这有什么问题?这是登录过程文件。我有空白页面。
当我输入我的电子邮件和密码时,此脚本必须在cookie +会话时间设置登录会话,但由于某种原因,我只有空白页面。网络上的所有其他文件都运行正常,只是这个文件让我错误。我没有任何错误,只是没有工作。
:/(我的英语不好意思)
<?php
ini_set('error_reporting', E_ALL);
error_reporting(E_ALL);
require( "./configuration.php" );
include( "./include.php" );
$task = htmlspecialchars( $_POST['task'] );
if ( empty( $task ) )
{
$task = htmlspecialchars( $_GET['task'] );
}
switch ( $task )
{
case "login" :
$email = htmlspecialchars( $_POST['email'] );
$password = htmlspecialchars( $_POST['password'] );
$return = htmlspecialchars( $_POST['return'];
$rememberme = htmlspecialchars( $_POST['rememberme'] );
unset( $_SESSION['loginerror'] );
setcookie( "rememberme", $rememberme, time( ) + 60 * 60 * 24 * 30 );
if ( !empty( $_SESSION['lockout'] ) && time( ) - 60 * 5 < $_SESSION['lockout'] )
{
}
else if ( !empty( $email ) && !empty( $password ) )
{
$numrows = mysql_num_rows(mysql_query( "SELECT `clientid` FROM `client` WHERE `email` = '".$email."' && `password` = '".$password."' && ( `status` = 'Active' || `status` = 'Inactive' )" ));
if ( $numrows == 1 )
{
$rows = mysql_fetch_array(mysql_query( "SELECT `clientid`, `email`, `firstname`, `lastname` FROM `client` WHERE `email` = '".$email."' && `password` = '".$password."'" ));
mysql_query( "UPDATE `client` SET `lastlogin` = NOW(), `lastip` = '".$_SERVER['REMOTE_ADDR']."', `lasthost` = '".gethostbyaddr( $_SERVER['REMOTE_ADDR'] )."' WHERE `clientid` = '".$rows['clientid']."'" );
$_SESSION['clientid'] = $rows['clientid'];
$_SESSION['clientemail'] = $rows['email'];
$_SESSION['clientfirstname'] = $rows['firstname'];
$_SESSION['clientlastname'] = $rows['lastname'];
if ( $rememberme == "on" )
{
setcookie( "clientemail", $rows['email'], time( ) + 604800 );
}
else
{
setcookie( "clientemail", "", time( ) + 60 * 60 * 24 * 1 );
}
unset( $_SESSION['loginattempt'] );
unset( $_SESSION['lockout'] );
if ( !empty( $return ) )
{
header( "Location:".$return );
}
else
{
header( "Location: index.php" );
}
exit( );
}
}
$_SESSION['loginerror'] = TRUE;
$_SESSION += "loginattempt";
if ( 4 < $_SESSION['loginattempt'] )
{
$_SESSION['lockout'] = time( );
$_SESSION['loginattempt'] = 3;
}
if ( !empty( $return ) && !empty( $email ) )
{
header( "Location: login.php?return=".urlencode( $return )."&email=".urlencode( $email ) );
}
else if ( empty( $return ) && !empty( $email ) )
{
header( "Location: login.php?email=".urlencode( $email ) );
}
else if ( !empty( $return ) && empty( $email ) )
{
header( "Location: login.php?return=".urlencode( $return ) );
}
else
{
header( "Location: login.php" );
}
exit( );
break;
case "password" :
$email = $_POST['email'] ;
unset( $_SESSION['success'] );
if ( !empty( $_SESSION['lockout'] ) && time( ) - 60 * 5 < $_SESSION['lockout'] )
{
}
else if ( !empty( $email ) )
{
$numrows = mysql_num_rows(mysql_query( "SELECT `clientid` FROM `client` WHERE `email` = '".$email."'" ));
if ( $numrows == 1 )
{
$password = ( 8 );
$rows = mysql_fetch_array(mysql_query( "SELECT `clientid`, `email`, `firstname`, `lastname` FROM `client` WHERE `email` = '".$email."'" ));
mysql_query( "UPDATE `client` SET `password` = '".$password."' WHERE `clientid` = '".$rows['clientid']."'" );
$message = "Your password has been reset to: {$password} \nIP: ".$_SERVER['REMOTE_ADDR'];
include_once( "./includes/class.phpmailer.php" );
$mail = new PHPMailer( );
$mail->IsMail( );
$mail->AddAddress( $rows['email'], $rows['firstname']." ".$rows['lastname'] );
$mail->From = $rows['email'];
$mail->FromName = SITENAME;
$mail->Subject = "Reset Password";
$mail->Body = $message;
$mail->Send( );
unset( $_SESSION['loginattempt'] );
unset( $_SESSION['lockout'] );
$_SESSION['success'] = "Yes";
header( "Location: login.php?task=password" );
exit( );
}
}
$_SESSION['success'] = "No";
$_SESSION += "loginattempt";
if ( 4 < $_SESSION['loginattempt'] )
{
$_SESSION['lockout'] = time( );
$_SESSION['loginattempt'] = 3;
}
header( "Location: login.php?task=password" );
exit( );
break;
case "logout" :
session_destroy( );
header( "Location: login.php" );
exit( );
break;
}
header( "Location: index.php" );
exit( );
?>
答案 0 :(得分:2)
第18行的语法错误缺少)以关闭htmlspecialchars函数。
因此请将此行$return = htmlspecialchars( $_POST['return'];替换为$return = htmlspecialchars( $_POST['return']);
答案 1 :(得分:0)
你在某个地方开会吗?
您需要使用:
session_start();
答案 2 :(得分:0)
使用mysql_real_escape_string&amp;&amp; htmlspecialchars
using this function in php we can protect our code from sql injection