所以我按照这里的教程:http://daveismyname.com/creating-a-blog-from-scratch-with-php-bp#.U3zILN6wXMM来创建一个简单的博客,除了登录表单外,一切似乎都在工作。我在我的数据库中保存了2个用户,但是当我尝试使用它们登录时它们都不起作用。我昨天开始工作,但我认为重新启动计算机已经删除了用于验证信息的密码哈希值,但我不确定。
PHP(登录表单):
<<?php
//include config
require_once('../includes/config.php');
//check if already logged in
if( $user->is_logged_in() ){ header('Location: index.php'); }
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin Login</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
</head>
<body>
<div id="login">
<?php
//process login form if submitted
if(isset($_POST['submit'])){
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($user->login($username,$password)){
//logged in return to index page
header('Location: index.php');
exit;
} else {
$message = '<p class="error">Wrong username or password</p>';
}
}//end if submit
if(isset($message)){ echo $message; }
?>
<form action="" method="post">
<p><label>Username</label><input type="text" name="username" value="" /></p>
<p><label>Password</label><input type="password" name="password" value="" /></p>
<p><label></label><input type="submit" name="submit" value="Login" /></p>
</form>
</div>
</body>
</html>
我不知道是否需要这个,但这是配置文件
PHP(配置文件):
<?php
ob_start();
session_start();
//DB connection info
define('DBHOST','127.0.0.1');
define('DBUSER','root');
define('DBPASS','ledyard');
define('DBNAME','blog');
$db = new PDO("mysql:host=".DBHOST.";port=3306;dbname=".DBNAME, DBUSER, DBPASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//Timezone
date_default_timezone_set('America/Chicago');
//Load classes
function __autoload($class) {
$class = strtolower($class);
//If call adjusts path
$classpath = 'classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
$classpath = '../classes/class.'.$class . '.php';
if(file_exists($classpath)) {
require_once $classpath;
}
//If call adjusts admin path
$classpath = '../../classes/class.'.$class . '.php';
if(file_exists($classpath)) {
require_once $classpath;
}
}
$user = new User($db);
?>
这是定义登录功能的class.user.php文件。
PHP(USERS文件):
<?php
class User {
private $db;
public function __construct($db){
$this->db = $db;
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
public function create_hash($value)
{
return $hash = crypt($value, '$2a$12#'.substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22));
}
private function verify_hash($password,$hash)
{
return $hash == crypt($password, $hash);
}
private function get_user_hash($username){
try {
$stmt = $this->db->prepare('SELECT password FROM blog_members WHERE username = :username');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['password'];
} catch(PDOException $e) {
echo '<p class="error">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->verify_hash($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
public function logout(){
session_destroy();
}
}
?>
答案 0 :(得分:1)
如果你只是复制/粘贴你的代码然后再复制你的脚本,然后尝试..如果有效,那么比较代码就是问题。