Javascript PHP登录脚本不支持';我不能在IE8或IE9中工作
我有一个使用PHP脚本登录用户的网站。它在大多数浏览器中运行良好,但IE8和IE9似乎在cookie方面遇到了问题。我读过很多类似的帖子,但到目前为止似乎没有任何帮助。你知道问题出在哪里吗?详情如下所示 我们将此代码用于登录脚本: 登录表单Javascript PHP登录脚本不支持';我不能在IE8或IE9中工作,javascript,php,jquery,internet-explorer,Javascript,Php,Jquery,Internet Explorer,我有一个使用PHP脚本登录用户的网站。它在大多数浏览器中运行良好,但IE8和IE9似乎在cookie方面遇到了问题。我读过很多类似的帖子,但到目前为止似乎没有任何帮助。你知道问题出在哪里吗?详情如下所示 我们将此代码用于登录脚本: 登录表单 答案在javascript中。基本上,IE8不允许更改字段的“类型”,并且有一个javascript函数对密码进行哈希运算,然后将值放入一个新字段中,将类型设置为隐藏。我刚刚将字段设置为隐藏,然后它就工作了。代码墙,咨询=>将错误报告添加到文件顶部错误报告(
答案在javascript中。基本上,IE8不允许更改字段的“类型”,并且有一个javascript函数对密码进行哈希运算,然后将值放入一个新字段中,将类型设置为隐藏。我刚刚将字段设置为隐藏,然后它就工作了。代码墙,咨询=>将错误报告添加到文件顶部
错误报告(E\u ALL);ini设置(“显示错误”,1);mysqli_报告(mysqli_报告错误| mysqli_报告严格)
如果您还没有这样做。wikihow应该是您最不应该查找的地方…任何在客户端对密码进行哈希运算都不会增加任何安全性,因为哈希后的密码相当于纯文本密码。请看这个问题:Re:我之前的评论。这段代码也在服务器上进行哈希运算,因此它不是一个安全问题。但是它完全没有必要,并且使您的登录依赖于javascript。这也是IE漏洞的来源。
<?php
if($error == 1) echo "<p class=\"error\">Your Log in information is incorrect</p>";
?>
<form class="form-horizontal" role="form" action="includes/process_login.php" method="post" name="login_form">
<div class="form-group">
<!-- <label for="inputEmail1" class="col-md-2 control-label">Email</label> -->
<div class="col-md-12">
<input type="email" class="form-control" id="inputEmail1" name="inputEmail1">
</div>
</div>
<div class="form-group">
<!-- <label for="inputPass1" class="col-md-2 control-label">Password</label> -->
<div class="col-md-12">
<input type="password" class="form-control" id="inputPass1" name="inputPass1">
</div>
</div>
</div>
</div>
</div>
</div>
<div id="login-content">
<div class="form-group">
<button type="submit" class="btn btn-default signin-btn" onclick="formhash(this.form, this.form.inputPass1);">Sign In</button>
</div>
</form>
<?php
header('P3P: CP="NOI ADM DEV COM NAV OUR STP"');
include_once 'db_connect.php';
include_once 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['inputEmail1'], $_POST['p'])) {
$email = $_POST['inputEmail1'];
$password = $_POST['p']; // The hashed password.
exit($email);
if (login($email, $password, $mysqli) == true) {
// Login success
header('Location: ../index.php');
} else {
// Login failed
header('Location: ../index.php?error=1');
}
} else {
// The correct POST variables were not sent to this page.
echo 'Invalid Request';
//checks login info against db
function login($email, $password, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT id, fname, lname, pass, salt, type_id
FROM users
WHERE email = ?
LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $fname, $lname, $db_password, $salt, $user_type);
$stmt->fetch();
// hash the password with the unique salt.
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
if (checkbrute($user_id, $mysqli) == true) {
// Account is locked
// Send an email to user saying their account is locked
return false;
} else {
// Check if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$user_type = preg_replace("/[^0-9]+/", "", $user_type);
$_SESSION['user_id'] = $user_id;
$_SESSION['user_type'] = $user_type;
// XSS protection as we might print this value
$username = preg_replace("/[^a-zA-Z0-9_\-]+/",
"",
$fname . $lname);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512',
$password . $user_browser);
// Login successful.
return true;
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time)
VALUES ('$user_id', '$now')");
return false;
}
}
} else {
// No user exists.
return false;
}
}
}