好的,在我的本地开发服务器上,我可以使用index.php上的简单表单登录。它会将我重定向到admin.php,因为我的用户名和密码与数据库中的用户名和密码相匹配。
然而,当我将其上传到我的实时服务器时,它无法正常工作。我不明白。要在数据库中创建用户名和密码,我使用new_admin.php。然后使用index.php登录哪个willa cces我的函数来自functions.php。
的functions.php:
//*****************************************************************/
//mysql_prep();
//
function mysql_prep($string) {
global $connection;
$escaped_string = mysqli_real_escape_string($connection, $string);
return $escaped_string;
}
//*****************************************************************/
//confirm_query();
//
function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed.");
}
}
//////////////LOG IN FUNCTIONS
/////////////////////////////////////////////////////////////////////////
//*****************************************************************/
//password_encrypt();
//
function password_encrypt($password) {
$hash_format = "$2y$10$"; // Tells PHP to use Blowfish with a "cost" of 10
$salt_length = 22; // Blowfish salts should be 22-characters or more
$salt = generate_salt($salt_length);
$format_and_salt = $hash_format . $salt;
$hash = crypt($password, $format_and_salt);
return $hash;
}
//*****************************************************************/
//generate_salt();
//
function generate_salt($length) {
// Not 100% unique, not 100% random, but good enough for a salt
// MD5 returns 32 characters
$unique_random_string = md5(uniqid(mt_rand(), true));
// Valid characters for a salt are [a-zA-Z0-9./]
$base64_string = base64_encode($unique_random_string);
// But not '+' which is valid in base64 encoding
$modified_base64_string = str_replace('+', '.', $base64_string);
// Truncate string to the correct length
$salt = substr($modified_base64_string, 0, $length);
return $salt;
}
//*****************************************************************/
//password_check();
//
function password_check($password, $existing_hash) {
// existing hash contains format and salt at start
$hash = crypt($password, $existing_hash);
if ($hash === $existing_hash) {
return true;
} else {
return false;
}
}
//*****************************************************************/
//find_admin_by_username();
//
function find_admin_by_username($username) {
global $connection;
$safe_username = mysqli_real_escape_string($connection, $username);
$query = "SELECT * ";
$query .= "FROM admins ";
$query .= "WHERE username = '{$safe_username}' ";
$query .= "LIMIT 1";
$admin_set = mysqli_query($connection, $query);
confirm_query($admin_set);
if($admin = mysqli_fetch_assoc($admin_set)) {
return $admin;
} else {
return null;
}
}
//*****************************************************************/
//attempt_login();
//
function attempt_login($username, $password) {
$admin = find_admin_by_username($username);
if ($admin) {
// found admin, now check password
if (password_check($password, $admin["hashed_password"])) {
// password matches
return $admin;
} else {
// password does not match
return false;
}
} else {
// admin not found
return false;
}
}
//*****************************************************************/
//logged_in();
//
function logged_in() {
return isset($_SESSION['admin_id']);
}
//*****************************************************************/
//confirm_logged_in();
//
function confirm_logged_in() {
if (!logged_in()) {
redirect_to("index.php");
}
}
new_admin.php:
<?php
session_start();
require_once("includes/db_connection.php");
require_once("includes/functions.php");
?>
<html>
<head>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$username = mysql_prep($_POST["username"]);
$hashed_password = password_encrypt($_POST["password"]);
$query = "INSERT INTO admins (";
$query .= " username, hashed_password";
$query .= ") VALUES (";
$query .= " '{$username}', '{$hashed_password}'";
$query .= ")";
$result = mysqli_query($connection, $query);
if ($result) {
// Success
$_SESSION["message"] = "Admin created.";
redirect_to("admin.php");
} else {
// Failure
$_SESSION["message"] = "Admin creation failed.";
}
}
?>
<form action="new_admin.php" method="post">
username:
<input type="text" name="username"/><br/>
password:
<input type="password" name="password"/></br>
<input type="submit" name="submit"/>
</form>
的index.php:
<?php
session_start();
require_once("includes/db_connection.php");
require_once("includes/functions.php");
?>
<?php
$username = "";
if (isset($_POST['submit'])) {
// Process the form
$username = $_POST["username"];
$password = $_POST["password"];
$found_admin = attempt_login($username, $password);
if ($found_admin) {
// Success
// Mark user as logged in
$_SESSION["admin_id"] = $found_admin["id"];
$_SESSION["username"] = $found_admin["username"];
redirect_to("admin.php");
} else {
// Failure
$_SESSION["message"] = "Username/password not found.";
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Test</title>
</head>
<body>
<?php
if(isset($_SESSION['message'])){
echo $_SESSION['message'];
}
?>
<h1>Login</h1>
<form action="index.php" method="post">
<p>Username:
<input type="text" name="username" value="" />
</p>
<p>Password:
<input type="password" name="password" value="" />
</p>
<input type="submit" name="submit" value="Submit" />
</form>
我知道我输入了正确的登录用户名和密码,但我得到的是&#34;找不到用户名/密码。&#34;来自我的会话错误消息。
为什么会发生这种情况?
编辑:
我刚注意到我没有收到错误&#34;找不到用户名/密码&#34;所以这意味着我的attempt_login()函数必须返回true。不是吗?