我正在尝试在网站上实施登录系统。
这是文件结构:
-main_login.php
-checklogin.php
- 包括/ functions.php的
- 包括/ loginform.php
这个项目在我的服务器上工作正常,但今天我已将所有文件迁移到新服务器,现在我在checklogin.php上收到以下错误:
致命错误:在第55行的/includes/loginform.php中调用未定义的函数password_verify()
在文件loginform.php中,错误消息是: 致命错误:第4行的/includes/loginform.php中找不到“DbConn”类
我应该改变什么?我只将所有文件迁移到新服务器。
这些是文件:
checklogin.php
// Define $myusername and $mypassword
$username = $_POST['myusername'];
$password = $_POST['mypassword'];
// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$response = '';
$loginCtl = new LoginForm;
$conf = new GlobalConf;
$lastAttempt = checkAttempts($username);
$max_attempts = $conf->max_attempts;
//First Attempt
if ($lastAttempt['lastlogin'] == '') {
$lastlogin = 'never';
$loginCtl->insertAttempt($username);
$response = $loginCtl->checkLogin($username, $password);
} elseif ($lastAttempt['attempts'] >= $max_attempts) {
//Exceeded max attempts
$loginCtl->updateAttempts($username);
$response = $loginCtl->checkLogin($username, $password);
} else {
$response = $loginCtl->checkLogin($username, $password);
};
if ($lastAttempt['attempts'] < $max_attempts && $response != 'true') {
$loginCtl->updateAttempts($username);
$resp = new RespObj($username, $response);
$jsonResp = json_encode($resp);
echo $jsonResp;
} else {
$resp = new RespObj($username, $response);
$jsonResp = json_encode($resp);
echo $jsonResp;
}
unset($resp, $jsonResp);
ob_end_flush();
的functions.php
<?php
//Class Autoloader
spl_autoload_register(function ($className) {
$className = strtolower($className);
$path = "includes/{$className}.php";
if (file_exists($path)) {
require_once($path);
} else {
die("The file {$className}.php could not be found.");
}
});
function checkAttempts($username)
{
try {
$db = new DbConn;
$conf = new GlobalConf;
$tbl_attempts = $db->tbl_attempts;
$ip_address = $conf->ip_address;
$err = '';
$sql = "SELECT Attempts as attempts, lastlogin FROM ".$tbl_attempts." WHERE IP = :ip and Email = :username";
$stmt = $db->conn->prepare($sql);
$stmt->bindParam(':ip', $ip_address);
$stmt->bindParam(':username', $username);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return $result;
$oldTime = strtotime($result['lastlogin']);
$newTime = strtotime($datetimeNow);
$timeDiff = $newTime - $oldTime;
} catch (PDOException $e) {
$err = "Error: " . $e->getMessage();
}
//Determines returned value ('true' or error code)
$resp = ($err == '') ? 'true' : $err;
return $resp;
};
function mySqlErrors($response)
{
//Returns custom error messages instead of MySQL errors
switch (substr($response, 0, 22)) {
case 'Error: SQLSTATE[23000]':
echo "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">×</button>Username or email already exists</div>";
break;
default:
echo "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">×</button>An error occurred... try again</div>";
}
};
loginform.php
<?php
class LoginForm extends DbConn
{
public function checkLogin($myusername, $mypassword)
{
$conf = new GlobalConf;
$ip_address = $conf->ip_address;
$login_timeout = $conf->login_timeout;
$max_attempts = $conf->max_attempts;
$timeout_minutes = $conf->timeout_minutes;
$attcheck = checkAttempts($myusername);
$curr_attempts = $attcheck['attempts'];
$datetimeNow = date("Y-m-d H:i:s");
$oldTime = strtotime($attcheck['lastlogin']);
$newTime = strtotime($datetimeNow);
$timeDiff = $newTime - $oldTime;
try {
$db = new DbConn;
$tbl_members = $db->tbl_members;
$err = '';
} catch (PDOException $e) {
$err = "Error: " . $e->getMessage();
}
$stmt = $db->conn->prepare("SELECT * FROM ".$tbl_members." WHERE email = :myusername");
$stmt->bindParam(':myusername', $myusername);
$stmt->execute();
// Gets query result
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($curr_attempts >= $max_attempts && $timeDiff < $login_timeout) {
//Too many failed attempts
