php - 登录系统中的 if() 语句无法正常工作
问题描述
该代码仅在我尝试使用错误密码登录时才有效。但是当我尝试使用真实密码登录时,它会:
A)不回显这 4 行:
echo $email . "<br>";
echo $password . "<br>";
echo $dbemail . "<br>";
echo $dbpassword; // This is hash, and echoed for testing purposes
B) 不跳转到 index.phpheader()
截图:使用错误密码登录
截图:使用真实密码登录
它的 50 行代码:
<?php
if(isset($_POST['login_button'])) {
$email = strtolower($_POST['log_email']);
$email = filter_var($email, FILTER_SANITIZE_EMAIL); //sanitize email
$_SESSION['log_email'] = $email; //Store email into session variable
$password = $_POST['log_password'];
$check_database_query = mysqli_query($con, "SELECT * FROM users WHERE email='$email'");
$login_row = mysqli_fetch_array($check_database_query);
$dbemail = $login_row['email'];
$dbpassword = $login_row['password'];
//Echo $email, $password, $dbemail, $dbpassword
echo $email . "<br>";
echo $password . "<br>";
echo $dbemail . "<br>";
echo $dbpassword; // This is hash, and echoed for testing purposes
$check_login_query = mysqli_num_rows($check_database_query);
$row = mysqli_fetch_array($check_database_query);
if($check_login_query == 1){
if(password_verify($password, $dbpassword) == true) {
$username = $row['username'];
$user_closed_query = mysqli_query($con, "SELECT * FROM users WHERE email='$email' AND user_closed='yes'");
if(mysqli_num_rows($user_closed_query) == 1) {
$reopen_account = mysqli_query($con, "UPDATE users SET user_closed='no' WHERE email='$email'");
}
$_SESSION['username'] = $username;
//Be logged in after some time
if(isset($_POST['check_box'])) {
setcookie('email', $email, time() + 86400, "/");
setcookie('password', $password, time() + 86400, "/");
}
$check_login_query = "";
// Go to index
echo "redicerting to index...";
header("location: index.php");
exit();
}
else {
array_push($error_array, "<span class='error'>Email or password not working</span><br>");
}
}
else{
array_push($error_array, "<span class='error'>Email or password not working</span><br>");
}
}else{
echo "Login button not POSTed";
}
?>
//我的表格
<form action="register.php" accept-charset="utf-8" method="POST">
<div id="login_wrapper">
<label for="email">Your e-mail</label><br>
<label id="error_email" style="color: red;"></label>
<input type="text" id="email" name="log_email" value="<?php
if(isset($_SESSION['log_email'])) {
echo $_SESSION['log_email'];
}
?>" required>
<br>
<label for="password">Password</label><br>
<input type="password" id="password" accept-charset="utf-8" name="log_password" required>
<br>
<?php if(in_array("<span class='error'>Email or password not working</span><br>", $error_array)) echo "<span class='error'>Email or password not working</span><br>"; ?>
<input type="submit" name="login_button" value="Login">
<input type="checkbox" name="check_box">Remember me<br>
<br>
<a href="#" id="signup" class="signup">Dont have an accout? Sign Up!</a>
</div>
</form>
日志来自error.log:
[Mon Jan 21 15:22:44.064393 2019] [php7:notice] [pid 11540:tid 1960] [client ::1:61860] PHP Notice: Undefined variable: userLoggedIn in C:\\xampp\\htdocs\\drope\\index.php on line 70
[Mon Jan 21 15:43:43.163934 2019] [php7:crit] [pid 11540:tid 1960] [client ::1:63802] PHP Parse error: syntax error, unexpected 'if' (T_IF) in C:\\xampp\\htdocs\\drope\\includes\\form_handlers\\login_handler.php on line 4
也许我写得不好if()或者我的代码有错误,但我没有看到任何错误。
这也安全吗?或者我怎样才能提高安全性?也许不在 cookie 中存储哈希,但我如何在清除$_SESSIONs 后让用户保持登录状态?
//注意:问题不在 session_start 中,我已经开始了会话。
解决方案
文件好像有问题index.php。它似乎将您重定向回register.php
推荐阅读
- css - 定位 h2::after 包含 h2::before
- javascript - 为什么 Array.prototype.some() 不为空集返回 true?
- assembly - x86 汇编代码推送 ebx -- 分段错误
- c# - 我们如何将当前属性分配为等于新参数,然后在新值被关联时将其删除?
- javascript - 在 Material UI v3.6.0 中选择 Dropdown div 闪烁/触发两次
- android - 客户端证书的Android okhttp3错误
- go - 结构类型第一行:_ struct{}
- python - AWS 动态清单 python 错误,我该如何解决?
- eslint - 如何升级 Visual Studio 2019 中使用的 ESLint 版本?
- javascript - 用于验证输入文本字段的单个 JavaScript 函数