2

我的登录站点完全在 Windows 上的 Xampp 中运行。但是现在我将它复制到 Apache 服务器,它运行但是当我输入 id 时,通过并提交。登录不了,总是返回“ID或密码不匹配,再试一次”

我在 Ubuntu 11.10 上安装了 Apache 服务器、MySQL、PHP5,并将我的数据库从 Xampp 复制到 Ubuntu 上的 MySQL。

这是我的代码:

登录.php

<?php session_start(); ?>
<?php if(isset($_SESSION['name'])) {
header('location: member.php?id='.$_SESSION['name']);
}?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Login page</title>
<link href="resources/style.css" type="text/css" rel="stylesheet">
</head>

<body>
<?php

require "./references/BLLClass.php";

//Khoi tao doi tuong BLL
$bllObj = new BLLClass();

//Kiem tra truong du lieu trong 2 o nhap
if(isset($_POST['submit'])) {
    $errors = array();
    $required = array('account', 'password');
    foreach($required as $fieldname) {
        if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
            $errors[] = "The <strong> $fieldname </strong> was left bank.";
        }
    } // end: foreach

    if(empty($errors)) {
        $acc = mysql_real_escape_string($_POST['account']);
        $pword = mysql_real_escape_string($_POST['password']);
        //ket noi lay du lieu xac thuc
        $result = $bllObj->AuthMember($acc, $pword);
        if(mysql_num_rows($result) == 1){
            while($rows = mysql_fetch_assoc($result)){
                $_SESSION['name'] = $rows['member_name'];
                header('Location: member.php');
            }; //end while
        } else {
            $errors[] = "The ID or Password do not match, try again";
        }
    }//end if(empty($errors)

} // end isset($_POST['submit'])
?>
<div id="wrapper">

    <?php
        if(!empty($errors)) {
            echo "<ul>";
            foreach($errors as $error) {
                echo "<li>$error</li>";
            }
            echo "</ul>";
        }
    ?> <!-- Hien thi thong bao loi khi o nhap lieu rong -->

    <?php if(isset($message)) echo $message;?>
    <form action="" method="POST">
    <p>
        <label for="account or id"> Account or ID: </label>
        <input type="text" name="account"/>
    </p> <!-- o nhap ID hoac nick login-->

    <p>
        <label for="password"> Password </label>
        <input type="password" name="password"/>
    </p> <!--o nhap password-->

    <p>
        <input type="submit" name="submit" value="Login"/>
        <a href="register.php">Register</a>
    </p> <!-- nut submit va chuyen trang dang ky-->

<!--        <div class='login'>
        <a href="#">Login</a>
    </div>
--> 
    </div>
</body>
</html>

BLLClass.php

<?php

//Business Logic Layer

require_once 'DBClass.php';

class BLLClass {    

    private $dbo;

    function BLLClass(){

    }
    //Check username password
    function AuthMember($username, $pword) {
        $this->dbo =    new DBClass();    
        $hash_pw = sha1($pword);
        $query = "SELECT member_name
                  FROM member
                  WHERE member_ID='$username'
                  OR member_login_name = '$username'
                  AND member_password = '$hash_pw'
                  LIMIT 1
                  ";
        $result = $this->dbo->SqlEx($query);
        return $result;
    }

}

?>

和 DBClass.php

<?php

//Data Access Layer
class DBClass{

    private $mysql_hostname = "localhost";
    private $mysql_port = "3306";
    private $mysql_user = "root";
    private $mysql_password = "mypass";
    private $mysql_database = "db.sums01";


    public function DBClass(){


    }

    //khoi tao ket noi
    public function GetConn() {
    $conn = mysql_connect($this->mysql_hostname.":".$this->mysql_port, $this->mysql_user, $this->mysql_password) or die("Could not connect to DB");
    mysql_select_db($this->mysql_database, $conn) or die("Opps some thing went wrong");

    return $conn;
    }

    //gui query len co so du lieu
    public function SqlEx($query) {
        $conn = $this->GetConn();
        $result = mysql_query($query, $conn) or die (mysql_error($conn));
        return $result;
    }
}
?>

这是我的 apache 错误日志

[Thu May 24 20:42:27 2012] [error] [client 192.168.40.1] PHP Warning:  mysql_real_escape_string(): Access denied for user 'www-data'@'localhost' (using password: NO) in ~/site/Login.php on line 33, referer: http://192.168.40.130/Login.php
[Thu May 24 20:42:27 2012] [error] [client 192.168.40.1] PHP Warning:  mysql_real_escape_string(): A link to the server could not be established in ~/site/Login.php on line 33, referer: http://192.168.40.130/Login.php
[Thu May 24 20:42:27 2012] [error] [client 192.168.40.1] PHP Warning:  mysql_real_escape_string(): Access denied for user 'www-data'@'localhost' (using password: NO) in ~/site/Login.php on line 34, referer: http://192.168.40.130/Login.php
[Thu May 24 20:42:27 2012] [error] [client 192.168.40.1] PHP Warning:  mysql_real_escape_string(): A link to the server could not be established in ~/site/Login.php on line 34, referer: http://192.168.40.130/Login.php
[Thu May 24 20:42:27 2012] [error] [client 192.168.40.1] File does not exist: ~/site/favicon.ico
4

1 回答 1

0

mysql_real_escape_string使用当前 MySQL 连接来确定要转义的内容:

转义 unescaped_string 中的特殊字符,考虑到连接的当前字符集,以便将其放在 mysql_query() 中是安全的。如果要插入二进制数据,则必须使用该函数。

如果没有可用的连接,它将尝试创建一个:

如果未指定链接标识符,则假定由 mysql_connect() 打开的最后一个链接。如果没有找到这样的链接,它将尝试创建一个,就好像 mysql_connect() 没有参数被调用一样。如果未找到或建立连接,则会生成 E_WARNING 级别错误。

这就是为什么您会收到该特定警告的原因-它正在尝试连接到本地主机,因为用户 PHP 以 (www-data) 身份运行而没有密码。

To match the rest of your code, you probably want to create a DBClass->escape() function that uses the connection in that class.

于 2012-05-24T14:53:49.770 回答