这段代码有什么问题[PHP Cookies]
我有这个代码,但当我尝试加载页面时,它是空白的:(我用USERCOOKIEID和PASSCOOKIEID替换了cookie的实际名称,并删除了用户登录时发生的代码) } 谢谢看起来应该像这段代码有什么问题[PHP Cookies],php,cookies,login,Php,Cookies,Login,我有这个代码,但当我尝试加载页面时,它是空白的:(我用USERCOOKIEID和PASSCOOKIEID替换了cookie的实际名称,并删除了用户登录时发生的代码) } 谢谢看起来应该像 if(isset($_COOKIE['USERCOOKIEID'])) { $user = $_COOKIE['USERCOOKIEID']; $pass = $_COOKIE['PASSCOOKIEID']; $check = mysql_query("SELECT * FROM
if(isset($_COOKIE['USERCOOKIEID']))
{
$user = $_COOKIE['USERCOOKIEID'];
$pass = $_COOKIE['PASSCOOKIEID'];
$check = mysql_query("SELECT * FROM `users` WHERE `username`='$user'") or die();
if (mysql_result($check, 0, 'passwordcolnum') == $pass) {
} else {
//This is were the code goes for a user that is signed on
}
} else { //what happens if they don't have the cookie
header("Location: login.php");
}
另外,与其使用
mysql\u fetch\u array
,不如使用mysql\u result
,因为肯定只有一条记录,使用带有基本语法突出显示的IDE可以防止这些类型的错误。因此,此代码在当前状态下非常不安全,始终清理来自用户的任何数据,为了安全体系结构,任何系统都不应存储明文密码。始终不可逆地加密或散列它们,最好使用足够的salt,包括将散列与用户名、每用户salt和系统范围salt组合。这些步骤毫无用处。
if(isset($_COOKIE['USERCOOKIEID']))
{
$user = $_COOKIE['USERCOOKIEID'];
$pass = $_COOKIE['PASSCOOKIEID'];
$check = mysql_query("SELECT * FROM `users` WHERE `username`='$user'") or die();
if (mysql_result($check, 0, 'passwordcolnum') == $pass) {
} else {
//This is were the code goes for a user that is signed on
}
} else { //what happens if they don't have the cookie
header("Location: login.php");
}