我正在尝试在我的网站上使用md5(它只是一个本地的,所以非常好的加密是不必要的),我的登录工作在此之前完美,但现在我已经实现了md5和登录按钮提交我得到一个空白页?我已将错误报告添加到页面顶部但仍然没有。我首先注册了一个用户使用md5哈希密码,然后尝试登录 - 所以登录详细信息是正确的...
这是注册页面的注册页面' register.php'
<div id='form'>
<form method ="post" action="register.php">
<fieldsetclass="fieldset-width">
<legend>
Enter New Details
</legend>
<input type="hidden" name="ID"/>
<label for="email">Email: </label>
<input type = "text" name="email" />
<br/>
<label for ="password"> Password: </label>
<input type = "password" name="password" />
</fieldset>
<input type="submit" value="submit" name="submit" />
<input type="reset" value="clear" />
</form>
<?php
if(isset($_POST['submit'])){
$errorString = ""; // This creates a string to collect any errors
$email = trim($_POST["email"]);
if (empty($email)) {
$errorString = $errorString."<br><font color=red>Please supply an email.";
$email = htmlentities(strip_tags($email)); //removes slashes, striptags and disables html tags
}
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$errorString = $errorString."<br><font color=red>Invalid Email.";
}
$password = trim($_POST["password"]);
if (empty($password)) {
print $errorString = $errorString."<br><font color=red>Please supply a password.";
$password = htmlentities(strip_tags($password));
}
// check if there were any errors
else { //There wer No errors. Insert the data
$connection = mysqli_connect('localhost', 'c3410801', 'tatiana1', 'c3410801')
or exit ("Unable to connect");
$id = mysqli_insert_id($connection);
$password = md5($_POST["password"]); // creates encryption for the users password
$query= "INSERT INTO users (ID, password, email) VALUES ('$id','$password','$email')";
$result = mysqli_query($connection,$query) or exit ("Error in query: $query. ".mysqli_error());
// print message with ID of inserted record
print "<br/>Thankyou for registering $email <br />
Your password is encrypted as: $password <br/>
please login with this and supply a new password";
print "<br/><a href=\"homepage.php\">Login</a>";
}// End else - there where no errors
}//End 'if submit'
?>
</div>
</body>
</html>
这是主页,其中包含登录表单 - &#39; homepage.php
<?php
session_start();
// Check if we have already created a authenticated session
?><!doctype html>
<html lang="en">
<head>
<link href='http://fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet' type='text/css'>
<title>Style Boutique</title>
<link rel="stylesheet" href="gumby/css/gumby.css">
<link rel="stylesheet" href="custom.css">
</head>
<body>
<header>
<p><IMG class="displayed" src="logo.png" alt="Logo">
<div id="nav">
<ul>
<li><a href="homepage.php">HOME</a></li>
<li><a href="clothes.php">CLOTHES</a>
<li><a href="shoes.php">SHOES</a>
<li><a href="accessories.php">ACCESSORIES</a></li>
<li><a href="register.php">REGISTER</a></li>
</ul>
</li>
<br class="clearboth"/>
</div>
<div id= "form">
<h2>Login</h2>
<?php
if (isset($_SESSION["authenticatedUserEmail"])) {
echo 'Welcome back <br/>'.$_SESSION["authenticatedUserEmail"]. '<br/>';
echo '<a href="logout.php">logout</a> | <a href="account.php">my account</a>';
} else {
if(isset($_GET['form']) && $_GET['form']=='invalid') {
echo "<font color=red>Must enter Username <br/> and Password</font>";
}
if(isset($_GET['user']) && $_GET['user']=='invalid') {
echo "<font color=red>Invalid User</font>";
}
if(isset($_GET['email']) && $_GET['email']=='invalid') {
echo "<font color=red>Invalid email</font>";
}
?>
<form method="post" action="loginaction.php">
Email:
<input type="text" size=10 maxlength=40 name="email"></br>
Password:
<input type="password" size=10 maxlength=15 name="password"><br/>
<input name="submit" type="submit" value="Log in">
<input name="reset" type="reset" value="Clear">
</form>
<?php
if(isset($_GET['logout']) && $_GET['logout']=='success') {
echo "<font color=blue>Logout success</font>";
}
}
?>
</div>
<div id="content">
<a href="womens_shoes.php"><img src="boots1.jpg" style="float:left;" /></a>
<img src="girl.png" style="float:left;" />
<a href="womens_shoes.php"><img src="home.png" style="float:right;" /></a>
<a href="register.php"><img src="signup.png" style="float:left;" /></a>
<div id="bottom">
</div>
</div>
</body>
</html>
最后我的loginaction.php,这连接到表单,似乎是这里的问题
<?php
error_reporting(E_ALL | E_STRICT);
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
session_start();
$connection = mysqli_connect('localhost', 'c3410801', 'tatiana1', 'c3410801')
or exit ("Unable to connect");
$email = trim($_POST["email"]);
$password = trim($_POST["password"]); //encrypts but allows user to log in as there own password
$password = md5($password);
if (empty($email) or empty($password)) {
header("Location: homepage.php?form=invalid"); //Redirection information
exit;
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) // this checks that my email is validated.
{
echo "E-mail is not valid";
header("Location: homepage.php?email=invalid");
}
$query = "SELECT * FROM users WHERE email= '$email' AND password = '$password' ";
// this is my query to gather the username and password that rhe user enters
$result = mysqli_query($connection, $query) or exit("Error in query: $query. " . mysqli_error());
if ($row = mysqli_fetch_assoc($result)) {
//this checks to see if any rows were returned and if they were it selects the session variables.
$_SESSION["authenticatedUserEmail"] = $email;
$_SESSION['ID'] = $row['ID'];
$_SESSION["password"] = $row['password'];
$_SESSION["usertype"] = $row['usertype'];
if ($_SESSION["usertype"] == '1'){
header("Location: admin.php");
} else {
header("Location: profile.php");
}
} //End else
?>
答案 0 :(得分:0)
您将错误设置为显示在代码顶部。
你得到一个白页,因为你有一个解析错误,并且从未设置display_errors。
为了显示语法错误,您必须在php.ini中设置display_errors
答案 1 :(得分:0)
在register.php中你有:
...
$connection = mysqli_connect('localhost', 'c3410801', 'tatiana1', 'c3410801')
or exit ("Unable to connect");
$id = mysqli_insert_id($connection);
但在此之前,您没有mysqli_insert_id函数所需的任何insert或update语句。查看php手册页:http://php.net/manual/en/mysqli.insert-id.php
答案 2 :(得分:0)
在页面:loginaction.php中,在电子邮件= ...删除后,您有一个空格。
您的查询:
$query = "SELECT * FROM users WHERE email= '$email' AND password = '$password' ";
它将是:
$query = "SELECT * FROM users WHERE email='$email' AND password = '$password' ";
似乎mysql不喜欢这样,在密码中你有这个空格,但你也有变量。