我正在研究一个项目,我认为这是一个简单的解决方案。我只是没有看到它。
您可以访问www.thriftstoresa.com查看实际网站,问题在于登录页面(http://www.thriftstoresa.com/Login.php)
有效的用户名是'none',密码是'password'。
我遇到的问题是我总是返回“密码不正确,请再试一次。”
任何帮助将不胜感激。你可能会说,我是PHP的新手。感谢
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Acme Online</title>
<script src="formenhance.js"></script>
<style type="text/css">
<!--
p.MsoNormal {
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Cambria;
}
-->
</style>
<link href="styles/main.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php // Connect to Database
mysql_connect(LEFT OUT OF THE CODE ON PURPOSE) or die(mysql_error());
mysql_select_db( 'thriftstoresa.com') or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directs to the catalog page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM acme WHERE Username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: catalog.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM acme WHERE Username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user doesn't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=contact.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: contact.php");
}
}
}
else
{
// if they are not logged in
?>
<div id="wrapper">
<section id="leftcolumn">
<nav id="navigation"><li><a href="#">Login</a></li>
<li><a href="catalog.php">Catalog</a></li>
<li><a href="contact.php">Contact Us</a></li>
</nav>
</section>
<section id="main">
<div align="center"><img src="images/ACMELogo.png" width="225" height="70" alt=""/></div>
<article id="catalogofitems">
<p class="MsoNormal" align="center" style="text-align:center;border:none;padding:0in;"><span style="font-family:Arial;">Please Log In</span></p>
<p class="MsoNormal" align="center" style="text-align:center;border:none;padding:0in;"> </p>
<p class="MsoNormal" align="center" style="text-align:center;border:none;padding:0in;"><span style="font-family:Arial; ">____________________________________</span></p>
<p class="MsoNormal" align="center" style="text-align:center;"><span style="font-family:Times; "> </span></p>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<p><strong>Member Login</strong></p>
<p>
<label for="textfield">Username:</label>
<input name="username" type="text" size="25" maxlength="22">
</p>
<p>
<label for="password">Password:</label>
<input name="pass" type="password" size="25" maxlength="22">
</p>
<p>
<input name="submit" type="submit" id="Login" value="Login">
</form> <?php } ?>
</p>
<p><strong><a href="contact.php">Create an Account</a></strong></p>
</form>
<p class="MsoNormal" align="center" style="text-align:center;"> </p>
<form id="form1" name="form1" method="post">
<div align="center"></div>
</form>
<p class="MsoNormal" align="center" style="text-align:center;"> </p>
<p class="MsoNormal" align="center" style="text-align:center;"> </p>
<p class="MsoNormal" align="center" style="text-align:center;"><span style="font-family:Times; font-size:8.0pt; ">ACME Corp</span></p>
<p class="MsoNormal" align="center" style="text-align:center;"><span style="font-family:Times; font-size:8.0pt; ">Trademark of the ACME Company and Distribution</span></p>
<p class="MsoNormal" align="center" style="text-align:center;"><span style="font-family:Times; font-size:8.0pt; ">1920-2013, a part of Road Runner Conglomerate</span></p>
<p class="MsoNormal" align="center" style="text-align:center;"></p>
</article>
</section>
<section id="rightcolumn"><img src="images/Wiley_ACME_LOGO.jpg" width="315" height="234" alt=""/> </section>
</div>
</body>
</html>
答案 0 :(得分:0)
您应该考虑使用https://github.com/auraphp/Aura.Auth之类的内容。你所展示的代码正在引发更多问题,正如tadman在评论中已经提到的那样。
答案 1 :(得分:0)
所以我会指出一些我认为可以帮助你的事情。首先,如果你只是学习php然后忘记mysql并学习mysqli。因为它将不再存在于较新的PHP版本中。
话虽如此,让我们来看看你得到了什么。
//cookie only when they have entered in a correct login and password
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
//needs to have another `|`
if(!$_POST['username'] || !$_POST['pass']) {
//here your checking md5($_POST['password']) against $info['password']
if ($_POST['pass'] != $info['password']) { //is info password md5() hashed?
这是一个建议,这可能会节省您的代码时间
$sql="SELECT * FROM users WHERE email=\"".$email."\" AND md5(password)=\"".md5($password)."\"";
$query=mysql_query($sql);
if(mysql_num_rows($query)==0)
{
echo "Incorrect Login";
}
else
{
$row = mysql_fetch_array($query);
//set your cookies here
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$_SESSION['user_id-'.$_SERVER['SERVER_NAME']]=mysql_result($query,0);
//set a session of logged in by your server name and mysql_result and i would use an identifying ID number for every user.
echo "Successfully Logged In";
}
//to check if some one is logged in
if(!empty($_SESSION['user_id-'.$_SERVER['SERVER_NAME']])) redirect("index.php?action=alreadyloggedin");
//session variable can be w/e you want
我也不会使用md5而不是sha1