我的登录代码不断给我一个错误
[英]My login code keeps giving me an error
问题描述
Anytime i try to login in with my login file it gives me the error which is set in the code, but i cannot figure out what is wrong with it. 
每当我尝试使用登录文件登录时,都会出现代码中设置的错误,但我无法弄清楚它出了什么问题。
Here's my code: 这是我的代码:
<?php
include 'inc/dbc.php';
include 'inc/functions.php';
?>
<?php
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP']) {
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
}
else if($_SERVER['HTTP_X_FORWARDED_FOR']) {
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else if($_SERVER['HTTP_X_FORWARDED']) {
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
}
else if($_SERVER['HTTP_FORWARDED_FOR']) {
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
}
else if($_SERVER['HTTP_FORWARDED']) {
$ipaddress = $_SERVER['HTTP_FORWARDED'];
}
else if($_SERVER['REMOTE_ADDR']) {
$ipaddress = $_SERVER['REMOTE_ADDR'];
}
else {
$ipaddress = 'UNKNOWN';
}
return $ipaddress;
}
?>
<?php
if(isset($_GET['user']) && !empty($_GET['user'])) {
$username = $_GET['user'];
} else {
$username = $_SESSION['username'];
}
$my_name = $_SESSION['username'];
$firstname = getuser($username, 'firstname');
$middlename = getuser($username, 'middlename');
$lastname = getuser($username, 'lastname');
$aboutme = getuser($username, 'aboutme');
$email = getuser($username, 'email');
$dob = getuser($username, 'dob');
$address = getuser($username, 'address');
$website = getuser($username, 'website');
$country = getuser($username, 'country');
$city = getuser($username, 'city');
$state = getuser($username, 'state');
$phone = getuser($username, 'phone');
$gender = getuser($username, 'gender');
$rank = getuser($username, 'rank');
$avatar = getuser($username, 'aavtar');
?>
<!DOCTYPE html>
<html>
<head>
<title>EWC Login</title>
<link rel="stylesheet" type="text/css" href="css/login.css">
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css">
</head>
<body>
<div class='main'>
<div class='body'>
<div class="loginf">
<?php
if (loggedIn() == true) {
?>
<div class='logged'>
<div class='logwrapper'>
<div class='top'>
<p>Is this you? <a href="home.php">Home</a></p>
</div>
<div class='img'>
<img src="images/users/<?php echo $avatar;?>">
</div>
<div class='info'>
<h3><?php echo $firstname . ' ' . $middlename . ' ' . $lastname;?></h3>
<div class='subinfo'>
<?php echo $gender;?>
<?php echo $dob;?>
<?php echo $rank;?>
<?php echo $country . ', ' . $city . ' ' . $state; ?>
</div>
</div>
<div class='bottom'>
<p>You are already logged in. Click here to <a href="logout.php">logout.</a></p>
</div>
</div>
</div>
<?php
} else {
?>
<form method="post">
<?php
if (isset($_POST['submit'])) {
$username = stripcslashes(mysqli_real_escape_string($mysqli, $_POST['username']));
$password = stripcslashes(mysqli_real_escape_string($mysqli, $_POST['password']));
$pw = sha1($password);
if (empty($username) && empty($password)) {
echo 'Username and Password cannot be empty';
} else {
$check_login = mysqli_query($mysqli, "SELECT * FROM users WHERE username = '$username' AND password = '$pw' LIMIT 1") or die(mysqli_error($mysqli));
$rows = mysqli_num_rows($check_login);
if ($rows == 1) {
mysqli_query($mysqli, "UPDATE users SET login_ip = '$ipaddress' WHERE username = '$username' ") or die(mysqli_error($mysqli));
$_SESSION['username'] = $username;
header('location: home.php');
} else {
echo 'Your entries are Invalid';
}
}
}
?>
<div class="input-group margin-bottom-sm">
<span class="input-group-addon"><i class="fa fa-user fa-fw"></i></span>
<input class="form-control" name='username' type="text" placeholder="Username..."> <a href="forgot.php?forgot=username">Forgot Username?</a>
</div>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-key fa-fw"></i></span>
<input class="form-control" name='username' type="password" placeholder="Password..."> <a href="forgot.php?forgot=password">Forgot Passowrd?</a>
</div>
<div class="input-group">
