我发现并修复了一点我对PHP不太满意但欢迎任何改进。
问题在于,有时在Chrome和Opera中,但有时仅在登录成功后,脚本会在5秒后重定向到带有javascript重定向的欢迎页面。但有时它只是卡住而且没有重定向,只是显示一个没有错误的白页,有时它重定向,并且很好。它能是什么?
这是代码
<?php session_start();?>
<?php
include 'inc/connection.php';
$db=mysqli_connect($dbserver, $dbuser, $dbpass, $dbname)or die("DB connection error...");
$username_to_sanitize = $_POST['username'];
$password_to_sanitize = $_POST['password'];
$sanitized_username = mysqli_real_escape_string($db, $username_to_sanitize);
$sanitized_password = mysqli_real_escape_string($db, $password_to_sanitize);
$query = "SELECT password, salt, privilege, username FROM members WHERE username = '$sanitize_username'";
$result = mysqli_query($db, $query);
if(mysqli_num_rows($result) == 0) // User not found. Redirected to login page.
{header('Location:login.php?message=Username not found, please try again');}
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $sanitized_password) );
if($hash != $userData['password']) // Incorrect passw. Redirected to login page.
{header('Location:error.php?message=Wrong password, please try again');}
else if($userData['privilege']=="ADMIN"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=admins/index.php');}
else if($userData['privilege']=="MODERATOR"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=moderators/index.php');}
else if($userData['privilege']=="MEMBER"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=members/index.php');}
else if($userData['privilegio']=="BANNED"){session_start();
$_SESSION['username']=$userData['username'];
header('Location:redirection.php?URL=banned/index.php');}
else{
header('Location:error.php?message=su need privileges to acces this site');
exit();
}
?>
在阅读并测试在互联网上发现的新脚本后,我仍然无法在2个月后解决此问题。有什么想法吗?
答案 0 :(得分:1)
你的代码中有很多重复,这很糟糕,因为你复制的每个地方都意味着你需要在更新代码时更改它,这意味着以后会有更多地方可以弹出错误。< / p>
为了提供帮助,我只放置了一个session_start()
,并将if/elseif/elseif/elseif...
转换为switch语句。
我没有处理位置标题本身,而是使用http_redirect function取代了它们,这基本上是为你做的。要启动,它会为您编码URL,因此您无需担心。
如果你看到一个空白页面,那么你应该检查网络服务器的日志(apache或nginx或php-fpm,或其他),看看是否存在错误。否则,打开更好的错误报告;通常空白页面只是尚未报告的错误。
<?php
session_start();
include 'inc/connection.php';
$db = mysqli_connect($dbserver, $dbuser, $dbpass, $dbname) or die('DB connection error...');
$sanitized_username = mysqli_real_escape_string($db, $_POST['username']);
$sanitized_password = mysqli_real_escape_string($db, $_POST['password']);
$query = "SELECT password, salt, privilege, username FROM members WHERE username = '$sanitized_username'";
$result = mysqli_query($db, $query);
if (mysqli_num_rows($result) == 0) {
// User not found. Redirected to login page.
http_redirect('login.php', array('message' => 'Username not found, please try again'), true);
}
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $sanitized_password) );
if($hash != $userData['password']) {
// Incorrect passw. Redirected to login page.
http_redirect('error.php', array('message' => 'Wrong password, please try again'), true);
}
// Just set the username once
$_SESSION['username'] = $userData['username'];
switch ( $userData['privilege'] ) :
case 'ADMIN':
http_redirect('redirection.php', array('URL' => 'admins/index.php'), true);
break;
case 'MODERATOR' :
http_redirect('redirection.php', array('URL' => 'moderators/index.php'), true);
break;
case 'MEMBER' :
http_redirect('redirection.php', array('URL' => 'members/index.php'), true);
break;
case 'BANNED' :
http_redirect('redirection.php', array('URL' => 'banned/index.php'), true);
break;
default:
// The message is weird. Should it be:
// 'You need privileges to access this site' or something like that?
http_redirect('error.php', array('message' => 'su need privileges to acces this site'), true);
break;
endswitch;
http_redirect('error.php', array('message' => 'su need privileges to acces this site'), true);
?>