-1

我有以下代码,当用户登录时,他们会看到两个文本框和一个复选框。

设置三个 cookieusername和所有工作password以及remember登录脚本本身都非常好(我很欣赏在 cookie 中存储散列密码不是最佳做法,但现在它可以做到)。

但是会发生什么,是用户在他们已经登录时重新访问login.php页面(这个)的 id,由于未满足 $_POST 条件,因此正在执行下面的行,因此 cookie 被一一删除。我怎样才能防止这种情况发生。此外,任何清理代码的建议都将不胜感激,因为我无疑会以大量重复代码告终。谢谢

snippet from the 'login.php' page below

} elseif (!$_POST['remember']) {
    $past = time() - 100;
    if (isset($_COOKIE['remember'])) {
        setcookie('remember', '', $past);
    } elseif (isset($_COOKIE['username'])) {
        setcookie('username', '', $past);
    } elseif (isset($_COOKIE['password'])) {
        setcookie('password', '', $past);
    }
}

login.php

<?php
session_start();
include("includes/config.php");

?>
<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
</head>
<body>
<?php

$odb = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USER, DB_PASS);

$username = "";
$password = "";

if (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {

    $username = $_COOKIE['username'];
    $password = $_COOKIE['password'];

} elseif (isset($_POST['username'])) {

    $username = $_POST['username'];
    $password = $_POST['password'];
    $password = md5(DB_SALT.$password);

}

$sql = "SELECT * from tblMembers WHERE username = :username";
$query = $odb->prepare($sql);
$query->execute(array(":username" => $username));
$results = $query->fetchAll();
if($results !== FALSE && $query->rowCount()>0) {
    if($results[0]['passwordHash'] == $password) {
        $_SESSION['username'] = $username;
        $_SESSION['userID'] = $results[0]['userID'];

        if($_POST['remember']) {
            $month = time() + (60 * 60 * 24 * 30);
            setcookie('remember', $_POST['username'], $month);
            setcookie('username', $_POST['username'], $month);
            setcookie('password', $results[0]['passwordHash'], $month);
        } elseif (!$_POST['remember']) {
            $past = time() - 100;
            if (isset($_COOKIE['remember'])) {
                setcookie('remember', '', $past);
            } elseif (isset($_COOKIE['username'])) {
                setcookie('username', '', $past);
            } elseif (isset($_COOKIE['password'])) {
                setcookie('password', '', $past);
            }
        }


        header("Location: "."index.php");
    } else {
        echo "password incorrect";
    }
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
Username:&nbsp;
<?php
if(isset($_COOKIE['username'])) {
    echo "<input type=\"text\" id=\"username\" name=\"username\" maxlength=\"40\" value=".$_COOKIE['username'].">";
} else {
    echo "<input type=\"text\" id=\"username\" name=\"username\" maxlength=\"40\" value=\"\">";
}
?>
Password:&nbsp;<input type="password" id="password" name="password" maxlength="50">
Remember Me:&nbsp;
<?php
if(isset($_COOKIE['remember'])) {
    echo "<input type=\"checkbox\" id=\"remember\" name=\"remember\" checked=\"checked\">";
} else {
    echo "<input type=\"checkbox\" id=\"remember\" name=\"remember\">";
}
?>
<input type="submit" id="submit" name="submit" value="Log In">
</form>
</body>
</html>
4

1 回答 1

2

您的代码确切地说应该发生这种情况。在第一次请求之后,remember将不再设置 POST 参数,因此 if 语句的计算结果为true。然后它将删除第一个cookie。下次它将删除第二个,因为第一个已经不存在了。

也许你应该替换这一行:

elseif (!$_POST['remember']) {

有了这个:

elseif (!$_POST['remember'] && !$_COOKIE['remember']) {

你应该去掉elseif那里的 s,因为你可能想删除所有的 cookie。只要放if,它应该如你所愿。

附带说明:!$var不是检查是否设置了值的正确方法。改为使用!isset($var)

于 2013-02-26T13:19:04.623 回答