我有使用MVC模式的登录系统,虽然它仍然是程序性的,并且已经有4个小时而且无法正常工作。它不断执行最后一个'else'语句,该语句重定向回login.php。这是我的代码
登录页面
<?php include 'view/template/header.php' ?>
<div class="container">
<div class="row">
<div class="col-lg-6 col-lg-offset-3">
<div class="login-style">
<h2>Silahkan Login</h2>
<form action="controller/controller-login-admin.php" method="POST">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" name="username" class="form-control" id="username">
</div>
<div class="form-group">
<label for="pwd">Password:</label>
<input type="password" name="password" class="form-control" id="pwd">
</div>
<button type="submit" name="submit-admin-login" class="btn btn-primary">Submit</button>
</form>
</div>
</div>
</div>
</div>
<?php include 'view/template/footer.php' ?>
控制器
<?php
require_once $_SERVER['DOCUMENT_ROOT']. '/project-school-frontend/admin/model/admin-model-master.php';
if (isset($_POST['submit-admin-login'])){
$username=mysqli_real_escape_string($koneksi, $_POST['username']);
$password=mysqli_real_escape_string($koneksi, md5($_POST['password']));
loginUser($username, $password);
}
(控制器工作正常)
型号:
<?php
require_once $_SERVER['DOCUMENT_ROOT']. '/project-school-frontend/config/database.php';
function loginUser($username, $password){
global $koneksi;
if (empty($username) && !empty($password))
{
$_SESSION['pesan'] = 'Userid harus diisi';
$_SESSION['alert'] = 'info';
header('location:../login.php');
}
elseif (empty($password) && !empty($username))
{
$_SESSION['pesan'] = 'Password harus diisi';
$_SESSION['alert'] = 'info';
header('location:../login.php');
}
elseif (empty($username && $password))
{
$_SESSION['pesan'] = 'Userid dan password wajib diisi';
$_SESSION['alert'] = 'info';
header('location:../login.php');
}
else
{
$sql= "SELECT * FROM admin WHERE username='$username' AND password='$password'";
$query= mysqli_query($koneksi, $sql);
$result= mysqli_num_rows($query);
$row = mysqli_fetch_array($query);
if($result > 0)
{
session_start();
$_SESSION['username']=$row['username'];
$_SESSION['level'] = $row['level'];
header('Location: ../view/admin-dashboard.php');
}
else
{
header('Location: ../login.php');
}
}
}
(这是如何开始的。模特)
我该怎么办?
答案 0 :(得分:1)
我可以看到一些问题。
session_start()
置于if
条件password_hash()
和password_verify()
(或等效的库)进行密码存储和比较<强> /config.php 强>
有一个包含基本内容的配置文件,并且总是在每个顶级页面上包含页面作为第一个加载的内容
<?php
# Error reporting ON for development
error_reporting(E_ALL);
ini_set('display_errors',1);
# Define separators for full compatibility
define('DS',DIRECTORY_SEPARATOR);
define('ROOT_DIR',__DIR__);
define('FUNCTIONS',ROOT_DIR.DS.'functions');
# Start the session by default
session_start();
# Add the database
require_once(ROOT_DIR.DS.'project-school-frontend'.DS.'config'.DS.'database.php');
<强> /functions/setError.php 强>
创建一个将执行此部分的函数,以便您可以重复使用它。
<?php
function setError($pesan,$alert,$redirect = false)
{
$_SESSION['pesan'] = $pesan;
$_SESSION['alert'] = $alert;
# Redirect if set
if($redirect) {
header("Location: {$redirect}");
exit;
}
}
<强> /functions/loginUser.php 强>
我不会使用全局连接,而是使用函数中的参数来提供连接。
<?php
function loginUser($koneksi, $username, $password){
# Add messaging error
include_once(FUNCTIONS.DS.'setError.php');
# Trim out values
$username = (!empty($username))? trim($username) : false;
$password = (!empty($password))? trim($password) : false;
# First check if either value is empty
if(empty($username) || empty($password)) {
# If both empty, set message
if(empty($username) && empty($password))
$msg = 'Userid dan password wajib diisi';
# If username empty, set message
elseif(empty($username))
$msg = 'Userid harus diisi';
# If password empty, set message
elseif(empty($password))
$msg = 'Password harus diisi';
# If something is really wrong, make unknown
else
$msg = 'Unknown error';
# Set session values, redirec
setError($msg,'info','../login.php');
}
else {
# Fetching the user from DB should be a function like getAdmin($koneksi,$username,$password)
# !***** BIND PARAMETERS HERE, THIS IS UNSAFE!!! ******!
$sql= "SELECT * FROM admin WHERE username='$username' AND password='$password'";
$query= mysqli_query($koneksi, $sql);
$result= mysqli_num_rows($query);
$row = mysqli_fetch_array($query);
if($result > 0){
$_SESSION['username'] = $row['username'];
$_SESSION['level'] = $row['level'];
header('Location: ../view/admin-dashboard.php');
exit;
}
else{
setError('Invalid Username or Password','info','../login.php');
}
}
}