我的代码正在运行,我没有看到它的问题。我测试了SQL中的所有MySQL语句,一切都很好。
现在每次获取密码变量时,它只会返回Bad Password,就好像m_Pass为空。
任何人都认为我不这些陈述有什么问题吗?
我使用此作为一次性密码文件传输工具,您必须指定用于访问它的文件名和密码。
然后它检查包含以下格式的SQL数据库:
0 | Test.txt | testpass
任何帮助都将不胜感激。
的index.php:
<?php
echo <<<EOF
<form method="post" action="Index.php">
File:<input type="text" name="txtFilename"><br>
Password:<input type="text" name="txtPassword">
<input type="submit" value="Download" name="submit">
</form>
EOF;
function doProcess()
{
$servername = "localhost";
$username = "<username>";
$password = "<Password>";
$dbname = "<dbname>";
$filename = $_POST["txtFilename"];
$pass = $_POST["txtPassword"];
echo $filename . "<br>";
if ($filename = ""){
return;
}
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully" . "<br>";
$sql = "SELECT id, m_Pass FROM Main WHERE m_File = '$filename'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$m_id = $row["id"];
echo $m_id . "<br>";
if ($row["m_Pass"] == $pass){
echo "Downloading.<br>";
//Download File
$filename = utf8_decode("<Path>" . $filename);
if (file_exists($filename)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($filename));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($filename));
ob_clean();
flush();
readfile($filename);
$sql = "delete from Main where id = '$m_id'";
$result = mysqli_query($conn, $sql);
}
} else {
echo $pass . " | '" . $row["m_Pass"] . "'<br>";
echo "Bad Password.<br>";
}
echo "Done.<br>";
// Close connection
$conn->close();
}
if(isset($_POST['submit']))
{
doProcess();
}
?>
答案 0 :(得分:0)
搞定了......由于块阻止了SQL查询命令没有附加$ filename:
if ($filename = ""){
return;
}
我明白为什么......我指的是不比较大声的值。