PHP $ _session + MySQL。 我究竟做錯了什么?
[英]PHP $_session + MySQL. What am I doing wrong?
問題描述
好的。 讓我解釋一下以下代碼存在的問題。 我真的很抱歉這太混亂了,我知道那是一團糟,但是請在這里忍受。 我正在嘗試為比特幣賭博類型的網站創建登錄和注冊系統。 寄存器系統已經在工作,它使用與下面幾乎相同的代碼。 問題是,我正在嘗試解決一個問題,該問題在每次刷新頁面時都會自動注銷。 這就是為什么我嘗試使用cookie,mysql和php會話的原因。 一切都在下面的代碼中列出。 它是如何工作的:
• Encrypts the password (using e.g. AES) with a random key of sufficient length
• Stores the encrypted password and username in the session
• Stores the encryption key in a cookie
現在我已經明白了,但是我不明白我在做什么錯。 我已經開始把class / user.php搞得一團糟,我認為問題出在class / user.php里面,我不太確定問題到底是怎么解決的。 是因為我忘記將Session包含在其中嗎? 或者是否有推薦的方式來檢查有關php會話的mysql。 我的目標是建立一個可以正常工作的登錄系統,該系統不會刷新使您注銷。 它可以使您保持登錄狀態24小時,或者直到您單擊注銷按鈕(結束會話)為止。 如果也需要包括注冊功能,那么我可以這樣做。 但是就像我說的一樣,它的代碼基本相同。 提前致謝。
也是之前。 這是MySQL提供的錯誤+在登錄頁面上彈出的代碼:
SQLSTATE[42000]: Syntax error or access violation: 1065 Query was emptyWelcome
Encrypted: Chyfz4l6k6DbsQkGa+jX2g==
Decrypted: password
index.php:
<?php
include_once("config.php");
?>
<?php if( !(isset( $_POST['login'] ) ) ) { ?>
<?php $username = $_POST['username']; ?>
<?php $password = $_POST['password']; ?>
<?php
//$_COOKIE["bpuser"];
//$_COOKIE["bpass"];
$secretHash = "6U7T5Sa1f0a7dRUhNila715y088D94XZ";
$encryptionMethod = "AES-256-CBC";
//To encrypt
$encryptedPassword = openssl_encrypt($password, $encryptionMethod, $secretHash);
//To Decrypt
$decryptedPassword = openssl_decrypt($encryptedPassword, $encryptionMethod, $secretHash);
//Result
//echo "Encrypted: $encryptedPassword <br>Decrypted: $decryptedPassword";
session_start();
$_SESSION["username"] = "".$username;
$_SESSION["password"] = "".$encryptedPassword;
setcookie("site.me", $secretHash, time()+(3600*24), '/', '.site.me');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title>Site | Login</title>
<!-- Bootstrap Core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Custom CSS -->
<style>
body {
padding-top: 70px;
/* Required padding for .navbar-fixed-top. Remove if using .navbar-static-top. Change if height of navigation changes. */
}
</style>
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<style>
</style>
<!-- Navigation -->
<nav class="navbar navbar-default navbar-fixed-top device-fixed-width yamm" role="navigation">
<div class="container">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<style>
</style>
<a class="navbar-brand" href="/beta/">Site</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li>
<a href="#"> </a>
</li>
<li>
<a href="/beta/register">Register</a>
</li>
<li>
<a href="/beta/login">Login</a>
</li>
</ul>
</div>
<!-- /.navbar-collapse -->
</div>
<!-- /.container -->
</nav>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script> <div>
<!-- /.container -->
</nav>
<div class="page-header">
<h1><center>Login with Site</center></h1>
</div>
<div class="container-fluid">
<section class="container">
<div class="container-page">
<div class="col-md-6"> <h3 class="dark-grey">Login to Site</small></a></h3>
<form method="post" action="">
<div class="form-group col-lg-12">
<label>Username</label>
<input type="text" name="username" class="form-control" id="" value="">
</div>
<div class="form-group col-lg-12">
<label>Password</label>
<input type="password" name="password" class="form-control" id="" value="">
</div>
</div>
<div class="col-md-6">
edited out
</div>
</div>
</div>
<div id="mydiv" style="position: absolute; top:400px; left:530px; width:50px; height:50px;">
<input type="submit" name="login" class="btn btn-primary"></button>
</div>
</div>
</div>
</section>
</div>
<?php
} else {
$usr = new Users;
$usr->storeFormValues( $_POST );
if( $usr->userLogin() ) {
echo "Welcome";
$username = $_POST['username'];
$password = $_POST['password'];
//$_COOKIE["bpuser"];
//$_COOKIE["bpass"];
//$secretHash = "6U7T5Sa1f0a7dRUhNila715y088D94XZ";
$secretHash2 = "".$_COOKIE[$site.me];
$encryptionMethod = "AES-256-CBC";
//To encrypt
$encryptedPassword = openssl_encrypt($password, $encryptionMethod, $secretHash2);
//To Decrypt
$decryptedPassword = openssl_decrypt($encryptedPassword, $encryptionMethod, $secretHash2);
//Result
echo "<br>Encrypted: $encryptedPassword <br>Decrypted: $decryptedPassword";
session_start();
$_SESSION["username"] = "".$username;
$_SESSION["password"] = "".$encryptedPassword;
} else {
echo "Incorrect Username/Password";
}
}
?>
config.php:
<?php
session_start();
//set off all error for security purposes
error_reporting(E_ALL);
//define some contstant
define( "DB_DSN", "mysql:host=localhost;dbname=login" );
define( "DB_USERNAME", "root" );
define( "DB_PASSWORD", "removed" );
define( "CLS_PATH", "class" );
//include the classes
include_once( CLS_PATH . "/user.php" );
?>
類/user.php:
<?php
class Users {
public $username = null;
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
public function __construct( $data = array() ) {
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}
public function storeFormValues( $params ) {
//store the parameters
$this->__construct( $params );
}
public function userLogin() {
$success = true;
try{
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
//$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";
mysql_query("SELECT * FROM users WHERE username={$_SESSION['username']} LIMIT 1");
$stmt = $con->prepare( $mysql_query );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetchColumn();
if( $valid ) {
$success = true;
echo "validated";
}
$con = null;
return $success;
}catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
public function register() {
$correct = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO users(username, password) VALUES(:username, :password)";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='/beta/login'>Login Now</a>";
}catch( PDOException $e ) {
return $e->getMessage();
}
}
}
?>
1 個解決方案
解決方案1
0 已采納 2015-04-21 04:50:59
好的,這段代碼有很多錯誤(從某種意義上說,我很難理解發生了什么),因此我將寫下一些偽代碼,希望這些代碼可以告訴您在此登錄過程中我想要發生的事情的順序。
start session
if not user set
if cookie set
decrypt cookie
check if valid user
set session to user
else if form info posted
check if valid user
encrypt cookie
store cookie
set session to user
else
show login form
else
show protected page
其他一些評論是
- 您讀取了錯誤的Cookie值,該值應為“ site.me”而不是$ site.me
- “未提交登錄”部分中的大多數代碼未使用。
- 您會在登錄部分錯過setcookie函數
- 您可以只使用
new User($_POST)來代替帶有storeFormValues的怪異構造。
希望這可以幫助!
PHP / MYSQL我在做什么錯
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.