$success = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">×</button>Has superado el n�mero m�ximo permitido de intentos... favor de esperar ".$timeout_minutes." minutos antes de intentarlo otra vez</div>";
} else {
//If max attempts not exceeded, continue
// Checks password entered against db password hash
if (password_verify($mypassword, $result['password']) && $result['verified'] == '1') {
//Success! Register $myusername, $mypassword and return "true"
$success = 'true';
session_start();
$_SESSION['username'] = $myusername;
$_SESSION['nombre'] = $result['nombre']." ".$result['apellidos'];
$_SESSION['foto'] = $result['foto_usuario'];
$_SESSION['nivel'] = $result['nivel_usuario'];
$_SESSION['cargo'] = $result['cargo_usuario'];
$_SESSION['nivel'] = $result['nivel_usuario'];
$_SESSION['agencia'] = $result['agencia_usuario'];
$_SESSION['desde'] = $result['mod_timestamp'];
} elseif (password_verify($mypassword, $result['password']) && $result['verified'] == '0') {
//Account not yet verified
$success = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">×</button>Your account has been created, but you cannot log in until it has been verified</div>";
} else {
//Wrong username or password
$success = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">×</button>ERROR, usuario o contrase�a no correctos</div>";
}
}
return $success;
}
public function insertAttempt($username)
{
try {
$db = new DbConn;
$conf = new GlobalConf;
$tbl_attempts = $db->tbl_attempts;
$ip_address = $conf->ip_address;
$login_timeout = $conf->login_timeout;
$max_attempts = $conf->max_attempts;
$datetimeNow = date("Y-m-d H:i:s");
$attcheck = checkAttempts($username);
$curr_attempts = $attcheck['attempts'];
$stmt = $db->conn->prepare("INSERT INTO ".$tbl_attempts." (ip, attempts, lastlogin, email) values(:ip, 1, :lastlogin, :username)");
$stmt->bindParam(':ip', $ip_address);
$stmt->bindParam(':lastlogin', $datetimeNow);
$stmt->bindParam(':username', $username);
$stmt->execute();
$curr_attempts++;
$err = '';
} catch (PDOException $e) {
$err = "Error: " . $e->getMessage();
}
//Determines returned value ('true' or error code)
$resp = ($err == '') ? 'true' : $err;
return $resp;
}
public function updateAttempts($username)
{
try {
$db = new DbConn;
$conf = new GlobalConf;
$tbl_attempts = $db->tbl_attempts;
$ip_address = $conf->ip_address;
$login_timeout = $conf->login_timeout;
$max_attempts = $conf->max_attempts;
$timeout_minutes = $conf->timeout_minutes;
$att = new LoginForm;
$attcheck = checkAttempts($username);
$curr_attempts = $attcheck['attempts'];
$datetimeNow = date("Y-m-d H:i:s");
$oldTime = strtotime($attcheck['lastlogin']);
$newTime = strtotime($datetimeNow);
$timeDiff = $newTime - $oldTime;
$err = '';
$sql = '';
if ($curr_attempts >= $max_attempts && $timeDiff < $login_timeout) {
if ($timeDiff >= $login_timeout) {
$sql = "UPDATE ".$tbl_attempts." SET attempts = :attempts, lastlogin = :lastlogin where ip = :ip and email = :username";
$curr_attempts = 1;
}
} else {
if ($timeDiff < $login_timeout) {
$sql = "UPDATE ".$tbl_attempts." SET attempts = :attempts, lastlogin = :lastlogin where ip = :ip and email = :username";
$curr_attempts++;
} elseif ($timeDiff >= $login_timeout) {
$sql = "UPDATE ".$tbl_attempts." SET attempts = :attempts, lastlogin = :lastlogin where ip = :ip and email = :username";
$curr_attempts = 1;
}
$stmt2 = $db->conn->prepare($sql);
$stmt2->bindParam(':attempts', $curr_attempts);
$stmt2->bindParam(':ip', $ip_address);
$stmt2->bindParam(':lastlogin', $datetimeNow);
$stmt2->bindParam(':username', $username);
$stmt2->execute();
}
} catch (PDOException $e) {
$err = "Error: " . $e->getMessage();
}
//Determines returned value ('true' or error code) (ternary)
$resp = ($err == '') ? 'true' : $err;
return $resp;
}
}
答案 0 :(得分:1)
看来您的PHP版本可能已过时(您提到最近已切换主机)。 password_verify()函数的PHP's documentation表示它适用于版本 5.5.0 及以上版本。
您可以通过在页面上运行以下PHP代码来检查当前的PHP版本:
<?php phpversion(); ?>
如果需要,您可能需要主持人为您升级PHP版本(对于安全性而言,这通常是个好主意。)