1

我正在为我的网站开发一个 PHP 登录系统,我已经得到它,以便一切都可以通过数据库正确验证。验证完成后,PHP 代码设置为

<?php
    require("common.php");

$submitted_username = '';

if(!empty($_POST))
{
    $query = "
        SELECT
            id,
            username,
            password,
            salt,
            email
        FROM users
        WHERE
            username = :username
    ";

    $query_params = array(
        ':username' => $_POST['username']
    );

    try
    {
        $stmt = $db->prepare($query);
        $result = $stmt->execute($query_params);
    }
    catch(PDOException $ex)
    {
        die("Failed to run query: " . $ex->getMessage());
    }

    $login_ok = false;

    $row = $stmt->fetch();
    if($row)
    {
        $check_password = hash('sha256', $_POST['password'] . $row['salt']);
        for($round = 0; $round < 65536; $round++)
        {
            $check_password = hash('sha256', $check_password . $row['salt']);
        }

        if($check_password === $row['password'])
        {
            $login_ok = true;
        }
    }

    if($login_ok)
     {
        unset($row['salt']);
        unset($row['password']);

     $_SESSION['user'] = $row;


     header("Location: http://www.woodlandastronomy.org/members/private.php");
     die("Redirecting to: private.php");

     }

//lots more code for if validation failed

?>

当我加载页面并输入测试凭据时,一切都通过 SQL 数据库验证正常,但是页面没有重定向,它只是打印Redirecting to: private.php并停止。PHP中有错误吗?

这是 common.php 的代码包括:

ini_set('display_errors', true);
error_reporting(-1);


$username = "RatBiscuit225";
$password = "pepper";
$host = "mysql";
$dbname = "tz_users";

$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');

try
{

    $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
}
catch(PDOException $ex)
{
    die("Failed to connect to the database: " . $ex->getMessage());
}

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
    function undo_magic_quotes_gpc(&$array)
    {
        foreach($array as &$value)
        {
            if(is_array($value))
            {
                undo_magic_quotes_gpc($value);
            }
            else
            {
                $value = stripslashes($value);
            }
        }
    }

    undo_magic_quotes_gpc($_POST);
    undo_magic_quotes_gpc($_GET);
    undo_magic_quotes_gpc($_COOKIE);
}
4

1 回答 1

-1

如果 php 向浏览器输出任何内容,则对 header 的调用将失败。这包括诸如 php 标签之外的空格、echo 语句等内容。

您可以将所有代码发布到 die() 吗?

于 2013-08-13T16:51:30.173 回答