我花了几分钟但我无法弄清楚这个简单的错误。这是我的index.php
<?php
session_start();
//error_reporting(0);
require_once('conn.php');
unset($_SESSION['userid']);
unset($_SESSION['username']);
?>
<html>
<head><title>Log-In Page</title></head>
<body>
<form action="login.php" method="post">
Username: <input type="text" name="username" /><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Log In"/>
</form>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<font color="#FF0000">',$msg,'</font>';
}
unset($_SESSION['ERRMSG_ARR']);
}
?>
<br/>
<p>Not Yet Registered?Click <a href="regform.php">here</a>.</p>
</body>
</html>
我尝试评论上述行,但页面空白。 这是我的login.php:
<?php
//error_reporting(0);//hide php error
session_start();
$con = mysql_connect("localhost","root","");//host connection
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dblogin", $con);//select dbname
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//variables
$userid= clean($_POST['userid']);
$username=clean(strtolower($_POST['username']));//transform username input into lower keys
$password= clean($_POST['password']);
date_default_timezone_set('Asia/Kuala_Lumpur');//time may varies
$datenow= date("Y/m/d H:i:s");//returns current date and time
$query=mysql_query("select *from itinerary_person where username='$username'");
$row=mysql_num_rows($query);//count row
//check if user exist
if ($row == 1){
$user = mysql_fetch_assoc($query);//fetch the related result from the query
require('blowfish.class.php');
$bcrypt = new Bcrypt(4);
if ($bcrypt->verify($_POST['password'], $user['password'])) {
session_regenerate_id();
$_SESSION['userid']= $user['userid'];
$_SESSION['username']= $user['username'];
session_write_close();
$filename=$_SESSION['username'];
$myFile = "logs/$filename.txt";
$fh = fopen($myFile, 'a') or die("can't open file");//save user's log in time and date
$stringData ="\r\n". $username .' logged in at '. $datenow;//new line
fwrite($fh, $stringData);
fclose($fh);
header("location:welcome.php");//redirect page if successful
}
}
else{
//redirect to index page if user not exist
//Login failed
$errmsg_arr[] = 'Invalid input';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:index.php");
exit();
}
}
?>
我认为它与会话变量有关但我无法调试它。 我知道如果表单上没有名称值,也会发生此错误。但在这种情况下,我不知道。
答案 0 :(得分:0)
从代码中删除以下行,因为它没有意义:
$userid = clean($_POST['userid']);
在代码中添加以下行:
session_regenerate_id();
$_SESSION['userid']= $user['userid'];
$userid = clean($_SESSION['userid']); /* THIS LINE */
$_SESSION['username']= $user['username'];
session_write_close();