PHP $ _session + MySQL。 我究竟做错了什么?
[英]PHP $_session + MySQL. What am I doing wrong?
问题描述
好的。 让我解释一下以下代码存在的问题。 我真的很抱歉这太混乱了,我知道那是一团糟,但是请在这里忍受。 我正在尝试为比特币赌博类型的网站创建登录和注册系统。 寄存器系统已经在工作,它使用与下面几乎相同的代码。 问题是,我正在尝试解决一个问题,该问题在每次刷新页面时都会自动注销。 这就是为什么我尝试使用cookie,mysql和php会话的原因。 一切都在下面的代码中列出。 它是如何工作的:
• Encrypts the password (using e.g. AES) with a random key of sufficient length
• Stores the encrypted password and username in the session
• Stores the encryption key in a cookie
现在我已经明白了,但是我不明白我在做什么错。 我已经开始把class / user.php搞得一团糟,我认为问题出在class / user.php里面,我不太确定问题到底是怎么解决的。 是因为我忘记将Session包含在其中吗? 或者是否有推荐的方式来检查有关php会话的mysql。 我的目标是建立一个可以正常工作的登录系统,该系统不会刷新使您注销。 它可以使您保持登录状态24小时,或者直到您单击注销按钮(结束会话)为止。 如果也需要包括注册功能,那么我可以这样做。 但是就像我说的一样,它的代码基本相同。 提前致谢。
也是之前。 这是MySQL提供的错误+在登录页面上弹出的代码:
SQLSTATE[42000]: Syntax error or access violation: 1065 Query was emptyWelcome
Encrypted: Chyfz4l6k6DbsQkGa+jX2g==
Decrypted: password
index.php:
<?php
include_once("config.php");
?>
<?php if( !(isset( $_POST['login'] ) ) ) { ?>
<?php $username = $_POST['username']; ?>
<?php $password = $_POST['password']; ?>
<?php
//$_COOKIE["bpuser"];
//$_COOKIE["bpass"];
$secretHash = "6U7T5Sa1f0a7dRUhNila715y088D94XZ";
$encryptionMethod = "AES-256-CBC";
//To encrypt
$encryptedPassword = openssl_encrypt($password, $encryptionMethod, $secretHash);
//To Decrypt
$decryptedPassword = openssl_decrypt($encryptedPassword, $encryptionMethod, $secretHash);
//Result
//echo "Encrypted: $encryptedPassword <br>Decrypted: $decryptedPassword";
session_start();
$_SESSION["username"] = "".$username;
$_SESSION["password"] = "".$encryptedPassword;
setcookie("site.me", $secretHash, time()+(3600*24), '/', '.site.me');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title>Site | Login</title>
<!-- Bootstrap Core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Custom CSS -->
<style>
body {
padding-top: 70px;
/* Required padding for .navbar-fixed-top. Remove if using .navbar-static-top. Change if height of navigation changes. */
}
</style>
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<style>
</style>
<!-- Navigation -->
<nav class="navbar navbar-default navbar-fixed-top device-fixed-width yamm" role="navigation">
<div class="container">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<style>
</style>
<a class="navbar-brand" href="/beta/">Site</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li>
<a href="#"> </a>
</li>
<li>
<a href="/beta/register">Register</a>
</li>
<li>
<a href="/beta/login">Login</a>
</li>
</ul>
</div>
<!-- /.navbar-collapse -->
</div>
<!-- /.container -->
</nav>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script> <div>
<!-- /.container -->
</nav>
<div class="page-header">
<h1><center>Login with Site</center></h1>
</div>
<div class="container-fluid">
<section class="container">
<div class="container-page">
<div class="col-md-6"> <h3 class="dark-grey">Login to Site</small></a></h3>
<form method="post" action="">
<div class="form-group col-lg-12">
<label>Username</label>
<input type="text" name="username" class="form-control" id="" value="">
</div>
<div class="form-group col-lg-12">
<label>Password</label>
<input type="password" name="password" class="form-control" id="" value="">
</div>
</div>
<div class="col-md-6">
edited out
</div>
</div>
</div>
<div id="mydiv" style="position: absolute; top:400px; left:530px; width:50px; height:50px;">
<input type="submit" name="login" class="btn btn-primary"></button>
</div>
</div>
</div>
</section>
</div>
<?php
} else {
$usr = new Users;
$usr->storeFormValues( $_POST );
if( $usr->userLogin() ) {
echo "Welcome";
$username = $_POST['username'];
$password = $_POST['password'];
//$_COOKIE["bpuser"];
//$_COOKIE["bpass"];
//$secretHash = "6U7T5Sa1f0a7dRUhNila715y088D94XZ";
$secretHash2 = "".$_COOKIE[$site.me];
$encryptionMethod = "AES-256-CBC";
//To encrypt
$encryptedPassword = openssl_encrypt($password, $encryptionMethod, $secretHash2);
//To Decrypt
$decryptedPassword = openssl_decrypt($encryptedPassword, $encryptionMethod, $secretHash2);
//Result
echo "<br>Encrypted: $encryptedPassword <br>Decrypted: $decryptedPassword";
session_start();
$_SESSION["username"] = "".$username;
$_SESSION["password"] = "".$encryptedPassword;
} else {
echo "Incorrect Username/Password";
}
}
?>
config.php:
<?php
session_start();
//set off all error for security purposes
error_reporting(E_ALL);
//define some contstant
define( "DB_DSN", "mysql:host=localhost;dbname=login" );
define( "DB_USERNAME", "root" );
define( "DB_PASSWORD", "removed" );
define( "CLS_PATH", "class" );
//include the classes
include_once( CLS_PATH . "/user.php" );
?>
类/user.php:
<?php
class Users {
public $username = null;
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
public function __construct( $data = array() ) {
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}
public function storeFormValues( $params ) {
//store the parameters
$this->__construct( $params );
}
public function userLogin() {
$success = true;
try{
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
//$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";
mysql_query("SELECT * FROM users WHERE username={$_SESSION['username']} LIMIT 1");
$stmt = $con->prepare( $mysql_query );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetchColumn();
if( $valid ) {
$success = true;
echo "validated";
}
$con = null;
return $success;
}catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
public function register() {
$correct = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO users(username, password) VALUES(:username, :password)";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='/beta/login'>Login Now</a>";
}catch( PDOException $e ) {
return $e->getMessage();
}
}
}
?>
1 个解决方案
解决方案1
0 已采纳 2015-04-21 04:50:59
好的,这段代码有很多错误(从某种意义上说,我很难理解发生了什么),因此我将写下一些伪代码,希望这些代码可以告诉您在此登录过程中我想要发生的事情的顺序。
start session
if not user set
if cookie set
decrypt cookie
check if valid user
set session to user
else if form info posted
check if valid user
encrypt cookie
store cookie
set session to user
else
show login form
else
show protected page
其他一些评论是
- 您读取了错误的Cookie值,该值应为“ site.me”而不是$ site.me
- “未提交登录”部分中的大多数代码未使用。
- 您会在登录部分错过setcookie函数
- 您可以只使用
new User($_POST)来代替带有storeFormValues的怪异构造。
希望这可以帮助!
PHP / MYSQL我在做什么错
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.