = false;
// Setup variables
$sUserId = @$HTTP_POST_VARS["userid"];
$sPassWd = @$HTTP_POST_VARS["passwd"];
if (!($bValidPwd)) {
$conn = phpmkr_db_connect(HOST, USER, PASS,DB);
//$sUserId = (!get_magic_quotes_gpc()) ? addslashes($sUserId) : $sUserId;
$sSql = "SELECT * FROM `users`";
$sSql .= " WHERE `username` = '" . $sUserId . "'";
$rs = phpmkr_query($sSql,$conn) or die("Failed to execute query" . phpmkr_error() . ' SQL:' . $sSql);
if (phpmkr_num_rows($rs) > 0) {
$row = phpmkr_fetch_array($rs);
if (strtoupper($row["password"]) == strtoupper($sPassWd)) { $HTTP_SESSION_VARS["talkto_me_status_User"] = $row["username"]; $HTTP_SESSION_VARS["talkto_me_status_zita"] = $row["Full_Name"]; $HTTP_SESSION_VARS["talkto_me_status_UserLevel"] = $row["security_id"];
$bValidPwd = true;
header("Location: index.php");
}
}
phpmkr_free_result($rs);
phpmkr_db_close($conn);
}
if ($bValidPwd) {
SetUpUserLevel();
// Write cookies
if (@$HTTP_POST_VARS["rememberme"] <> "") {
setCookie("talkto_me_userid", $sUserId, time()+365*24*60*60);
}
$HTTP_SESSION_VARS["talkto_me_status"] = "login";
ob_end_clean();
header("Location: index.php");
exit();
} else {
$HTTP_SESSION_VARS["ewmsg"] = "Incorrect user ID or password";
}
}
function SetUpUserLevel()
{
global $HTTP_SESSION_VARS;
$arrSecurity[0][1] = "support"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
$HTTP_SESSION_VARS["support_menuitem"] = true;
}
$arrSecurity[1][0] = "General_User"; // User Level Name
$arrSecurity[1][1] = 12; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
$HTTP_SESSION_VARS["support_menuitem"] = (12 & ewAllowList);
}
$arrSecurity[0][2] = "users"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
$HTTP_SESSION_VARS["users_menuitem"] = true;
}
$arrSecurity[1][2] = 0; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
$HTTP_SESSION_VARS["users_menuitem"] = (0 & ewAllowList);
}
$arrSecurity[0][3] = "open_calls_report"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
$HTTP_SESSION_VARS["open_calls_report_menuitem"] = true;
}
$arrSecurity[1][3] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
$HTTP_SESSION_VARS["open_calls_report_menuitem"] = (8 & ewAllowList);
}
$arrSecurity[0][4] = "calls_by_number"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
$HTTP_SESSION_VARS["calls_by_number_menuitem"] = true;
}
$arrSecurity[1][4] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
$HTTP_SESSION_VARS["calls_by_number_menuitem"] = (8 & ewAllowList);
}
$arrSecurity[0][5] = "escalated_calls"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
$HTTP_SESSION_VARS["escalated_calls_menuitem"] = true;
}
$arrSecurity[1][5] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
$HTTP_SESSION_VARS["escalated_calls_menuitem"] = (8 & ewAllowList);
}
$arrSecurity[0][6] = "calls_attended_by_technician"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
$HTTP_SESSION_VARS["calls_attended_by_technician_menuitem"] = true;
}
$arrSecurity[1][6] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
$HTTP_SESSION_VARS["calls_attended_by_technician_menuitem"] = (8 & ewAllowList);
}
$arrSecurity[0][7] = "calls_attended_today"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
$HTTP_SESSION_VARS["calls_attended_today_menuitem"] = true;
}
$arrSecurity[1][7] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
$HTTP_SESSION_VARS["calls_attended_today_menuitem"] = (8 & ewAllowList);
}
$HTTP_SESSION_VARS["ewSecurity"] = $arrSecurity; // Save Security Table
}
?>
<?php include ("header.php") ?>
<script type="text/javascript" src="ew.js"></script>
<script type="text/javascript">
function EW_checkMyForm(EW_this) {
if (!EW_hasValue(EW_this.userid, "TEXT" )) {
if (!EW_onError(EW_this, EW_this.userid, "TEXT", "Please enter user ID"))
return false;
}
if (!EW_hasValue(EW_this.passwd, "PASSWORD" )) { if (!EW_onError(EW_this, EW_this.passwd, "PASSWORD", "Please enter password"))
return false;
}
return true;
}
</script>
<p> <span class="phpmaker">Login Page</span></p>
<?php
if (@$HTTP_SESSION_VARS["ewmsg"] <> "") {
?>
<p><span class="phpmaker" style="color: Red;"><?php echo $HTTP_SESSION_VARS["ewmsg"]; ? > </span></p>
<?php
$HTTP_SESSION_VARS["ewmsg"] = ""; // Clear message
}
?>
<form action="" method="post" onSubmit="return EW_checkMyForm(this);">
<table border="0" cellspacing="0" cellpadding="4">
<tr>
<td><span class="phpmaker">User Name</span></td>
<td><span class="phpmaker"><input type="text" name="userid" size="20" value="<?php echo @$HTTP_COOKIE_VARS["talkto_me_userid"]; ?>"></span></td>
</tr>
<tr>
<td><span class="phpmaker">Password</span></td>
<td><span class="phpmaker"><input type="password" name="passwd" size="20"> </span></td>
</tr>
<tr>
<td> </td>
<td><span class="phpmaker"><input type="checkbox" name="rememberme" value="true">Remember me</span></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="phpmaker"><input type="submit" name="submit" value="Login"></span></td>
</tr>
</table>
</form>
<br>
<p><span class="phpmaker">
</span></p>
<?php include ("footer.php") ?>
提前谢谢你......
答案 0 :(得分:0)
使用$_POST
代替@$HTTP_POST_VARS
我希望如果没有任何数据库问题,我会这样做