登录时访问被拒绝
[英]Access Denied on Php Login
问题描述
I have a buyer form, called "Buyer.php": 
我有一个买家表格,称为“ Buyer.php”:
<form method="post" action="check_buyer.php" id="LoggingInBuyer">
<div style="width:265px;margin:0; padding:0; float:left;">
<label>Username: <span><a href="#">Forgot Username?</span></a></label> <br />
<input id="UserReg" style="width:250px;" type="text" name="userName" tabindex="1" class="required" /></div>
<div style="width:265px;margin:0; padding:0; float:right;">
<label>Password: <span><a href="#">Forgot Password?</span></a></label> <br />
<input id="UserReg" style="width:250px;" type="password" name="userPass" tabindex="2" class="required" /></div>
<div class="clearB"> </div>
<input type="submit" style="width:100px; margin:10px 200px;" id="UserRegSubmit" name="submit" value="Login" tabindex="3" />
</form>
A file called check_buyer.php (in the same dir): 名为check_buyer.php的文件(在同一目录中):
<?php
session_start(); #recall session from index.php where user logged include()
function isLoggedIn()
{
if(isset($_SESSION['valid']) && $_SESSION['valid'])
header( 'Location: buyer/' ); # return true if sessions are made and login creds are valid
echo "Invalid Username and/or Password";
return false;
}
require_once('../inc/db/dbc.php');
$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);
$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uID, uUPass, dynamSalt, uUserType FROM User WHERE uUName = '$LoginUserName';";
function validateUser($ifUserExists['uID'], $ifUserExists['uUserType']) {
$_SESSION['valid'] = 1;
$_SESSION['uID'] = $uID;
$_SESSION['uUserType'] = $uUserType; // 1 for buyer - 2 for merchant
}
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such USER exists
{
echo "Invalid Username and/or Password";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);
$dynamSalt = $ifUserExists['dynamSalt']; #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass
if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
{
echo "Invalid Username and/or Password";
}else {
validateUser();
}
// If User *has not* logged in yet, keep on /login
if(!isLoggedIn())
{
header('Location: index.php');
die();
}
?>
// This is now throwing error of: Parse error: syntax error, unexpected '[', expecting ')' in on line 23 which is function validateUser($ifUserExists['uID'], $ifUserExists['uUserType']) { //现在抛出以下错误:解析错误:语法错误,第23行上的意外'[',期望')',它是function validateUser($ifUserExists['uID'], $ifUserExists['uUserType']) {
and the file "index.php" in the buyer/ directory: 并在Buyer /目录中添加文件“ index.php”:
<?php
session_start();
if($_SESSION['uUserType']!=1)
{
die("You may not view this page. Access denied.");
}
function isLoggedIn()
{
return (isset($_SESSION['valid']) && $_SESSION['valid']);
}
//if the user has not logged in
if(!isLoggedIn())
{
header('Location: index.php');
die();
}
?>
<?php
if($_SESSION['valid'] == 1){
#echo "<a href='../logout.php'>Logout</a>";
require_once('buyer_profile.php');
}else{
echo "<a href='../index.php'>Login</a>";
}
?>
The point of this is that when a username and password is entered, the user is logged in and directed to /buyer/index.php , to the buyer portion of that website. 这样做的目的是,输入用户名和密码后,用户将登录并定向到/buyer/index.php ,并指向该网站的buyer部分。 It seems everytime I login with the dummy credentials I made to test, it just blurts out : You may not view this page. Access denied 似乎每次我使用测试用的虚拟凭据登录时,它都会脱口而出: You may not view this page. Access denied You may not view this page. Access denied . You may not view this page. Access denied 。 But, then if I go back by pressing back arrow in browser it has me logged in and showing a link to logout . 但是,如果我按浏览器中的向后箭头返回,则可以logged in并showing a link to logout 。
I did some trouble shooting: 1) Shown here, to test my sql query is fine and indeed it is. 我进行了一些故障排除:1)如图所示,测试我的sql query是否正常,确实如此。 http://i.stack.imgur.com/n2b5z.png http://i.stack.imgur.com/n2b5z.png
2)Tried choing out echo 'the userid: ' . $userid; 2)尝试choing echo 'the userid: ' . $userid; echo 'the userid: ' . $userid; before it whines about You may not view.. and it doesn't print anything. 在它发出哀鸣之前, You may not view..并且它不会打印任何内容。
How do I go about getting this userID ? 我该如何获取该userID ? I double checked the field names in the database and all is fine.. 我仔细检查了数据库中的字段名称,一切都很好。
1 个解决方案
解决方案1
0 已采纳 2011-11-23 20:56:46
From a quick check, it looks like you're setting $_SESSION['uUserType'] = $userType in validateUser() , but don't seem to be passing in $userType itself to that function. 通过快速检查,您似乎在validateUser()设置了$_SESSION['uUserType'] = $userType ,但似乎没有将$userType本身传递给该函数。 So $_SESSION['uUserType'] won't be 1 , but $_SESSION['valid'] will be, because you're setting it to that in validateUser() . 因此$_SESSION['uUserType']不会为1 ,而$_SESSION['valid']将会为1,因为您是在validateUser()中将其设置为该值。
I suspect you should be passing valid data in to validateUser in order to set it into the session. 我怀疑您应该将有效数据传递给validateUser以便将其设置为会话。
eg 例如
validateUser($ifUserExists['uID'], $ifUserExists['uUserType']);
function validateUser($uID, $uUserType) {
$_SESSION['valid'] = 1;
$_SESSION['uID'] = $uID;
$_SESSION['uUserType'] = $uUserType; // 1 for buyer - 2 for merchant
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.