<input class="form-control" name="submit" type="submit" value="Login"> <a href="register.php">Don't have an account?</a>
</div>
</form>
<?php
}
?>
<script>
function clearAutofill() {
if ( navigator.userAgent.toLowerCase().indexOf('chrome') >= 0 ) {
$('input[autocomplete="off"]').each( function(){
$(this).val('');
});
}
}
setTimeout(clearAutofill,500);
</script>
</div>
</div>
</div>
</body>
</html>
PS: session_start(); PS: session_start(); is in the functions file! 在功能文件中! Also if you need more code please ask! 另外,如果您需要更多代码,请询问! Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
3 2015-05-01 00:35:06
You have two inputs bearing the same name attribute name='username' 您有两个输入名称相同的属性attribute name='username'
<input class="form-control" name='username' type="text" placeholder="Username...">
<input class="form-control" name='username' type="password" placeholder="Password...">
Your password input should be named "password" and not "username". 您的密码输入应命名为“ password”而不是“ username”。
Sidenotes: 旁注:
It's best to add
exit;最好添加exit;after your header, otherwise your code may want to continue executing.在标头之后,否则您的代码可能要继续执行。 Regarding the use of
stripcslashes();关于stripcslashes()的使用; I cannot say for certain, but it may/could be doing some harm and stripping possible valid characters, especially for hashes.我不能肯定地说,但是它可能/可能会造成一些伤害并剥夺可能的有效字符,尤其是对于哈希。 If you're still experiencing difficulties, try to remove it from your code. 如果仍然遇到困难,请尝试将其从代码中删除。
Regarding password storage 关于密码存储
I noticed you are using sha1 for password storage. 我注意到您正在使用sha1进行密码存储。 It's not the best nowadays. 如今不是最好的。
Consult my footnotes about this. 请参考我的脚注。
I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. 我建议您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()函数。
For PHP < 5.5 use the password_hash() compatibility pack . 对于PHP <5.5,使用password_hash() compatibility pack 。
Pulled from ircmaxell's answer https://stackoverflow.com/a/29778421/ which uses PDO with prepared statements and password_hash() . 从ircmaxell的答案https://stackoverflow.com/a/29778421/中提取,该答案使用带有准备好的语句和password_hash() PDO 。
Just use a library. 只需使用一个库。 Seriously. 说真的 They exist for a reason. 它们存在是有原因的。
- PHP 5.5+: use
password_hash()PHP 5.5+:使用password_hash() - PHP 5.3.7+: use
password-compat(a compatibility pack for abovePHP 5.3.7+:使用password-compat(上述兼容包) - All others: use phpass 其他所有:使用phpass
Don't do it yourself. 不要自己做。 If you're creating your own salt, YOU'RE DOING IT WRONG . 如果您要创建自己的盐,那您就做错了 。 You should be using a library that handles that for you. 您应该使用一个为您处理的库。
$dbh = new PDO(...);
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $dbh->prepare("insert into users set username=?, email=?, password=?");
$stmt->execute([$username, $email, $hash]);
And on login: 并在登录时:
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();
if (isset($users[0]) {
if (password_verify($_POST['password'], $users[0]->password) {
// valid login
} else {
// invalid password
}
} else {
// invalid username
}
Add error reporting to the top of your file(s) which will help find errors. 将错误报告添加到文件顶部,这将有助于发现错误。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production. 旁注:错误报告仅应在登台进行,而不应在生产过程中进行。
Footnotes: 脚注:
Here are a few articles on sha1 that you may want to read: 以下是您可能需要阅读的有关sha1的几篇文章:
- Is SHA-1 secure for password storage? SHA-1是否安全存储密码?
- https://security.stackexchange.com/questions/67486/is-sha1-weak-for-ssl https://security.stackexchange.com/questions/67486/is-sha1-weak-for-ssl
- https://www.bentasker.co.uk/blog/security/201-why-you-should-be-asking-how-your-passwords-are-stored https://www.bentasker.co.uk/blog/security/201-why-you-should-be-asking-how-your-passwords-已存储
- http://en.wikipedia.org/wiki/SHA-1 http://en.wikipedia.org/wiki/SHA-1
- http://php.net/manual/en/faq.passwords.php http://php.net/manual/en/faq.passwords.php
- Why are common hashing functions such as md5 and sha1 unsuitable for passwords? 为什么常见的哈希函数(例如md5和sha1)不适合密码?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.