嗨,我在这里有这个代码,它是用于登录系统:
elseif($_GET['action'] == "login"){
if(!empty($_GET['user_name']) && !Empty($_GET['password'])){
session_name('Huemix|Studio');
session_set_cookie_params(2*7*24*60*60);
sec_session_start();
$user = sql_safe($_GET['user_name']);
$pass = sql_safe($_GET['password']);
$rem = sql_safe($_GET['rememberMe']);
if(!count($err)){
$sql = sprintf("SELECT loginid FROM login WHERE username='%s' AND password = '%s'",$user,md5($pass));
$query = mysql_query($sql);
$row = mysql_fetch_assoc($query);
if(!$query){
echo mysql_error();
}else{
echo $row["username"];
echo $row["loginid"];
//echo $user;
// echo $pass;
}
if($row['username']){
$sql = sprintf("UPDATE login SET last_login='".time()."' WHERE username = '%s' AND password = '%s' ",$user,md5($pass));
$query = mysql_query($sql);
if($query){
$_SESSION['username'] = $row['username'];
$_SESSION['id'] = $row['loginid'];
$_SESSION['rememberMe'] = $rem;
setcookie("HuemixRemember",$rem);
header("Location : index.php");
}
echo '<p style="color: #ff0000;">Error in Login system ,, Please Call The Programmer !</p>';
}else{
echo '<p style="color: #ff0000;">Error in Username and/or Password !</p>';
}
}
}else{
echo '<p style="color: #ff0000;">All Fields are Required !</p>';
}
}
现在我对我的脚本做了一些安全功能,它们是:sec_session_start(); 和 sql_safe(); 这里有代码:sec_session_start();
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
和 sql_safe():
function sql_safe($value){
if ( $value ){
$value = strip_tags($value);
$value = htmlspecialchars($value);
$value = trim($value);
$value = stripslashes($value);
$value = mysql_real_escape_string($value);
return $value;
}
else{
return false;
}
}
现在我的问题出在echo $row["username"];
没有打印数据的行中,并且我确定数据库中有数据并且与数据库的连接可以正常工作,我尝试echo $user;
查看是否来自 Interred 的值的错误输入框,但输出和我埋的一样!
所以我真的不知道发生了什么!!!总是显示Error in Login system ,, Please Call The Programmer !
由 if 语句引起的错误if($row['username']){
!!
另一个问题:你能告诉我一个提示或代码来保护我的脚本吗?在一切“登录、注销、会话、cookies ......等”
还有谢谢^_^