我有这个易于使用的登录页面,我已经使用了很长时间。
现在我试图修改它,以便我的用户名和密码存储在数据库中,而不是文件中的明文。
密码与MD5一起存储在数据库中,并且登录工作正常,但是当我进入您必须登录的网站时,我会被重新定向到登录屏幕,其中显示错误的密码...
我做错了什么?
<?php
$un = $_POST['user'];
require_once ('/inc/login_conn.php');
$dsn = "mysql:Server=$Lhost:$Lport;Database=$Ldb";
$sql = "SELECT * FROM Users WHERE UserName= '$un'";
$stmt = $conn->prepare($sql);
$stmt->execute ();
$sett1= $stmt->fetch(PDO::FETCH_ASSOC);
$user = $sett1['UserName'];
$pass = $sett1['Password'];
define('LOGIN_USER', "$user");
//define('LOGIN_USER', "USERNAME");
define('LOGIN_PASS', "$pass");
//define('LOGIN_PASS', "PASSWORD");
class Login {
// unique prefix that is used with this object (on cookies and password salt)
var $prefix = "login_";
// days "remember me" cookies will remain
var $cookie_duration = 1;
var $user = "";
var $pass = "";
function authorize() {
//save cookie info to session
if(isset($_COOKIE[$this->prefix.'user'])){
$_SESSION[$this->prefix.'user'] = $_COOKIE[$this->prefix.'user'];
$_SESSION[$this->prefix.'pass'] = $_COOKIE[$this->prefix.'pass'];
}
// else{echo "no cookie<br>";}
//if setting vars
if(isset($_POST['action']) && $_POST['action'] == "set_login"){
$this->user = $_POST['user'];
$this->pass = md5($this->prefix.md5($_POST['pass'])); //hash password. salt with prefix
$this->check();//dies if incorrect
//if "remember me" set cookie
if(isset($_POST['remember'])){
setcookie($this->prefix."user", $this->user, time()+($this->cookie_duration*86400));// (d*24h*60m*60s)
setcookie($this->prefix."pass", $this->pass, time()+($this->cookie_duration*86400));// (d*24h*60m*60s)
}
//set session
$_SESSION[$this->prefix.'user'] = $this->user;
$_SESSION[$this->prefix.'pass'] = $this->pass;
}
//if forced log in
elseif(isset($_GET['action']) && $_GET['action'] == "prompt"){
session_unset();
session_destroy();
//destroy any existing cookie by setting time in past
if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25));
if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25));
$this->prompt();
}
//if clearing the login
elseif(isset($_GET['action']) && $_GET['action'] == "clear_login"){
session_unset();
session_destroy();
//destroy any existing cookie by setting time in past
if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25));
if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25));
$msg = '<h2 class="msg">**Logout complete**</h2>';
$this->prompt($msg);
}
//prompt for
elseif(!isset($_SESSION[$this->prefix.'pass']) || !isset($_SESSION[$this->prefix.'user'])){
$this->prompt();
}
//check the pw
else{
$this->user = $_SESSION[$this->prefix.'user'];
$this->pass = $_SESSION[$this->prefix.'pass'];
$this->check();//dies if incorrect
}
}#-#authorize()
function check(){
if(md5($this->prefix . LOGIN_PASS) != $this->pass || LOGIN_USER != $this->user){
//destroy any existing cookie by setting time in past
if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25));
if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25));
session_unset();
session_destroy();
$msg='<h2 class="warn">Incorrect username or password</h2>';
$this->prompt($msg);
}
}#-#check()
function prompt($msg=''){
?>
会议:
<?php
session_start();
require("/Login.class.php");
$login = new Login;
$login->authorize();
?>
编辑:
如果我改变了行
$this->pass = md5($this->prefix.md5($_POST['pass'])); //hash password. salt with prefix
在我尝试从db获取用户名和pw之前:
$this->pass = md5($this->prefix.$_POST['pass']); //hash password. salt with prefix
并使用我的哈希密码登录,它仍然似乎无法工作....所以问题可能在其他地方吗?如果我将define_user和define_pass设置为静态变量,它就像魅力......