我不是在寻找任何人为我做所有的跑腿工作,但是我有一个开源项目,可以在大多数服务器上完美运行,但是一个人的服务器,当你去注册或登录时,页面只是刷新而不是登录. 没有任何东西进入数据库。
$_POST 的 var_dump 看起来一切都很好,我已经删除了表单中尽可能多的数据验证,但没有骰子。
Chrome 或 Firefox/Firebug 中是否有工具可以帮助我弄清楚发生了什么?Chrome 中的控制台日志基本上只是告诉我该页面已重新加载,但没有别的。我的错误都没有出现在页面上。这只是一个简单的页面刷新。
这是未经编辑的(减去一堆 html)登录文件。它基于一个名为 UserCake 的旧系统。其中大部分是遗留代码。我将从头开始完全重写项目。
<?php require_once("models/top-nav.php"); ?>
<!-- If you are going to include the sidebar, do it here -->
<?php //require_once("models/left-nav.php"); ?>
</div>
<!-- /.navbar-collapse -->
</nav>
<!-- PHP GOES HERE -->
<?php
//Prevent the user visiting the logged in page if he/she is already logged in
if(isUserLoggedIn()) { header("Location: account.php"); die(); }
//Forms posted
if(!empty($_POST))
{
$token = $_POST['csrf'];
if(!Token::check($token)){
die('Token doesn\'t match!');
}
//reCAPTCHA 2.0 check
// empty response
$response = null;
// check secret key
$reCaptcha = new ReCaptcha($privatekey);
// if submitted check response
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
$_SERVER["REMOTE_ADDR"],
$_POST["g-recaptcha-response"]
);
}
if ($response != null && $response->success) {
$errors = array();
$username = sanitize2(trim($_POST["username"]));
$password = trim($_POST["password"]);
//Perform some validation
//Feel free to edit / change as required
if($username == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if($password == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
//A security note here, never tell the user which credential was incorrect
if(!usernameExists($username))
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
}
else
{
$userdetails = fetchUserDetails($username);
//See if the user's account is activated
if($userdetails["active"]==0)
{
$errors[] = lang("ACCOUNT_INACTIVE");
}
else
{
//- THE OLD SYSTEM IS BEING REMOVED - Hash the password and use the salt from the database to compare the password.
//$entered_pass = generateHash($password,$userdetails["password"]);
$entered_pass = password_verify($password,$userdetails["password"]);
if($entered_pass != $userdetails["password"])
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); //MAKE UPGRADE CHANGE HERE
}
else
{
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$_SESSION["userCakeUser"] = $loggedInUser;
//Redirect to user account page
header("Location: account.php");
die();
}
}
}
}
}
?>
<?php
echo resultBlock($errors,$successes);
echo "
<div id='regbox'>
<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>
<p>
";
?>
<label>Username:</label>
<input class='form-control' type='text' name='username' />
</p>
<p>
<label>Password:</label>
<input class='form-control' type='password' name='password' />
</p>
<p><label>Please enter the words as they appear:</label>
<div class="g-recaptcha" data-sitekey="<?php echo $publickey; ?>"></div>
</p>
<p>
<label> </label>
<input class='btn btn-primary' type='submit' value='Login' class='submit' />
</p>
<input type="hidden" name="csrf" value="<?=Token::generate();?>" >
</form>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<!-- footer -->
<?php require_once("models/footer.php"); ?>