我正在处理我正在使用的登录脚本的问题,我添加了密码解密部分,因为我使用password_hasf函数加密了密码。由于我是php新手,我很难解决这个问题。我希望你们能帮我解决这个问题。谢谢!
以下是登录代码:
*<?php
session_start();
include "../config.php";
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
// dehashing
$sql = "SELECT COUNT * FROM tbl_user WHERE username='$username' AND
password='$password'";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_assoc($result);
$pwd_hash = $row['password'];
$hash = password_verify($row,$pwd_hash);
if($hash == FALSE){
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.');
</script>";
} else {
$sql = "SELECT uid,username,password,activated FROM tbl_user WHERE
username='$username' AND password='$password'";
$result = mysqli_query($con,$sql);
$login_variables = mysqli_fetch_array($result);
$_SESSION['login_username']=$login_variables['username'];
if(isset($_SESSION['login_username'])){
echo "<script type='text/javascript'>alert ('You are now logged in as ".
$_SESSION['login_username'] ."'); document.location.href='../index.php'
</script>";
} else {
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.');
document.location.href='javascript: history.go(-1)'</script>";
exit;
}
}
?>
我的索引:
*<?php
header("location: list.php");
?>*
我的清单:
*<?php
session_start();
if(!isset($_SESSION['login_username']))
{
header("location: ../login.php");
exit;
}
?>*
列表上有一些html表和东西。
答案 0 :(得分:1)
错字:
*<?php
session_start();
include "../config.php"; //database connection
$username = $_REQUEST['username']; //information from login form
$password = $_REQUEST['password']; //information from login form
$sql = "SELECT uid,username,password FROM tbl_user WHERE username='$username' AND password='$password'";
$result = mysqli_query($con,$sql);
$login_variables = mysqli_fetch_array($result);
$_SESSION = array(
'sess_username' => $login_variables['username'],
'sees_password' => $login_variables['password']
);
if(isset($_SESSION['sess_username']) && isset($_SESSION['sees_password']))
{
header ("location: ../index.php");
}
else
{
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.'); document.location.href='javascript: history.go(-1)'</script>";
}
?>*
和
*<?php
session_start();
if(!isset($_SESSION['sess_username']) && ($_SESSION['sees_password']))
{
header("location: ../login.php");
}
?>*
答案 1 :(得分:0)
你不告诉我们你遇到了什么问题。 除了为sql注入打开自己的代码之外,您可以尝试更改
$_SESSION = array(
'sess_username' => $login_variables['username'],
'sees_password' => $login_variables['password']
);
到
$_SESSION['sess_username']=$login_variables['username'];
$_SESSION['sees_password']=$login_variables['password'];
编辑: 如果您要存储登录详细信息,请执行以下操作:
INSERT INTO table (username,password) VALUES ('{$user}',password_hash($pass) );
然后你可以使用
$sql = "SELECT COUNT * FROM tbl_user WHERE username='$username' AND
password='".password_hash($password)."'";
检索相关信息
答案 2 :(得分:0)
在代码中,您有一个'sess_username',其余的是'sees_username'。那会阻止它工作!
答案 3 :(得分:0)
网站的漏洞和密码机密性,如果登录后工作正在改善。
登录代码:
*<?php
session_start();
include "../config.php"; //database connection
$username = $_REQUEST['username']; //information from login form
$password = $_REQUEST['password']; //information from login form
$sql = "SELECT uid,username,password FROM tbl_user WHERE username='$username' AND password='$password'";
$result = mysqli_query($con,$sql);
$login_variables = mysqli_fetch_array($result);
$_SESSION['sess_username'] = $login_variables['username'];
$_SESSION['sess_password'] = $login_variables['password'];
if(isset($_SESSION['sess_username']) && isset($_SESSION['sess_password']))
{
header ("location: ../index.php");
}
else
{
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.'); document.location.href='javascript: history.go(-1)'</script>";
}
?>*
指数:
*<?php
header("location: list.php");
?>*
列表:
*<?php
session_start();
if(!isset($_SESSION['sess_username']) && ($_SESSION['sess_password']))
{
header("location: ../login.php");
exit;
}
?>*
答案 4 :(得分:0)
你有没有机会被重定向回来并陷入循环?
if(!isset($_SESSION['sees_username']) && ($_SESSION['sees_password']))
更改为
if(!isset($_SESSION['sees_username']) && !isset($_SESSION['sees_password']))
将检查密码是否存在,另一个将检查用户名是否未设置
所以在你的代码中,它会重定向到你的if stamenent中的条件2登录