0

我正在构建网络应用程序作为我的主要学位项目。简单登录是有效的,但现在我正在尝试实现 cookie,但我的脚本由于某种原因无法正常工作。我需要找出原因,但不能在最后 2 小时内完成。这是我的问题:

从登录表单变量被传递到我的登录脚本(到目前为止没有实现密码或 jql 注入的安全性),当我按下登录错误时,“错误加载页面”,这是登录脚本:

session_start();

$username = $_GET["name"];
$password = $_GET["password"];
$remember_me = $_GET['remember_me'];

include('mysql_connection.php');
mysql_select_db("jzperson_imesUsers", $con);

$res1 = mysql_query("SELECT * FROM temp_login WHERE username='$username' AND password='$password'");
$count1=mysql_num_rows($res1);

if(isset($_COOKIE['usr_IMes']) && isset($_COOKIE['psw_IMes'])){
                    $user_n = $_COOKIE['usr_IMes'];
                    $pasw_n = $_COOKIE['psw_IMes'];

                    $res2 = mysql_query("SELECT * FROM temp_login WHERE username='$user_n' AND password='$pasw_n'");
                    $count2=mysql_num_rows($res2);

                    if($count2 == 1){

                                    $_SESSION['username'] = $user_n;

                                    header('Location: http://imes,jzpersonal.com/userpanel.php');

                    }else {
                                    setcookie('usr_IMes', $user_n, time() - 31*24*60*60);
                            setcookie('psw_IMes', $pasw_n, time() - 31*24*60*60);

                                    header('Location: http://imes,jzpersonal.com/index.html');
                    }

}else{

if($count1==1){
    $_SESSION['username'] = $username;

    if(isset($remember_me)){

setcookie('usr_IMes', $username, time() + 30*24*60*60);
setcookie('psw_IMes', $password, time() + 30*24*60*60);

header("Location: http://imes.jzpersonal.com/userpanel.php");
    }else{      

      header("Location: http://imes.jzpersonal.com/userpanel.php");

   }
}else{
    $login = "failed";
}
}

任何人都可以在我的脚本中看到问题吗?在登录部分?如果不是这里是我在每个页面开头的身份验证脚本,也许我的错误就在那里:

session_start();

if(isset($_COOKIE['usr_IMes']) && isset($_COOKIE['psw_IMes'])){
                    $user_n = $_COOKIE['usr_IMes'];
                    $pasw_n = $_COOKIE['psw_IMes'];

                    $res2 = mysql_query("SELECT * FROM temp_login WHERE username='$user_n' AND password='$pasw_n'");
                    $count2=mysql_num_rows($res2);

                    if($count2 == 1){
                                    header('Location: http://imes,jzpersonal.com/userpanel.php');   
                    }else {
                                    setcookie('usr_IMes', $user_n, time() - 31*24*60*60);
                            setcookie('psw_IMes', $pasw_n, time() - 31*24*60*60);

                                    header('Location: http://imes,jzpersonal.com/index.html');
                    }

}else{

if(!isset($_SESSION['username']))
{
header('Location: http://imes.jzpersonal.com/index.html');
}

if(empty($_SESSION['username']))
{
header('Location: http://imes.jzpersonal.com/index.html');
}
}

希望能发现一些错误,谢谢大家的帮助。

4

1 回答 1

2

重定向是一个错误的 url:http://imes,jzpersonal.com/userpanel.php- 这会给你你的“错误加载页面”。除此之外,您永远不应该在 cookie 中存储用户名/密码 - 这是一种糟糕的做法,因为可以在机器上查看 cookie。此外,您正在使用已弃用的原始 PHP MySQL API - 您应该使用 PDO 或 mysqli。

于 2013-01-09T21:03:03.423 回答