我已经在灯,wamp和xampp上尝试了我的代码 - 它只能在灯上工作。但是,如果我将灯泡中的php.ini文件换成xampp,它就可以了 - 因此,我猜测我在LAMP上以一种草率的方式进行编码,我的php.ini非常容易被允许。
目前,我的LAMP php.ini破坏了我的xampp mysqli,在我看来,我的灯密码在任何情况下都必须是脏的,所以我想知道你们是否能看到这里需要清洁的东西?
class datamanagement{
protected $mysql_host = "localhost";
protected $mysql_username = "root";
protected $mysql_password = "";
protected $mysql_database = "data";
protected $security_table = "users";
function __construct($security_level = 0)
{
$this->security($security_level);
}
protected function mysql_connect_func(){
// ...standard mysql connect stuff
}
protected function security($security_level){
session_start();
if(isset($_GET['logout'])){
session_unset();
}
if($security_level > 0)
{
if(!isset($_SESSION['initiated'])){
if(!isset($_POST['username']) || empty($_POST['username']) || empty($_POST['password']))
{
if(isset($_GET['logout']))
{
$string = rtrim($_SERVER['PHP_SELF'], '?logout');
}
?>
<div class="main_container">
<div class="form_container">
<?php
if(isset($_GET['logout']))
{
echo "<p>successfully logged out</p>";
}else
{
echo "<p>Access to this section require logging in</p>";
}
?>
<form method="post" action="<?php echo $string ?>"><input
type="hidden" name="login" value="true"></input>
<div><label for="title">Username:</label> <input name="username"
type="text" value="<?php echo $_POST['username']; ?>"></input><?php if(isset($_POST['username']) && $_POST['username'] == ''){echo "username required";}?><br>
</div>
<div><label for="post">Password:</label> <input name="password"
type="password"></input><?php if(isset($_POST['username']) && $_POST['password'] == ''){echo "password required";}?><br>
</div>
<input type="submit" value="Sign in" name="submit"></input></form>
</div>
</div>
<?
exit();
} // end if - no username or password were posted
else{
$this->mysql_connect_func();
$sql = "SELECT * FROM " . $this->security_table . " WHERE username='" . $_POST['username'] . "'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if(mysql_num_rows($result) != 0)
{
if(sha1($_POST['password']) == $row['password'])
{
session_regenerate_id();
$_SESSION['initiated'] = "true";
$_SESSION['username'] = $row['username'];
$_SESSION['authority'] = $row['authority'];
} // end if sha1 of $_POST password == $row password
else {
?>
<div class="main_container">
<div class="form_container">
<?php
echo 'Incorrect password<br><a href="' . $_SERVER['PHP_SELF'] . '">Please try again</a>';
?>
</div>
</div>
<?php
exit();
} // if password is wrong
} // end if no rows with username returned
else{
?>
<div class="main_container">
<div class="form_container">
<?php
echo 'Incorrect username <br><a href="' . $_SERVER['PHP_SELF'] . '">Please try again</a>';
?>
</div>
</div>
<?php
exit();
} // if username not found
} // end else - no username or password were posted
} // end if - check the session !initiated
else { //*THIS IS THE LINE THAT THROWS THE ERROR IN XAMPP AND WAMP*
if($_SESSION['authority'] < $security_level)
{
die("security clearance insufficient");
}
} // end else - check the session !initiated
} // end if $security_level <= 0
} // end of function security()
}
我很抱歉这是一大堆代码,我无法想出一个合理的方法来分解它而不会影响某人帮助我找到错误的能力。如果你们有任何关于将野兽的大小降低到可读性的建议,请说出来!
答案 0 :(得分:1)
我不确定这是否会对您有所帮助 - 但是在第67行中,您在;变量之后缺少终端$string。
并且更轻松 - </input>标记不是HTML严格标记的一部分...
使用<input type="submit" value="Sign in" name="submit" />代替