它是一个登录表单和一个 class_login.php 文件。我得到了一个令牌,用于验证表单提交。它是一个随机字符串,我将其隐藏发送。我在课堂上收到 3 条错误消息。无效的表单提交。无效的表单数据。和无效的用户名/密码。问题是不管我做什么我都会卡在第一个错误无效的表单提交上。就像我发送的令牌永远不会与会话令牌匹配。但是当我删除那部分时,我总是得到无效的表单数据,即使我写了一个正确的现有用户/密码。在这里需要一些帮助:
<?php
class class_login
{
private $id;
private $username;
private $password;
private $passmd5;
private $errors;
private $access;
private $login;
private $ltoken;
public function __construct()
{
$this->errors = array();
$this->login = isset($_POST['login'])? 1:0;
$this->access = 0;
$this->ltoken = $_POST['ltoken'];
$this->id = 0;
$this->username = ($this->login)? $this->filter($_POST['username']) : $_SESSION['username'];
$this->password = ($this->login)? $this->filter($_POST['password']) : '';
$this->passmd5 = ($this->login)? md5($this->password) : $_SESSION['password'];
}
public function isLoggedIn()
{
($this->login)? $this->verifyPost() : $this->verifySession();
return $this->access;
}
public function filter($var)
{
return preg_replace('/[^a-zA-Z0-9]/','',$var);
}
public function verifyPost()
{
try
{
if(!$this->tokenValid())
throw new Exception('Invalid Form Submission!');
if(!$this->isDataValid())
throw new Exception('Invalid Form Data!');
if(!$this->verifyDatabase())
throw new Exception('Invalid Username/Password!');
$this->access = 1;
$this->registerSession();
}
catch(Exception $e)
{
$this->errors[] = $e->getMessage();
}
}
public function verifySession()
{
if($this->sessionExist() && $this->verifyDatabase())
$this->access = 1;
}
public function verifyDatabase()
{
include('db_connect.php');
$data = mysql_query("SELECT ID FROM users WHERE username = '($this->username)' AND password = '($this->passmd5)'");
if (mysql_num_rows($data))
{
list($this->id) = @array_values(mysql_fetch_assoc($data));
return true;
}
else
return false;
}
public function isDataValid()
{
return (preg_match('/[^a-zA-Z0-9]$/', $this->username) && preg_match('/[^a-zA-Z0-9]$/', $this->password))? 1:0;
}
public function tokenValid()
{
return (!isset($_SESSION['ltoken']) || $this->ltoken != $_SESSION['ltoken'])? 0 : 1;
}
public function registerSession()
{
$_SESSION['ID'] = $this->id;
$_SESSION['username'] = $this->username;
$_SESSION['password'] = $this->passmd5;
}
public function sessionExist()
{
return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0;
}
public function show_errors()
{
foreach($this->errors as $value)
echo $value."</br>";
}
}
?>
这是 login_form.php
<?php
$check = 0;
$ltoken = $_SESSION['ltoken'] = md5(uniqid(mt_rand(), true));
if(isset($_POST['login']))
{
$check = 1;
include('class_login.php');
$login = new class_login();
if ($login->isLoggedIn())
echo "Success!";
else
$login->show_errors();
}
?>
<link rel="stylesheet" href="CSS/regstyle.css" type="text/css" />
<script src="JS/jquery-1.7.2.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
var checker = <?php echo $check; ?>;
if(checker == 1)
{
$("#logform").slideDown("fast")
}
});
</script>
<div id="content">
<?php echo $ltoken; ?>
<!-- Begin Form -->
<div class="form-content">
<form class="reg-form" method="post" action="<?php $_SERVER['PHP_SELF'] ?>">
<fieldset>
<div class="divusername">
<label for="username">Username:</label>
<input type="text" id="username" name="username" placeholder="Your Username Here" />
</div>
<div class="password">
<label for="password">Password:</label>
<input type="password" id="password" name="password" placeholder="Your Password Here" />
</div>
<div class="submit-button">
<input type="hidden" name="ltoken" value="<?php echo $ltoken; ?>" />
<input type="submit" name="login" value="Login" />
</div>
</fieldset>
</form>
</div>
</div>