Page Keep the echo" Front Page而不是"会员访问"

时间:2014-06-02 04:43:48

标签: php

我的登录表单基于"令牌"验证虽然一切似乎都运行正常但它总是回应" Front Page而不是"会员访问"。 我有错误报告。

<body>
    <?php
    if (isset($_POST['login'])) {
        include('test.php');

        $login = new login();

        if($login->isLoggedIn())
            header('location: home.php');
        else
            $login->showErrors();
    }
    $token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
    ?>  

    <form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
        <table>
            <tr><td>Username:</td><td><input type="text" name="username" /></td></td>
            <tr><td>Password:</td><td><input type="password" name="password" /></td></td>
        </table>
        <input type="hidden" name="token" value="<?php echo "$token"; ?>" />
        <input type="submit" name="login" value="Login" />
</body>

并测试php:

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

class login
{
if(isset($_POST['login'])){
private $_id;
private $_username;
private $_password;
private $_passwordmd5;
}
private $_errors;
private $_access;
private $_login;
private $_token;

public function __construct()
{
    $this->_errors = array();
    $this->_login = isset($_POST['login'])? 1 : 0;
    $this->_access = 0;
    $this->_token = $_POST['token'];

    $this->_id = 0;
    $this->_username = ($this->_login)? $this->filter($_POST['username']) : $_SESSION['username'];
    $this->_password = ($this->_login)? $this->filter($_POST['password']) : '';
    $this->_passwordmd5 = ($this->_login)? md5($this->_password) : $_SESSION['password'];
}

public function isLoggedIn()
{
    ($this->_login)? $this->verifyPost() : $this->verifySession();
    return $this->_access;
}

public function filter($var)
{
    return preg_replace('/[^a-zA-Z0-9]/','',$var);
}

public function verifyPost()
{
    try
    {
        if(!$this->isTokenValid())
            throw new exception('Invalid Form Token');

        if(!$this->isDataValid())
            throw new exception('Invalid Username & Password Criteria');

        if(!$this->verifyDatabase())
            throw new exception('Not able to connect');

        $this->_access=1;
        $this->registerSession();
    }
    catch (exception $e)
    {
    $this->_errors[] = $e->getMessage();
    }
}

public function verifySession()
{
if($this->sessionExist() && $this->verifyDatabase())
 $this->_access = 1;
}

public function verifyDatabase()
{
// Database Connection
$con=mysqli_connect("localhost","","");
if (!$con) { die("Database connection failed: " . mysqli_error($con));}
$db_select=mysqli_select_db($con, "");
if (!$db_select) { die("Database selection failed: " . mysqli_error($con));}

$data = "SELECT id FROM users WHERE username='$this->_username' AND password='$this->_passwordmd5'";

if (mysqli_num_rows($con, $data) == 0)
 {
 list($this->_id) = @array_values(mysqli_fetch_assoc($data));
 return true;
 }
else
 { return false; }

}

public function isDataValid()
{
return (preg_match('/^[a-zA-Z0-9](5-15)$/',$this->_username) && preg_match('/^[a-zA-Z0-9](5-20)$/',$this->_password))? 0 : 1;
}

public function isTokenValid()
{
return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;
}

public function registerSession()
{
$_SESSION['ID'] = $this->_id;
$_SESSION['username'] = $this->_username;
$_SESSION['password'] = $this->_passwordmd5;
}

public function sessionExist()
{
return (!isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0;
}

public function showErrors()
{
echo "<h3>Errors</h3>";

foreach($this->_errors as $key=>$value)
    echo $value."<br>";
}
}
?>

首页php:

session_start();
include('test.php');

$login = new login();

if($login->isLoggedIn())
echo "Member Access";
else echo
"Front Page";

寻找愿意帮助的人。

1 个答案:

答案 0 :(得分:0)

你的函数isTokenValid正在返回与它应该相反的东西。基本上你有:

return $invalidToken ? 1 : 0;

如果令牌不匹配,则返回1。将其反转为? 0 : 1;或简化并返回布尔值:

return isset($_SESSION['token']) && $this->_token === $_SESSION['token'];
相关问题
最新问题