我的登录有问题,登录工作检查html表单,信息正确,它会登录到登录页面。我在检查信息后在登录页面设置用户名和用户ID但服务器似乎不会保存信息。奇怪的是,如果我退出然后使用登录网站工作注册用户名等登录我检查信息然后将用户名设置为变量然后做
if(empty($_SESSION['username']))
{
echo "Somthing went wrong";
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=logout.php">';
}
但是,一旦我第一次去网站,这不会再次触发我需要先查看注销页面才能退出,即使我没有登录,当然注销只会破坏会话。
if (isset($_POST["Username"]) && !empty($_POST["Username"])) {
$salt= "";
$username23 = mysql_real_escape_string($_POST['Username']);
$thereusername = strip_tags($username23);
$password2= sha1 ($salt.$_POST["password"]);
$statement = $db->prepare("SELECT * FROM users WHERE username = ? AND password = ? ");
$statement->execute(array($thereusername,$password2));
$count = $statement->rowCount();
/// If usernam and password match we carry on
if ($count == "1"){
$username23 = mysql_real_escape_string($_POST['Username']);
$thereusername = strip_tags($username23);
$statement8 = $db->prepare("SELECT * FROM users WHERE username = ? ");
$statement8->execute(array($thereusername));
$count8 = $statement8->fetch();
$username233 = mysql_real_escape_string($count8['id']);
$_SESSION['userid'] = strip_tags($username233);
$_SESSION['username'] = $thereusername ;
if(empty($_SESSION['username'])){
echo "Somthing went wrong";
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=logout.php">';
}
if(empty($_SESSION['userid']))
{
echo "Somthing went wrong";
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=logout.php">';
}
echo "You are now being logged in";
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=dashboard.php">';
exit;
echo "works";
}
};
?>
<form action="login.php" method="post">
<div class="row">
<div class="form-group col-sm-6">
<label for="exampleInputEmail1">Username</label>
<input class="form-control" type="text" value="Artisanal kale" name= "Username" id="Username">
</div>
<div class="form-group col-sm-6">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" name= "password" id="password"placeholder="Password">
</div>
</div>
<div class="row">
<div class="col-sm-4">
<p> <input type="submit" value="Submit" class="btn theme-btn"> </p>
</div>
</div>
</form>
我当然使用会话开始在页面顶部登录后它将我带到登录页面但不会显示用户名或任何信息我已完成print_r会话并获取Array()我然后去注销.php和登录,所有工作完美的服务器错误或PHP错误?
答案 0 :(得分:0)
首先,不要使用自己的密码salt / encrypt,您需要使用password_hash()来保存密码哈希值和password_verify()(或等效的bcrypt)来检查哈希密码与提交的密码。其次,如上所述,您需要专门使用PDO。最后,您需要创建一些类来使脚本更易于管理并且更容易进行故障排除。这更复杂,因为有很多部分需要实现,但这是您应该使用登录等的基本示例。我建议,如果你不理解大部分内容,你可能应该下载一个框架,因为这种类型的东西很复杂,做得对。框架内置了所有内容,您只需编写脚本的最高级别,大部分内容......
<强> /core/classes/App.php
class App
{
# Storage of global arrays
protected static $GlobalArray = array();
# Returns post trimmed POST array
public function getPost($key=false)
{
if(!isset(self::$GlobalArray['_POST']))
self::$GlobalArray['_POST'] = $this->sanitizeArray($_POST);
if(!empty($key))
return (isset(self::$GlobalArray['_POST'][$key]))? self::$GlobalArray['_POST'][$key] : false;
return self::$GlobalArray['_POST'];
}
# Trims the values
public function sanitizeArray($array)
{
if(!is_array($array))
return trim($array);
foreach($array as $key => $value) {
$array[$key] = $this->sanitizeArray($value);
}
return $array;
}
}
<强> /core/classes/User.php
class User extends App
{
private $con;
public function __construct(\PDO $con)
{
$this->con = $con;
}
public function savePassword($username,$password)
{
# Create the password hash
$hash = password_hash($password);
# Prepare the query and store password hash
$query = $this->con->prepare("UPDATE users SET `password` = ? WHERE `username` = ?");
$query->execute(array($username,$password));
return $this;
}
public function validateUser($username,$password)
{
# Prepare the query to get the user
$query = $this->con->prepare("SELECT * FROM users WHERE `username` = ? LIMIT 1");
$query->execute(array($username));
# Assign password
$user = $query->fetch(\PDO::FETCH_ASSOC);
if(empty($user['password']))
return false;
# Match hash to password
if(!password_verify($password,$user['password']))
return false;
# Return the user data
return $user;
}
}
<强> /core/classes/Session.php
class Session extends App
{
public function toSession($array)
{
foreach($array as $key => $value) {
$_SESSION[$key] = $value;
}
}
# Save to errors array
public function toError($array)
{
foreach($array as $key => $value) {
$_SESSION['errors'][$key] = $value;
}
}
# Get error
public function getError($key=false)
{
if(!empty($key))
return (isset($_SESSION['errors'][$key]))? $_SESSION['errors'][$key] : false;
return (isset($_SESSION['error']))? $_SESSION['error'] : false;
}
# Get value
public function get($key=false)
{
if(!empty($key))
return (isset($_SESSION[$key]))? $_SESSION[$key] : false;
return (isset($_SESSION))? $_SESSION : false;
}
public function start()
{
session_start();
}
public function destroy($key=false)
{
if(!empty($key)) {
if(isset($_SESSION[$key])) {
$_SESSION[$key] = null;
unset($_SESSION[$key]);
}
}
else {
session_destroy();
}
}
}
<强> /config.php
# Create important defines
define('DS',DIRECTORY_SEPARATOR);
define('ROOT_DIR',__DIR__);
define('CORE',ROOT_DIR.DS.'core');
define('CLASSES',CORE.DS.'classes');
define('FUNCTIONS',ROOT_DIR.DS.'functions');
# A class autoloader is a must...
spl_autoload_register(function($class){
$path = str_replace(DS.DS,DS,CLASSES.DS.str_replace('\\',DS,$class).'.php');
if(is_file($path))
include_once($path);
});
# Include connection
include(FUNCTIONS.DS.'functions.php');
# Create connection
$db = mysqlconnect();
# Start the session
$Session = new Session();
$Session->start();
<强> /login.php
# Add our config file
require_once(__DIR__.DIRECTORY_SEPARATOR.'config.php');
# Create application
$App = new User($db);
# Check if submission login
if(!empty($App->getPost("Username"))) {
# Get the user array (returns on validated)
$User = $App->validateUser($App->getPost("Username"),$App->getPost("password"));
# If user is valid
if($User){
$Session->toSession(array(
'userid'=>$User['id'],
'username'=>$User['username']
));
# Redirect & stop
header('Location: dashboard.php');
exit;
}
else {
# Store the error
$Session->toError(array("invalid_login"=>"Invalid username or password"));
# Redirect to error or whatever...
}
}
我还没有真正检查过这个问题,但我已经注意到了,所以你知道做什么(或应该做什么)。您希望始终在每个顶级页面的顶部包含config.php以保持一致性。
使用print_r($Session->get());查看会话数组。另请注意,如果您未正确保存密码哈希,密码检查将无效。