Php 登录页面不能作为未知页面的线索使用
快速提示:该线程因重复问题而关闭,但我发现的链接与“防止MySQL注入攻击”有关,这不是我想要的答案。如果转载这个问题违背了任何准则,我不介意把这篇文章删掉 我一直在一个在线预订网站上工作,当我在WAMP上运行它时,这些项目就可以运行了。我决定在ecowebhosting.com上托管一个月,我上传了我的项目/文件,并更改了我的“db.php”文件以匹配phpMyAdmin主机、用户名、密码等设置。但是我无法登录 这是我的网站的登录页面: 您可以注册,当我在phpMyAdmin上检查数据库时,用户已经注册,但是我无法登录,因为我登录任何帐户时都会发生这种情况: 我认为这与“dashboard.php”文件有关,所以我删除了“includeauth_session.php”以查看该文件是否有问题,但它正常工作。下面是“login.php”的代码副本:Php 登录页面不能作为未知页面的线索使用,php,mysql,system,appointment,Php,Mysql,System,Appointment,快速提示:该线程因重复问题而关闭,但我发现的链接与“防止MySQL注入攻击”有关,这不是我想要的答案。如果转载这个问题违背了任何准则,我不介意把这篇文章删掉 我一直在一个在线预订网站上工作,当我在WAMP上运行它时,这些项目就可以运行了。我决定在ecowebhosting.com上托管一个月,我上传了我的项目/文件,并更改了我的“db.php”文件以匹配phpMyAdmin主机、用户名、密码等设置。但是我无法登录 这是我的网站的登录页面: 您可以注册,当我在phpMyAdmin上检查数据库时,用
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Modern Haircut Designs</title>
<!-- Bootstrap css style sheet -->
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<!-- For the seperate stuff -->
<link href="coursework_style.css" rel="stylesheet">
<!-- Make sure to add this to the coursework style sheet so less files -->
<link href="login_style.css" rel="stylesheet">
<!-- To enable the javascript shenanigans -->
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js"></script>
</head>
<body>
<?php
require('db.php');
session_start();
if (isset($_POST['username'])) {
$username = stripslashes($_REQUEST['username']);
$username = mysqli_real_escape_string($con, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con, $password);
$query = "SELECT * FROM `users` WHERE username='$username'
AND password='$password'";
$result = mysqli_query($con, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['username'] = $username;
header("Location: dashboard.php");
} else {
//Might be necessary to create an error page so the user knows?
header("Location: login.php");
}
} else{
?>
<nav class="navbar navbar-fixed-top navbar-inverse">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/index.php">Modern Haircut Designs</a>
</div>
<div class="collapse navbar-collapse" id="navbar-collapse">
<ul class="nav navbar-nav navbar-right">
<li class="actif"><a href="/index.php">Home</a></li>
<li><a href="/index.php#services">Services</a></li>
<li><a href="/index.php#team">Our Team</a></li>
<li><a href="/index.php#reviews">Reviews</a></li>
<li><a href="/index.php#contact-us">Contact</a></li>
<li><a href="/login.php">Login</a></li>
</ul>
</div>
</div>
</nav>
<section class="login-cover">
<div class="wrapper fadeInDown">
<div id="formContent">
<div class="fadeIn first">
<img src="img/login_icon.jpg" id="icon" alt="MHC Logo" />
</div>
<form method="post" name="login">
<input type="text" id="login" class="fadeIn second" name="username" placeholder="Username" required>
<input type="password" id="password" class="fadeIn third" name="password" placeholder="Password" style="background-color: #f6f6f6;border: none;color: #0d0d0d;padding: 15px 32px;text-align: center;text-decoration: none;display: inline-block;font-size: 16px;margin: 5px;width: 85%;border: 2px solid #f6f6f6;transition: all;0.5s ease-in-out;border-radius: 5px 5px 5px 5px;" required>
<input type="submit" class="fadeIn fourth" value="Login" name="submit">
</form>
<div class="formFooter">
<a class="underlineHover" href="register.php" id="register">Register Here</a>
<a class="underlineHover" href="#" id="forgot_password">Forgot Password?</a>
</div>
</div>
</div>
</section>
<?php
}
?>
<footer style="bottom: 0; width: 100%;">
crafted with ♥ in Bangladesh by ###
</footer>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js"></script>
</body>
</html>
根据要求,以下是“dashboard.php”文件的标记:
<?php
//Reminder to include this for the booking part
include("auth_session.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Modern Haircut Designs</title>
<!-- Bootstrap Stuff -->
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
<!-- Coursework Style that's seperate -->
<link href="coursework_style.css" rel="stylesheet">
</head>
<body>
<nav class="#">
<div class="container">
<div class="#">
<button type="button" class="#">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="#" href="#top">Modern Haircut Designs</a>
</div>
<div class="#" id="#">
<ul class="#">
<li class="actif"><a href="#top">Home</a></li>
<li><a href="#services">Services</a></li>
<li><a href="#team">Our Team</a></li>
<?php
if($_SESSION['username'] == 'admin'){
?><li><a href="/bookings.php">Manage Appointments</a></li><?php
}else{
?><li><a href="/user-bookings.php">View Appointments</a></li>
<li><a href="/calendar.php">Book Appointment</a></li>
<?php
}
?>
<li><a href="/logout.php">Logout</a></li>
</ul>
</div>
</div>
</nav>
<div class="cover" id="top">
<div class="cover-text">
<h1>Hey, <?php echo $_SESSION['username']; ?>!</h1>
<p class="lead">Book an appointment now by clicking the button below</p>
<a href="calendar.php" role="button" class="btn btn-danger btn-lg">Get started!</a>
</div>
</div>
<section id="services">
<h2>Here is a list of the services we provide</h2>
<div class="container">
<div class="row">
#Text about the different types of haircuts
</section>
<section id="team">
<div class="container">
#Pictures and quotes of the different team members
</div>
</section>
<section id="contact-us">
<div class="container">
#ContactInformation here
</div>
</section>
<footer>
crafted with ♥ in Bangladesh by ###
</footer>
<!-- jQuery for javascript stuff-->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<!-- Bootstrap javascript code / might remove tho -->
<script src="bootstrap/js/bootstrap.min.js"></script>
</body>
</html>
正如@rickdenhaan所指出的,解决方案是将包含“header”部分的php代码块移动到文件的开头。我发现的另一个解决方案是使用javascript打开文件。使用带参数的准备语句查看并永远不要将密码存储为明文使用散列值请不要对密码应用转义字符串我只是为了测试目的将密码保存为明文。我使用password\u hash$password、password\u DEFAULT和password\u verify功能,但在我写作业时,我将其保留为清晰的文本,用于测试目的@我将从代码中删除转义字符串,谢谢。达曼:我会注意到这一点,我会确保阅读相关内容,并希望在几天内在我的代码中实现!你们还知道为什么当我尝试使用任何用户详细信息登录时,该网页会出现以下页面吗?可能没有关联,但您在$result=mysqli\u query$con、$query或diemsql\u error;行中混合了MySQL API;。改用mysqli_error$con。