PHP Cookie登錄系統
[英]PHP Cookie Login System
問題描述
我的cookie在查找從登錄頁面存儲的cookie時遇到問題,這是我的登錄頁面代碼:
<?php
// Connects to your Database
include("dbconnect.php");
mysql_select_db("maxgee_close2");
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$password = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($password != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
//gives error if the password is wrong
if ($_POST['password'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */
//then redirect them to the members area and the line with the error
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<h1>Login</h1>
Username:
<input type="text" name="username" maxlength="40">
Password:
<input type="password" name="password" maxlength="50">
<input type="submit" name="submit" value="Login">
</form>
<?php
}
include("topsite.php");
?>
會員頁面:這是無法找到Cookie的頁面,我已找到保存在瀏覽器中的Cookie,此頁面無法找到它們:
<?php
include("dbconnect.php");
mysql_select_db("maxgee_close2");
//checks cookies to make sure they are logged in
if(isset($_COOKIE['maxgee.me']))
{
$username = $_COOKIE['maxgee.me'];
$password = $_COOKIE['maxgee.me'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
//if the cookie has the wrong password, they are taken to the login page
if ($password != $info['password'])
{ header("Location: login_test.php");
}
//otherwise they are shown the admin area
else
{
echo "Admin Area<p>";
echo "Your Content<p>";
echo "<a href=logout.php>Logout</a>";
}
}
}
else
//if the cookie does not exist, they are taken to the login screen
{
header("Location: login_test.php");
}
?>
2 個解決方案
解決方案1
0 已采納 2012-10-22 05:54:32
您在登錄腳本中有錯誤。
if(!$_POST['username'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
它應該是
if(!$_POST['username'] || !$_POST['password']) {
die('You did not fill in a required field.');
}
你也不會存儲您的登錄網頁的Cookie。 尋找評論
// if login is ok then we add a cookie
您尚未在此處添加Cookie。 以下是添加cookie的方法。
setcookie("TestCookie", $value);
以下是隨時間設置Cookie的方法。
setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */
下面是檢索cookie的方法。
echo $_COOKIE["TestCookie"];
解決方案2
0 2012-10-22 05:59:37
我意識到這可能不是您想聽到的,但我認為您需要重新開始編寫此代碼。 對於初學者來說,您直接編寫$ _POST,這在調試時是個壞主意。 另外,您似乎將密碼以明文形式存儲在數據庫中以及將其存儲在cookie中! 您的網站將成為黑客的夢想。 請查看這篇文章:
Cookie Stealer /登錄系統(PHP)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.