我把“用户名”和“密码”放到我的一个表单中。该操作启动了handler.php。 如果用户没有在handler.php重新加载他的浏览器,那么用户只会看到一个白页(handler.page)。如果他这样做,处理程序会让他回到index.php。
我想让用户在handler.php之后自动回到主页,在那里他获得了登录-cookie。
我的 handler.php
中有以下内容$email = $_POST['email'];
$username = $_POST['username'];
$passhash_md5 = $_POST['passhash_md5'];
// COOKIE setting
/* $cookie may look like this
variables
$username = "username"$
$passhash_md5 = "password"$
$email ="email"$
$_SERVER['REMOTE_ADDR']=11.44.23.94$
before md5:$
"usernamepasshash_md5email11.44.23.94"$
after md5:$
"a08d367f31feb0eb6fb51123b4cd3cb7"$
*/
$login_cookie = md5(
$username .
$password .
$email .
$_SERVER['REMOTE_ADDR']
);
setcookie ("login", $login_cookie);
if (isset($_COOKIE['login']) )
{
$sql2 = "SELECT * from users";
$raw_user_list = pg_query($dbconn, $sql2);
$user_list = pg_fetch_all($raw_user_list);
// to process each user in the user-list that has a password
foreach ($user_list as $user => $passhash_md5)
{
//match the user list with the cookie$
if ( $login_cookie == $_COOKIE['login'] )
{
header("Location: index.php");
die("logged in");
}
}
header("Location: index.php");
die("wrong username/password");
}
?>
我有一个使用POST方法的表单,操作是handler.php。
我的表单
<form method="post" action="handler.php">
<p>Username:
<input name="username" type="text" size="40" />
</p>
<p>Email:
<input name="email" type="text" size="230" />
</p>
<p>Password:
<input name="password" type="password" size="230" />
</p>
<input type="submit" value="OK" />
</form>
AJAX没有调用处理程序页面。
我使用HEAD运行处理程序页面失败:
<head>
<meta http-equiv="refresh" content="5; URL=inedx.php">
</head>
但是,我不能包含HEAD,因为PHP在使用header -commands时不允许输出。
如果登录成功,如何将用户自动置于index.php?
答案 0 :(得分:3)
这应该是您的基本设置
首先,用户进入登录页面并输入用户名/密码。我们称之为login.php。然后它将这些东西发送到handler.php
HTML
<form method="POST" action="handler.php">
<input type="text" name="login[user]">
<input type="password" name="login[password]">
</form>
然后,处理程序脚本接收POST数据,处理if,如果密码哈希匹配,则设置cookie并重定向回索引页。
登录脚本
// Check for a Login Form
if (isset($_POST['login']) )
{
// Get the Data
$sql2 = "SELECT * from users";
$raw_user_list = pg_query($dbconn, $sql2);
$user_list = pg_fetch_all($raw_user_list);
// Go through each User
foreach ($user_list as $user => $passhash_md5)
{
// Check if the passwords match
if ( $passhash_md5 == md5($_POST['login']['password'] ))
{
// YOU NEED TO CREATE A COOKIE HERE
header("Location: index.php");
die("logged in");
}
}
header("Location: index.php");
die("wrong username/password");
}
然后,在您要检查登录的每个页面上,如果他们没有设置登录cookie,则会将某个人重定向。您可以展开它以检查正确的登录cookie。
每一页
// Check for a Cookie
if(!$_COOKIE['login'])
{
header('Location: login.php');
die("User Required");
}
我不太确定你在那里尝试做什么,但这是如何创建基本登录表单的基本设置。
如果您尝试检查传入表单的组合是否与Cookie相同,请尝试以下操作:
// Set the Variables
$email = $_POST['email'];
$username = $_POST['username'];
$passhash_md5 = $_POST['passhash_md5'];
// COOKIE setting
/* $cookie may look like this
variables
$username = "username"$
$passhash_md5 = "password"$
$email ="email"$
$_SERVER['REMOTE_ADDR']=11.44.23.94$
before md5:$
"usernamepasshash_md5email11.44.23.94"$
after md5:$
"a08d367f31feb0eb6fb51123b4cd3cb7"$
*/
// Set what the cookie should look like
$login_cookie = md5(
$username .
$password .
$email .
$_SERVER['REMOTE_ADDR']
);
// Check For the Cookie
if (isset($_COOKIE['login']) )
{
// Check if the Login Form is the same as the cookie
if ( $login_cookie == $_COOKIE['login'] )
{
header("Location: index.php");
die("logged in");
}
header("Location: index.php");
die("wrong username/password");
}
我取出了数据库部分,因为你没有在任何代码中使用数据库部分,所以没关系。看起来你并没有试图记录某人,而是检查他们为他们的机器设置的cookie是否包含他们在表单上传递的字符串。
好的,最终版,希望
// Set the Variables
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
// COOKIE setting
/* $cookie may look like this
variables
$username = "username"$
$passhash_md5 = "password"$
$email ="email"$
$_SERVER['REMOTE_ADDR']=11.44.23.94$
before md5:$
"usernamepasshash_md5email11.44.23.94"$
after md5:$
"a08d367f31feb0eb6fb51123b4cd3cb7"$
*/
// Set what the cookie should look like
$login_cookie = md5(
$username .
