我的登录,注册页面工作正常但protect_page功能不起作用。当我没有登录并且我进入一个必须受到保护的页面时,它会显示我的页面。 protect_page,登录功能:
<?php
function protect_page() {
if (logged_in() === false) {
header('Location: protect.php');
exit();
}
}
function logged_in(){
return (isset($_SESSION['user_id'])) ? true : false;
}
?>
init.php:
<?php
session_start();
require 'connect.php';
require 'general.php';
require 'users.php';
if(logged_in() === true) {
$session_user_id = $_SESSION['user_id'] ;
$user_data = user_data($session_user_id, 'user_id', 'username','password', 'salt');
}
$errors = array() ;
?>
adminpanel.html
<?php
protect_page();
include 'admin log in/init.php';
?>
的login.php
if($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else
{
$usernameVal = $_REQUEST["username"];
$hashedPW = hash('sha256', $saltedPW);
$escapedPW = mysqli_real_escape_string($conn,$_REQUEST['password']);
$query = "select * from users where username = '$usernameVal';";
$resultSet = mysqli_query($conn,$query);
if(mysqli_num_rows($resultSet) > 0) {
$saltQuery = "select salt from users where username = '$usernameVal';";
$result = mysqli_query($conn,$saltQuery);
$row = mysqli_fetch_assoc($result);
$salt = $row['salt'];
$saltedPW = $escapedPW . $salt;
$query = "select * from users where username = '$usernameVal' and password = '$hashedPW';";
$resultSet = mysqli_query($conn,$query);
if(mysqli_num_rows($resultSet) > 0) {
header('Location: ../adminpanel.html');
}
else {
echo 'Your username or password is incorrect !';
}
}
}
register.php
if($conn->connect_error) {
die("Connection failed:" . $conn->connect_error);
}
else
{
$hashedPW = hash('sha256', $saltedPW);
$escapedPW = mysqli_real_escape_string($conn,$_REQUEST['password']);
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$saltedPW = $escapedPW . $salt;
$sql = "INSERT INTO users (username,password,salt) value ('$usernameVal','$hashedPW','$salt')";
$result=$conn->query($sql);
if($result==true)
echo"Inserted";
else
echo"Error";
}