Question

任何时候我尝试使用我的登录文件登录时，它会给出我在代码中设置的错误，但我无法弄清楚它有什么问题。

这是我的代码：

<?php
    include 'inc/dbc.php';
    include 'inc/functions.php';
?>
<?php
    function get_client_ip() {
        $ipaddress = '';
        if ($_SERVER['HTTP_CLIENT_IP']) {
            $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
        }
        else if($_SERVER['HTTP_X_FORWARDED_FOR']) {
            $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        else if($_SERVER['HTTP_X_FORWARDED']) {
            $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
        }
        else if($_SERVER['HTTP_FORWARDED_FOR']) {
            $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
        }
        else if($_SERVER['HTTP_FORWARDED']) {
            $ipaddress = $_SERVER['HTTP_FORWARDED'];
        }
        else if($_SERVER['REMOTE_ADDR']) {
            $ipaddress = $_SERVER['REMOTE_ADDR'];
        }
        else {
            $ipaddress = 'UNKNOWN';
        }
       return $ipaddress;
    }
?>
<?php
if(isset($_GET['user']) && !empty($_GET['user'])) {
    $username = $_GET['user'];
} else {
    $username = $_SESSION['username'];
}
    $my_name = $_SESSION['username'];
    $firstname = getuser($username, 'firstname');
    $middlename = getuser($username, 'middlename');
    $lastname = getuser($username, 'lastname');
    $aboutme = getuser($username, 'aboutme');
    $email = getuser($username, 'email');
    $dob = getuser($username, 'dob');
    $address = getuser($username, 'address');
    $website = getuser($username, 'website');
    $country = getuser($username, 'country');
    $city = getuser($username, 'city');
    $state = getuser($username, 'state');
    $phone = getuser($username, 'phone');
    $gender = getuser($username, 'gender');
    $rank = getuser($username, 'rank');
    $avatar = getuser($username, 'aavtar');
?>
<!DOCTYPE html>
<html>
    <head>
        <title>EWC Login</title>
        <link rel="stylesheet" type="text/css" href="css/login.css">
        <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css">
    </head>

    <body>
        <div class='main'>
            <div class='body'>
                <div class="loginf">
                    <?php
                        if (loggedIn() == true) {
                    ?>
                        <div class='logged'>
                            <div class='logwrapper'>
                                <div class='top'>
                                    <p>Is this you? <a href="home.php">Home</a></p>
                                </div>
                                <div class='img'>
                                    <img src="images/users/<?php echo $avatar;?>">
                                </div>
                                <div class='info'>
                                    <h3><?php echo $firstname . ' ' . $middlename . ' ' . $lastname;?></h3>
                                    <div class='subinfo'>
                                        <?php echo $gender;?>
                                        <?php echo $dob;?>
                                        <?php echo $rank;?>
                                        <?php echo $country . ', ' . $city . ' ' . $state; ?>
                                    </div>
                                </div>
                                <div class='bottom'>
                                    <p>You are already logged in. Click here to <a href="logout.php">logout.</a></p>
                                </div>
                            </div>
                        </div>
                    <?php
                        } else {
                    ?>
                    <form method="post">
                            <?php
                                if (isset($_POST['submit'])) {
                                    $username = stripcslashes(mysqli_real_escape_string($mysqli, $_POST['username']));
                                    $password = stripcslashes(mysqli_real_escape_string($mysqli, $_POST['password']));
                                    $pw = sha1($password);

                                    if (empty($username) && empty($password)) {
                                        echo 'Username and Password cannot be empty';
                                    } else {
                                        $check_login = mysqli_query($mysqli, "SELECT * FROM users WHERE username = '$username' AND password = '$pw' LIMIT 1") or die(mysqli_error($mysqli));
                                        $rows = mysqli_num_rows($check_login);
                                        if ($rows == 1) {
                                            mysqli_query($mysqli, "UPDATE users SET login_ip = '$ipaddress' WHERE username = '$username' ") or die(mysqli_error($mysqli));
                                            $_SESSION['username'] = $username;
                                            header('location: home.php');
                                        } else {
                                            echo 'Your entries are Invalid';
                                        }
                                    }
                                }
                            ?>
                        <div class="input-group margin-bottom-sm">
                          <span class="input-group-addon"><i class="fa fa-user fa-fw"></i></span>
                          <input class="form-control" name='username' type="text" placeholder="Username...">&nbsp;&nbsp;<a href="forgot.php?forgot=username">Forgot Username?</a>
                        </div>
                        <div class="input-group">
                          <span class="input-group-addon"><i class="fa fa-key fa-fw"></i></span>
                          <input class="form-control" name='username' type="password" placeholder="Password...">&nbsp;&nbsp;<a href="forgot.php?forgot=password">Forgot Passowrd?</a>
                        </div>
                        <div class="input-group">
                            <input class="form-control" name="submit" type="submit" value="Login">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="register.php">Don't have an account?</a>
                        </div>
                    </form>
                    <?php
                        }
                    ?>
                    <script>
                    function clearAutofill() {
                        if ( navigator.userAgent.toLowerCase().indexOf('chrome') >= 0 ) {
                            $('input[autocomplete="off"]').each( function(){
                                $(this).val('');
                            });
                        }
                    }

                    setTimeout(clearAutofill,500);
                    </script>
                </div>
            </div>
        </div>
    </body>
</html>

PS：session_start();在函数文件中！如果您需要更多代码，请询问！提前谢谢。

Answer 1

您有两个带有相同名称属性name='username'

的输入

<input class="form-control" name='username' type="text" placeholder="Username...">
<input class="form-control" name='username' type="password" placeholder="Password...">

您的密码输入应命名为“密码”，而不是“用户名”。

旁注：

最好在标题后添加exit;，否则您的代码可能希望继续执行。
关于stripcslashes()的使用;我不能肯定地说，但它可能/可能会做一些伤害和剥离可能的有效字符，特别是对于哈希。如果您仍遇到问题，请尝试将其从代码中删除。

关于密码存储

我注意到您正在使用sha1进行密码存储。现在不是最好的。
请参阅我的脚注。

我建议您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()功能。

对于PHP＆lt; 5.5使用password_hash() compatibility pack。

来自ircmaxell的答案https://stackoverflow.com/a/29778421/，该答案使用PDO with prepared statements和password_hash()。

只需使用图书馆。认真。它们存在是有原因的。

PHP 5.5+：使用password_hash()
PHP 5.3.7+：使用password-compat（上面的兼容包
所有其他人：使用phpass

不要自己动手。如果你正在创造自己的盐，你做错了。你应该使用一个为你处理这个问题的库。

$dbh = new PDO(...);

$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_DEFAULT);

$stmt = $dbh->prepare("insert into users set username=?, email=?, password=?");
$stmt->execute([$username, $email, $hash]);

登录时：

$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();
if (isset($users[0]) {
    if (password_verify($_POST['password'], $users[0]->password) {
        // valid login
    } else {
        // invalid password
    }
} else {
    // invalid username
}

将error reporting添加到文件的顶部，这有助于查找错误。

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

旁注：错误报告应仅在暂存时完成，而不是生产。

<强>脚注：

以下是sha1的一些您可能想要阅读的文章：

我的登录代码一直给我一个错误

1 个答案: