我不知道我的代码出了什么问题。我已经使用ajax调用实现了登录和注册。现在,我正在尝试实现在php中使用cookie记住我。我的代码就像这样
<?php require 'database.php';
session_start();
if(!empty($_POST["login"])) {
#$conn = mysqli_connect("localhost", "root", "", "blog_samples");
$sql = "Select * from login where Username = '" . $_POST["member_name"] . "' and Password = '" . ($_POST["member_password"]) . "'";
$result = mysqli_query($conn,$sql);
$user = mysqli_fetch_array($result);
if($user) {
if(!empty($_POST["remember"])) {
setcookie ("member_login",$_POST["member_name"],time()+ (10 * 365 * 24 * 60 * 60));
setcookie ("member_password",$_POST["member_password"],time()+ (10 * 365 * 24 * 60 * 60));
} else {
if(isset($_COOKIE["member_login"])) {
setcookie ("member_login","");
}
if(isset($_COOKIE["member_password"])) {
setcookie ("member_password","");
}
}
header("location:private.php");
}
}
?>
<!DOCTYPE html>
<html >
<body>
<div class="container-fluid">
<div class="form-body-login col-md-6 col-xs-6">
<form class="Login" method="post" action="private.php">
<div class="row buttons">
<div type="submit" class="col-md-6 col-xs-6 login">Login</div>
<div type="submit" class="col-md-6 col-xs-6 sign_up">Sign up</div>
</div>
</div>
<div class="login_body">
<div class="row user_name">
<i class="fa fa-user fa-2x col-md-1 col-xs-1" aria-hidden="true"></i>
<input type="text" class="col-md-10 col-xs-10 username" id="username_login" placeholder="abc@xyz.com" name="member_name" value="<?php if(isset($_COOKIE["member_login"])) { echo $_COOKIE["member_login"]; } ?>" />
</div>
<div class="row pwd">
<i class="fa fa-key fa-2x col-md-1 col-xs-1" aria-hidden="true"></i>
<input type="password" class="col-md-10 col-xs-10 password" id="password_login" placeholder="Password" name="member_password" value="<?php if(isset($_COOKIE["member_password"])) { echo $_COOKIE["member_password"]; } ?>"/>
</div>
<div class="row remember col-md-11 col-xs-11">
<label><input type="checkbox" name="autologin" id="checkbox" name="remember" <?php if(isset($_COOKIE["member_login"])) { ?> checked <?php } ?>/> Remember Me </label>
</div>
<div class="row col-md-11 col-xs-11">
<button type="submit" id="button" name="login">Login</button>
</div>
</div>
<div class="form-body-signup">
<div class="row username_signup">
<input type="text" id="username_signup" class="col-md-10" placeholder="Enter user name"/>
</div>
<div class="row password_signup">
<input type="password" id="password_signup" class="col-md-10 col-xs-10" placeholder="Enter password here" />
</div>
<div class="row phone">
<input type="text" id="phone" class="col-md-10 col-xs-10" placeholder="enter phone number" />
</div>
<div class="row signup_button">
<button type="submit" id="check">Create New User</button>
</div>
</div>
</form>
</div>
</div>
</body>
</html>
登录或注册后,在完成所有必要的验证后,页面将指向private.php。该页面看起来像这样:
<?php
echo"Hello";
session_start();
#$_SESSION["member_id"] = "";
session_destroy();
#header("Location: ./");
?>
但不知何故,如果我选中记住我复选框,则不会存储cookie。 我这是第一次这样做,并不知道这里出了什么问题。
答案 0 :(得分:0)
set_cookie不会更新$ _COOKIE超级全局数组,直到下一页加载为止。因此,如果您要将信息保存到Cookie,请记住您还需要同时手动将其添加到$ _COOKIE,以便您需要添加:
$_COOKIE['member_login'] = $_POST['member_login'];
例如,如果要在不重新加载脚本的情况下检查cookie的值是什么。
以下是代码的示例:
if($user) {
if(!empty($_POST["remember"])) {
setcookie ("member_login",$_POST["member_name"],time()+ (10 * 365 * 24 * 60 * 60));
$_COOKIE['member_login'] = $_POST['member_login']; // This is new
setcookie ("member_password",$_POST["member_password"],time()+ (10 * 365 * 24 * 60 * 60));
$_COOKIE['member_password'] = $_POST['member_password']; // This is new
} else {
if(isset($_COOKIE["member_login"])) {
setcookie ("member_login","");
$_COOKIE['member_login'] = ''; // This is new
}
if(isset($_COOKIE["member_password"])) {
setcookie ("member_password","");
$_COOKIE['member_password'] = ''; // This is new
}
}
header("location:private.php");
}
话虽这么说,@ OldPadawan有一个观点,你真的要清理通过表单提交的数据,否则你会对SQL注入攻击和XSS攻击开放。
如果你将set_cookie包装起来并将超全局$ _COOKIE设置为这样的完整函数,将来也可能会更容易:
function set_inline_accessible_cookie( $key, $value, $exp = null ) {
if ( is_null( $exp ) || ! is_numeric( $exp ) ) {
$exp = time() + ( 86400 * 30 );
}
$_COOKIE[ $key ] = $value;
return setcookie( $key, $value, $exp, '/' );
}
答案 1 :(得分:0)
根据{{3}} ,
Cookies will not become visible until the next loading of a page that the cookie should be visible for.
对于你想要达到的目标,(恕我直言)最好是:
private.php(Cookie将处于活动状态)在你的情况下:$ sql - &gt; $ result - &gt; $ user - &gt; setcookies(一次性全部) - &gt;重定向。下面是一个工作示例(页面是自称的 - &gt;'remember-me.php'):
<?php
// only example, adapt to your needs
error_reporting(E_ALL); ini_set('display_errors', 1);
//print_r($_COOKIE); // only for checking if needed
if(isset($_POST['login'])) {
$member_name = $_POST['member_name'];
$remember_me = $_POST['remember_me'];
//print_r($_POST); // only for checking if needed
if(isset($remember_me)) {
setcookie("member_login", $member_name);
setcookie("remember_me", 1);
echo"We will remember you next time! <a href=\"remember-me.php\">Check this !</a>"; // or redirect to private.php without output before
}
}
?>
<form method="post" action="remember-me.php">
<p><input type="text" id="member_name" name="member_name" value="<?php if(isset($_COOKIE["member_login"])) { echo $_COOKIE["member_login"]; } ?>" /></p>
<p><input type="checkbox" name="remember_me" id="remember_me" name="remember_me" <?php if(isset($_COOKIE["remember_me"])) { ?> checked="checked" <?php } ?>/> Remember Me </label></p>
<p><input type="submit" id="login" name="login" value="Login" /></p>
</form>
编辑2 - &gt;适应您的初始问题(聊天和进一步查询后 - 下面是原始代码示例):
<?php
session_start();
require'database.php';
if(isset($_POST['login'])) {
// connect to DB
$sql = " xxxx "; // make query
if($user) { // if results
$member_name = $_POST['member_name']; // or return from DB row, up to you
$remember_me = $_POST['remember_me'];
if(isset($remember_me)) {
setcookie("member_login", $member_name);
setcookie("remember_me", 1);
}
// could use session here if needed and no output before
header("location:private.php");
}
}
?>
不仅仅在一个页面上,但在所有页面上(包括您展示的那个),您应该真的考虑使用PHP doc。这将有助于PPS : Prepared Parameterized Statements
还有:
从未使用/存储纯文字密码,请使用Preventing SQL injection和password_hash