0

我在查找从我的登录页面存储的 cookie 时遇到问题。这是我的登录页面代码:

<?php 
// Connects to your Database 
include("dbconnect.php");
mysql_select_db("maxgee_close2");
//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))
 //if there is, it logs you in and directes you to the members page
{ 
    $username = $_COOKIE['ID_my_site']; 
    $password = $_COOKIE['Key_my_site'];
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
    while($info = mysql_fetch_array( $check )) 
    {
        if ($password != $info['password'])
        {
        }
        else
        {
            header("Location: members.php");
        }
    }
}
//if the login form is submitted 
if (isset($_POST['submit'])) { // if form has been submitted
 // makes sure they filled it in
    if(!$_POST['username'] | !$_POST['password']) {
        die('You did not fill in a required field.');
    }
    // checks it against the database

    if (!get_magic_quotes_gpc()) {
        $_POST['email'] = addslashes($_POST['email']);
    }
    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    if ($check2 == 0) {
        die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
    }
    while($info = mysql_fetch_array( $check ))  
    {
        $_POST['password'] = stripslashes($_POST['password']);

        $info['password'] = stripslashes($info['password']);

        $_POST['password'] = md5($_POST['password']);

        //gives error if the password is wrong

        if ($_POST['password'] != $info['password']) {
            die('Incorrect password, please try again.');
        }
        else 
        { 
            // if login is ok then we add a cookie 
           setcookie("TestCookie", $value, time()+3600);  /* expire in 1 hour */


          //then redirect them to the members area and the line with the error
          header("Location: members.php");
        }
    } 
  }
  else
  { 
    // if they are not logged in
     ?>
     <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
     <h1>Login</h1>
     Username:
    <input type="text" name="username" maxlength="40"> 
    Password:
    <input type="password" name="password" maxlength="50"> 
    <input type="submit" name="submit" value="Login">
    </form> 
<?php 
 } 
 include("topsite.php");
?> 

会员页面:这是找不到cookies的页面我找到了保存在浏览器中的cookies这个页面只是找不到它们:

<?php 
include("dbconnect.php");
mysql_select_db("maxgee_close2");

//checks cookies to make sure they are logged in 

if(isset($_COOKIE['maxgee.me'])) 

 { 

$username = $_COOKIE['maxgee.me']; 

$password = $_COOKIE['maxgee.me']; 

    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); 

while($info = mysql_fetch_array( $check ))   

    { 



  //if the cookie has the wrong password, they are taken to the login page 

    if ($password != $info['password']) 

        {           header("Location: login_test.php"); 

        } 



    //otherwise they are shown the admin area    

else 

        { 

         echo "Admin Area<p>"; 

   echo "Your Content<p>"; 

   echo "<a href=logout.php>Logout</a>"; 

        } 

    } 

    } 

    else 



   //if the cookie does not exist, they are taken to the login screen 

  {          

   header("Location: login_test.php"); 

   } 

   ?> 
4

2 回答 2

0

您在登录脚本中有错误。

if(!$_POST['username'] | !$_POST['password']) {
    die('You did not fill in a required field.');
}

它应该是

if(!$_POST['username'] || !$_POST['password']) {
    die('You did not fill in a required field.');
}

此外,您没有将 cookie 存储在您的登录页面中。留意评论

// if login is ok then we add a cookie 

您还没有在此处添加 cookie。下面是添加cookie的方法。

setcookie("TestCookie", $value);

以下是随时间设置cookie的方法。

setcookie("TestCookie", $value, time()+3600);  /* expire in 1 hour */

下面是检索cookie的方法。

echo $_COOKIE["TestCookie"];
于 2012-10-22T05:54:32.623 回答
0

我意识到这可能不是你想听到的,但我认为你需要重新开始这段代码。对于初学者,您直接写入 $_POST,这对于调试来说是个坏主意。此外,您似乎将密码以明文形式存储在数据库中,并将其存储在 cookie 中!您的网站将成为黑客的梦想。请查看此帖子:

用户身份验证和密码安全的 PHP 最佳实践

于 2012-10-22T05:59:37.540 回答