没有错误,但是应该打开登录跟踪页面之后但不能打开登录页面之后

时间:2019-06-11 06:06:56

标签: php angularjs

这是我的登录表单,我想登录我的项目,但是在输入用户ID和密码会话后,未创建并且项目未运行,并且在网络`{“ id”中收到响应:“ 1”,“用户名” :“ admin”,“ login_type”:“ LOGIN_TRACKING”},我将在此处共享session.php文件,其中编写了有关登录会话的代码

include ('../init.php');
include ('fn_common.php');
include ('../tools/email.php');
loadLanguage($gsValues['LANGUAGE']);
header('Content-Type: application/json');
if(@$_POST['cmd'] == 'session_check')
{
    checkUserSession();

    if (checkUserSession2() == true)
    {
        echo 'true';

    }
    else
    {
        echo 'false';
    }
    die;
}

if(@$_POST['cmd'] == 'login')
{
    $username = strtolower($_POST["username"]);
    $password = $_POST["password"];
    $remember_me = $_POST["remember_me"];
    $mobile = $_POST["mobile"];

    // check failed logins limit
    $q = "SELECT * FROM `gs_user_failed_logins` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."' AND dt_login > DATE_SUB(UTC_TIMESTAMP(), INTERVAL 10 MINUTE)";
    $r = mysqli_query($ms, $q);
    $count = mysqli_num_rows($r);

    if ($count >= 10)
    {
        echo 'ERROR_MANY_FAILED_LOGIN_ATTEMPTS';

        //write log
        writeLog('user_access', 'User login: too many failed login attempts. Username: "'.$username.'"');
    }
    else
    {
        $q = "SELECT * FROM `gs_users` WHERE `username`='".$username."' AND `password`='".md5($password)."' LIMIT 1";   

        $r = mysqli_query($ms, $q);

        if ($row = mysqli_fetch_array($r))
        {
            if ($row['active'] == 'true')
            {
                if ($remember_me == 'true')
                {
                     setUserSessionHash($row['id']); 
                }

                // reset session array
                $_SESSION = array();


                setUserSession($row['id']);
                setUserSessionSettings($row['id']);
                setUserSessionCPanel($row['id']);


                if (($gsValues['PAGE_AFTER_LOGIN'] == 'cpanel') && ($_SESSION["cpanel_privileges"] != false))
                {

                    echo 'LOGIN_CPANEL';    
                }
                else
                {

                    echo json_encode(array('id' => $row['id'],'username' => $row['username'],'login_type' => 'LOGIN_TRACKING')); die;
                }

                //write log
                writeLog('user_access', 'User login: successful');


                //update user usage
                updateUserUsage($row['id'], 1, false, false, false);
            }
            else
            {
                echo 'ERROR_ACCOUNT_LOCKED';

                //write log
                writeLog('user_access', 'User login: account locked. Username: "'.$username.'"');
            }
        }
        else
        {
            // insert failed login
            $q = "INSERT INTO `gs_user_failed_logins` (`ip`, `dt_login`) VALUES ('".$_SERVER['REMOTE_ADDR']."','".gmdate("Y-m-d H:i:s")."')";
            $r = mysqli_query($ms, $q);

            echo 'ERROR_USERNAME_PASSWORD_INCORRECT';

            //write log
            writeLog('user_access', 'User login: unsuccessful. Username: "'.$username.'"');
        }
    }

    die;    
}

0 个答案:

没有答案
相关问题
最新问题