[英]Diagnosing PHP login form issues
我不是在尋找任何人為我做所有的工作,但我有一個開源項目,可以在大多數服務器上正常運行,但是在一個人的服務器上,當您注冊或登錄時,頁面只會刷新而不是登錄什么都沒有進入數據庫。
$ _POST的var_dump看起來一切都很好,我在表單中去除了許多數據驗證,但沒有骰子。
Chrome或Firefox / Firebug中是否有工具可以幫助我了解發生了什么? Chrome中的控制台日志基本上只是告訴我頁面已重新加載,但沒有其他內容。 我的所有錯誤均未返回該頁面。 這只是一個簡單的頁面刷新。
這是未編輯(減去一堆html)的登錄文件。 它基於名為UserCake的舊系統。 其中大多數是遺留代碼。 我將從頭開始完全重寫該項目。
<?php require_once("models/top-nav.php"); ?>
<!-- If you are going to include the sidebar, do it here -->
<?php //require_once("models/left-nav.php"); ?>
</div>
<!-- /.navbar-collapse -->
</nav>
<!-- PHP GOES HERE -->
<?php
//Prevent the user visiting the logged in page if he/she is already logged in
if(isUserLoggedIn()) { header("Location: account.php"); die(); }
//Forms posted
if(!empty($_POST))
{
$token = $_POST['csrf'];
if(!Token::check($token)){
die('Token doesn\'t match!');
}
//reCAPTCHA 2.0 check
// empty response
$response = null;
// check secret key
$reCaptcha = new ReCaptcha($privatekey);
// if submitted check response
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
$_SERVER["REMOTE_ADDR"],
$_POST["g-recaptcha-response"]
);
}
if ($response != null && $response->success) {
$errors = array();
$username = sanitize2(trim($_POST["username"]));
$password = trim($_POST["password"]);
//Perform some validation
//Feel free to edit / change as required
if($username == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if($password == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
//A security note here, never tell the user which credential was incorrect
if(!usernameExists($username))
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
}
else
{
$userdetails = fetchUserDetails($username);
//See if the user's account is activated
if($userdetails["active"]==0)
{
$errors[] = lang("ACCOUNT_INACTIVE");
}
else
{
//- THE OLD SYSTEM IS BEING REMOVED - Hash the password and use the salt from the database to compare the password.
//$entered_pass = generateHash($password,$userdetails["password"]);
$entered_pass = password_verify($password,$userdetails["password"]);
if($entered_pass != $userdetails["password"])
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); //MAKE UPGRADE CHANGE HERE
}
else
{
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$_SESSION["userCakeUser"] = $loggedInUser;
//Redirect to user account page
header("Location: account.php");
die();
}
}
}
}
}
?>
<?php
echo resultBlock($errors,$successes);
echo "
<div id='regbox'>
<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>
<p>
";
?>
<label>Username:</label>
<input class='form-control' type='text' name='username' />
</p>
<p>
<label>Password:</label>
<input class='form-control' type='password' name='password' />
</p>
<p><label>Please enter the words as they appear:</label>
<div class="g-recaptcha" data-sitekey="<?php echo $publickey; ?>"></div>
</p>
<p>
<label> </label>
<input class='btn btn-primary' type='submit' value='Login' class='submit' />
</p>
<input type="hidden" name="csrf" value="<?=Token::generate();?>" >
</form>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<!-- footer -->
<?php require_once("models/footer.php"); ?>
將錯誤報告添加到文件頂部,這將有助於發現錯誤。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
旁注:顯示錯誤僅應在登台中進行,而不應在生產中進行。
OP對此回應:
“ Fred-ii,您做到了,我忘了添加所有額外的錯誤報告!謝謝。我在服務器配置中禁用了https://包裝器,因為allow_url_fopen = 0錯誤。這顯然會幫助很多!– Dan胡佛”
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.