我正在尝试使用我的login.php上的cookie建立对个人资料页面的身份验证。我似乎无法通过login.php来验证用户身份。
这是login.php的代码:
if ($result['Password'] != hashPassword($_POST['Password'],$result['SALT'])) {
echo "<script type='text/javascript'>alert('Failed to Login, Please Try Again')</script>";
echo "<meta http-equiv='refresh' content='0' URL= '/login.php'>";
exit;
}
else {
# A righteous login. First, set the nonce to a value that can be
# checked in your Account table.
$nonce = gensym();
submitDB("UPDATE Customer SET NONCE='" . $nonce . "' WHERE CustomerID=" . $result['CustomerID']);
# Now set cookies containing credentials that expire in just two
# hours
setcookie('CustomerID',$result['CustomerID'],time()+ 60*60*2);
setcookie('credentials',hash('sha512', $result['CustomerID'] . $nonce),time()+ 60*60*2);
# Cache name for display on other pages
setcookie('Name', $result['Name'],time()+ 60*60*2);
# Refresh this page, which will dispatch me to the right page according to privileges.
echo "<meta http-equiv='refresh' content='0' URL= '/profile.php'>";
exit;
}
任何帮助将不胜感激!提前谢谢