每次重新加载页面时,表单都会重新提交

时间:2015-04-16 15:56:27

标签: php

一旦用户登录(在login.php中),他们就会被重定向到control.php。如果他们关闭浏览器并重新打开control.php,则会要求他们重新提交表单。我如何使用我设置的cookie,而不是重新提交表单?

的login.php 

<?php session_start(); /* Starts the session */
$logins = array('username' => 'pass12');
if(isset($_COOKIE['userME']) && isset($_COOKIE['passME'])){ //if cookie is set do this
$Username=$_COOKIE['userME'];
$Password=$_COOKIE['passME'];
echo $Username.'-'.$Password;
    if (isset($logins[$Username]) && $logins[$Username] == $Password){
        /* Success: Set session variables and redirect to Protected page  */
        $_SESSION['UserData']['Username']=$logins[$Username];
        header("location:control.php");
        exit;
    } else {
        /*Unsuccessful attempt: Set error message */
        $msg="<span style='color:red'>1Invalid Login Details</span>";
    }

}
else{   //else new person
    /* Check Login form submitted */    
    if(isset($_POST['Submit'])){
        /* Check and assign submitted Username and Password to new variable */
        $Username = isset($_POST['Username']) ? $_POST['Username'] : '';
        $Password = isset($_POST['Password']) ? $_POST['Password'] : '';

        /* Check Username and Password existence in defined array */        
        if (isset($logins[$Username]) && $logins[$Username] == $Password){
            /* Success: Set session variables and redirect to Protected page  */
            $_SESSION['UserData']['Username']=$logins[$Username];
            setcookie('userME',$Username,time()+60*60*24*10,'/','71.12.145.29');
            setcookie('passME',$Password,time()+60*60*24*10,'/','71.12.145.29');
            header("location:control.php");
            exit;
        } else {
            /*Unsuccessful attempt: Set error message */
            $msg="<span style='color:red'>2Invalid Login Details:<?php echo $Username.'-'.$Password?></span>";
        }
    }
}
?>

<form action="" method="post" name="Login_Form">
  <table width="400" border="0" align="center" cellpadding="5" cellspacing="1" class="Table">
    <?php if(isset($msg)){?>
    <tr>
      <td colspan="2" align="center" valign="top"><?php echo $msg;?></td>
    </tr>
    <?php } ?>
    <tr>
      <td colspan="2" align="left" valign="top"><h3>Login</h3></td>
    </tr>
    <tr>
      <td align="right" valign="top">Username</td>
      <td><input name="Username" type="text" class="Input"></td>
    </tr>
    <tr>
      <td align="right">Password</td>
      <td><input name="Password" type="password" class="Input"></td>
    </tr>
    <tr>
      <td> </td>
      <td><input name="Submit" type="submit" value="Login" class="Button3"></td>
    </tr>
  </table>
</form>

control.php 

<?php
session_start();
echo "Hello, ".$_COOKIE['userME'].'<br>';
if(isset($_SESSION['UserData']['Username']))
{
    if (isset($_POST['submit'])) {
        switch ($_POST['submit']) {
            case 'room_light':
                    //execute code here
                break;
            case 'blink':
                    echo shell_exec("sudo ruby /home/pi/Desktop/PiControl/blinkPin1.rb");
                break;
        }
    }
    ?>

    <form method="post">
    <input type="submit" name="submit" value="room_light">
    </form>
    <?php
}
else
{
    header("location:login.php");
}
?>

1 个答案:

答案 0 :(得分:2)

解决这个问题的常用方法是实际创建三个网页:

  1. 表单网页,显示表单并在提交后发送到第2页;
  2. 检查密码的检查网页,设置cookie并立即重定向到第3页;
  3. 结果网页,使用第2页设置的Cookie。

    4. 因此,当重新加载第3页时,它将立即重用第2页设置的cookie。

    此外,您应该避免将密码存储在cookie中。你至少可以存储在cookie hash('sha256', $password)中;并检查(预先计算的)密码哈希值。

    这样,密码永远不会驻留在磁盘上,只能驻留在内存中,这样可以更好地保证安全。您可以使用以下链接查看有关此主题的更多信息,Fred -ii-提供:Is it secure to store passwords in cookies?; php, is there a safe way to store password in cookies?; Is it safe to store the password hash in a cookie and use it for “remember-me” login?

    甚至会有更好的散列方案,例如使用随机值进行盐析,但这可能会使您正在编写的应用程序过于复杂。

相关问题
最新问题