我使用googleAuth进行双因素身份验证并且误差低于
“无法修改标题信息 - 已在第30行的../GoogleAuth/index.php中发送的标题(输出于../GoogleAuth/index.php:2开始)。”
这是index.php
<?php
include("config.php");
if(!empty($_SESSION['uid']))
{
header("Location: device_confirmations.php");
}
include('class/userClass.php');
$userClass = new userClass();
require_once 'googleLib/GoogleAuthenticator.php';
$ga = new GoogleAuthenticator();
$secret = $ga->createSecret();
$errorMsgReg='';
$errorMsgLogin='';
if (!empty($_POST['loginSubmit']))
{
$usernameEmail=$_POST['usernameEmail'];
$password=$_POST['password'];
if(strlen(trim($usernameEmail))>1 && strlen(trim($password))>1 )
{
$uid=$userClass->userLogin($usernameEmail,$password,$secret);
if($uid)
{
$url=BASE_URL.'device_confirmations.php';
header("Location: $url");
}
else
{
$errorMsgLogin="Please check login details.";
}
}
}
if (!empty($_POST['signupSubmit']))
{
$username=$_POST['usernameReg'];
$email=$_POST['emailReg'];
$password=$_POST['passwordReg'];
$name=$_POST['nameReg'];
$username_check = preg_match('~^[A-Za-z0-9_]{3,20}$~i', $username);
$email_check = preg_match('~^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$~i', $email);
$password_check = preg_match('~^[A-Za-z0-9!@#$%^&*()_]{6,20}$~i', $password);
if($username_check && $email_check && $password_check && strlen(trim($name))>0)
{
$uid=$userClass->userRegistration($username,$password,$email,$name,$secret);
if($uid)
{
$url=BASE_URL.'device_confirmations.php';
header("Location: $url");
}
else
{
$errorMsgReg="Username or Email already exits.";
}
}
else
{
$errorMsgReg="Enter valid details.";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification using Google Authenticator</title>
<link rel="stylesheet" type="text/css" href="style.css" charset="utf-8" />
</head>
<body>
<div id="container">
<h1>2-Step Verification using Google Authenticator</h1>
<div id="login">
<h3>Login</h3>
<form method="post" action="" name="login">
<label>Username or Email</label>
<input type="text" name="usernameEmail" autocomplete="off" />
<label>Password</label>
<input type="password" name="password" autocomplete="off"/>
<div class="errorMsg"><?php echo $errorMsgLogin; ?></div>
<input type="submit" class="button" name="loginSubmit" value="Login">
</form>
</div>
<div id="signup">
<h3>Registration</h3>
<form method="post" action="" name="signup">
<label>Name</label>
<input type="text" name="nameReg" autocomplete="off" />
<label>Email</label>
<input type="text" name="emailReg" autocomplete="off" />
<label>Username</label>
<input type="text" name="usernameReg" autocomplete="off" />
<label>Password</label>
<input type="password" name="passwordReg" autocomplete="off"/>
<div class="errorMsg"><?php echo $errorMsgReg; ?></div>
<input type="submit" class="button" name="signupSubmit" value="Signup">
</form>
</div>
</div>
</body>
</html>
device_confirmation.php
<?php
include('config.php');
if(empty($_SESSION['uid']))
{
header("Location: index.php");
}
include('class/userClass.php');
$userClass = new userClass();
$userDetails=$userClass->userDetails($_SESSION['uid']);
$secret=$userDetails->google_auth_code;
$email=$userDetails->email;
require_once 'googleLib/GoogleAuthenticator.php';
$ga = new GoogleAuthenticator();
$qrCodeUrl = $ga->getQRCodeGoogleUrl($email, $secret,'9lessons Demos');
?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification using Google Authenticator</title>
<link rel="stylesheet" type="text/css" href="style.css" charset="utf-8" />
</head>
<body>
<div id="container">
<h1>2-Step Verification using Google Authenticator</h1>
<div id='device'>
<p>Enter the verification code generated by Google Authenticator app on your phone.</p>
<div id="img">
<img src='<?php echo $qrCodeUrl; ?>' />
</div>
<form method="post" action="home.php">
<label>Enter Google Authenticator Code</label>
<input type="text" name="code" />
<input type="submit" class="button"/>
</form>
</div>
<div style="text-align:center">
<h3>Get Google Authenticator on your phone</h3>
<a href="https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8" target="_blank"><img class='app' src="images/iphone.png" /></a>
<a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en" target="_blank"><img class="app" src="images/android.png" /></a>
</div>
</div>
</body>
</html>
的config.php
<?php
session_start();
/* DATABASE CONFIGURATION */
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'demos');
define("BASE_URL", "http://localhost/GoogleAuth/"); // Eg. http://yourwebsite.com
function getDB()
{
$dbhost=DB_SERVER;
$dbuser=DB_USERNAME;
$dbpass=DB_PASSWORD;
$dbname=DB_DATABASE;
try {
$dbConnection = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
$dbConnection->exec("set names utf8");
$dbConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $dbConnection;
}
catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
}
?>
和home.php
<?php
include('config.php');
include('class/userClass.php');
$userClass = new userClass();
$userDetails=$userClass->userDetails($_SESSION['uid']);
if($_POST['code'])
{
$code=$_POST['code'];
$secret=$userDetails->google_auth_code;
require_once 'googleLib/GoogleAuthenticator.php';
$ga = new GoogleAuthenticator();
$checkResult = $ga->verifyCode($secret, $code, 2); // 2 = 2*30sec clock tolerance
if ($checkResult)
{
$_SESSION['googleCode']=$code;
}
else
{
echo 'FAILED';
}
}
include('session.php');
$userDetails=$userClass->userDetails($session_uid);
?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification using Google Authenticator</title>
<link rel="stylesheet" type="text/css" href="style.css" charset="utf-8" />
</head>
<body>
<div id="container">
<h1>Welcome <?php echo $userDetails->name; ?></h1>
<pre>
<?php print_r($userDetails); ?>
</pre>
<h4><a href="<?php echo BASE_URL; ?>logout.php">Logout</a></h4>
</div>
</body>
</html>
请告诉我错误的地方
答案 0 :(得分:1)
在开始向浏览器发送输出后使用header和setcookie等函数时会发生这种情况。在您开始发送请求正文后,不能更改HTTP标头,因此您需要确保在调用这些函数之前不会发送任何内容。
这就是为什么将PHP代码与输出生成(HTML)分开是一个好主意的原因之一。大多数主要的PHP框架都是通过使用单独的模板引擎来实现的,例如Twig或Smarty。
如果你有一个很糟糕的大型项目,那么在需要设置标题后确保输出是过分的,你可以使用PHP的Output Control函数作为快速解决方法。