$password .
$email .
$_SERVER['REMOTE_ADDR']
);
// Check For the Cookie
if (isset($_COOKIE['login']) )
{
// Check if the Login Form is the same as the cookie
if ( $login_cookie == $_COOKIE['login'] )
{
header("Location: index.php");
die("logged in");
}
header("Location: index.php");
die("wrong username/password");
}
// If no cookie, try logging them in
else
{
$sql2 = sprintf("SELECT * from users WHERE passhash_md5='%s',
pg_escape_string($login_cookie));
$raw_user_list = pg_query($dbconn, $sql2);
if ($user = pg_fetch_row($raw_user_list)) {.
setcookie('login', $login_cookie);
header("Location: index.php");
die("logged in");
} else {
header("Location: index.php");
die("wrong username/password");
}
}
由Rezzif提供的Sprintf和Where子句
答案 1 :(得分:2)
作为旁注,您是否真的要浏览整个用户表以查看此人是否拥有有效登录信息?
你应该真的使用where子句!
$sql2 = sprintf("SELECT * from users WHERE UserName = '%s' AND UserPass = '%s'",
pg_escape_string($_COOKIE['login']),
pg_escape_string($passhash_md5));
$raw_user_list = pg_query($dbconn, $sql2);
if ($user = pg_fetch_row($raw_user_list)) {
//Login valid
} else {
//Login invalid
}
与pg不同,但我希望有所帮助。
答案 2 :(得分:1)
由于你遗漏了if语句之上的所有内容,所以无法分辨。但看起来你需要一个案例,当时没有设置$ _COOKIE ['login']
修改
看起来你的逻辑有点搞砸了。您未设置任何类型的会话变量以指示用户何时进行身份验证。所以你没有什么可以在你的其他页面上检查,说用户已登录。此外,你的foreach正在用结果行覆盖$ passhash_md5值:
foreach ($user_list as $user => $passhash_md5)
您需要做的可能是:
foreach ($user_list as $user)
然后针对包含数据库中md5哈希的列(例如:$user['md5hash'] == $login_cookie)检查cookie。你现在如何拥有它,你只是检查1 = 1,因为你是$_COOKIE['login']到$login_cookie,然后再检查一下这些相同的变量是否相等。
您对$_COOKIE的全部使用似乎是不必要的。您确实应该使用$_SESSION变量而不是脚本中的所有内容。首先,您需要使用where语句根据发布的信息查询数据库。如果用户已通过身份验证,则应设置会话变量以指示他们已通过身份验证。类似的东西:
$_SESSION['loggedin'] = true;
通过这种方式,您可以查看其他页面以查看if($_SESSION['loggedin'] === true),如果是,则将其重定向到登录页面。我建议使用这些建议重写您的登录系统,而不是使用现有的。
答案 3 :(得分:0)
这是基于Cha,Mark和rezzif答案的答案。
<?php
// independent variables
$dbHost = "localhost";
$dbPort = 5432;
$dbName = "masi";
$dbUser = "masi";
$dbPassword = "123456";
$conn = "host=$dbHost port=$dbPort dbname=$dbName user=$dbUser password=$dbPassword";
$dbconn = pg_connect($conn);
if(!$dbconn) {
exit;
}
$sql = "SELECT username, passhash_md5, email
FROM users
WHERE username = '{$_POST['username']}'
AND email = '{$_POST['email']}'
AND passhash_md5 = '{$_POST['password']}';";
$result = pg_query($dbconn, $sql);
if(!$result) {
exit;
}
$username = $_POST['username'];
$password = $_POST['password'];
$passhash_md5 = md5($_POST['password']);
// COOKIE setting
/* $cookie may look like this:
variables
$username = "username"
$passhash_md5 = "password"
before md5:
"usernamepasshash_md5"
after md5:
"a08d367f31feb0eb6fb51123b4cd3cb7"
*/
$login_cookie = md5(
$username .
$password
);
$sql3 = "SELECT passhash_md5
FROM users
WHERE username=$_POST['username'];";
$password_data_original = pg_query($dbconn, $sql3);
while ($row = pg_fetch_row($data)) {
$password_original = $row[0];
}
$login_cookie_original = md5(
$username .
$password_original
);
// Check for the Cookie
if (isset($_COOKIE['login']) )
{
// Check if the Login Form is the same as the cookie
if ( $login_cookie_original == $login_cookie )
{
header("Location: index.php");
die("logged in");
}
header("Location: index.php");
die("wrong username/password");
}
// If no cookie, try logging them in
else {
// we do not want SQL injection so we use pg_escape_string
$sql2 = sprintf("SELECT * from users
WHERE passhash_md5='%s',
pg_escape_string($login_cookie));
$raw_user_list = pg_query($dbconn, $sql2);
if ($user = pg_fetch_row($row_user_list)) {
setcookie ("login", $login_cookie);
header("Location: index.php");
die("logged in");
} else {
header("Location: index.php");
die("wrong username/password");
}
}
pg_close($dbconn);
?>