Php 登录脚本,cookie保存错误?
我有这个易于使用的登录我的网页,我已经使用了很长时间 现在我试图修改它一点,使我的用户名和密码存储在数据库中,而不是在文件中的明文 密码与MD5一起存储在数据库中,登录工作正常,但当我进入一个必须登录的站点时,我会被重新引导到登录屏幕,其中显示错误的密码 我做错了什么Php 登录脚本,cookie保存错误?,php,mysql,session,cookies,login,Php,Mysql,Session,Cookies,Login,我有这个易于使用的登录我的网页,我已经使用了很长时间 现在我试图修改它一点,使我的用户名和密码存储在数据库中,而不是在文件中的明文 密码与MD5一起存储在数据库中,登录工作正常,但当我进入一个必须登录的站点时,我会被重新引导到登录屏幕,其中显示错误的密码 我做错了什么 <?php $un = $_POST['user']; require_once ('/inc/login_conn.php'); $dsn = "mysql:Server=$Lhost:$Lport;Databas
<?php
$un = $_POST['user'];
require_once ('/inc/login_conn.php');
$dsn = "mysql:Server=$Lhost:$Lport;Database=$Ldb";
$sql = "SELECT * FROM Users WHERE UserName= '$un'";
$stmt = $conn->prepare($sql);
$stmt->execute ();
$sett1= $stmt->fetch(PDO::FETCH_ASSOC);
$user = $sett1['UserName'];
$pass = $sett1['Password'];
define('LOGIN_USER', "$user");
//define('LOGIN_USER', "USERNAME");
define('LOGIN_PASS', "$pass");
//define('LOGIN_PASS', "PASSWORD");
class Login {
// unique prefix that is used with this object (on cookies and password salt)
var $prefix = "login_";
// days "remember me" cookies will remain
var $cookie_duration = 1;
var $user = "";
var $pass = "";
function authorize() {
//save cookie info to session
if(isset($_COOKIE[$this->prefix.'user'])){
$_SESSION[$this->prefix.'user'] = $_COOKIE[$this->prefix.'user'];
$_SESSION[$this->prefix.'pass'] = $_COOKIE[$this->prefix.'pass'];
}
// else{echo "no cookie<br>";}
//if setting vars
if(isset($_POST['action']) && $_POST['action'] == "set_login"){
$this->user = $_POST['user'];
$this->pass = md5($this->prefix.md5($_POST['pass'])); //hash password. salt with prefix
$this->check();//dies if incorrect
//if "remember me" set cookie
if(isset($_POST['remember'])){
setcookie($this->prefix."user", $this->user, time()+($this->cookie_duration*86400));// (d*24h*60m*60s)
setcookie($this->prefix."pass", $this->pass, time()+($this->cookie_duration*86400));// (d*24h*60m*60s)
}
//set session
$_SESSION[$this->prefix.'user'] = $this->user;
$_SESSION[$this->prefix.'pass'] = $this->pass;
}
//if forced log in
elseif(isset($_GET['action']) && $_GET['action'] == "prompt"){
session_unset();
session_destroy();
//destroy any existing cookie by setting time in past
if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25));
if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25));
$this->prompt();
}
//if clearing the login
elseif(isset($_GET['action']) && $_GET['action'] == "clear_login"){
session_unset();
session_destroy();
//destroy any existing cookie by setting time in past
if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25));
if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25));
$msg = '<h2 class="msg">**Logout complete**</h2>';
$this->prompt($msg);
}
//prompt for
elseif(!isset($_SESSION[$this->prefix.'pass']) || !isset($_SESSION[$this->prefix.'user'])){
$this->prompt();
}
//check the pw
else{
$this->user = $_SESSION[$this->prefix.'user'];
$this->pass = $_SESSION[$this->prefix.'pass'];
$this->check();//dies if incorrect
}
}#-#authorize()
function check(){
if(md5($this->prefix . LOGIN_PASS) != $this->pass || LOGIN_USER != $this->user){
//destroy any existing cookie by setting time in past
if(!empty($_COOKIE[$this->prefix.'user'])) setcookie($this->prefix."user", "blanked", time()-(3600*25));
if(!empty($_COOKIE[$this->prefix.'pass'])) setcookie($this->prefix."pass", "blanked", time()-(3600*25));
session_unset();
session_destroy();
$msg='<h2 class="warn">Incorrect username or password</h2>';
$this->prompt($msg);
}
}#-#check()
function prompt($msg=''){
?>
在我试图从db获取我的用户名和密码之前:
$this->pass = md5($this->prefix.$_POST['pass']); //hash password. salt with prefix
并用我的哈希密码登录,它似乎仍然不起作用。。。。那么问题可能在其他地方?如果我将define_user和define_pass设置为static vars,它就像一个符咒…尝试显示
echo md5($this->prefix.LOGIN_pass)。“!=”$此->通过。“||”。登录用户。“!=”$这个->用户
@初学者哦,等等,B7917109458BF9B466F4CBFFDD7BF87!=5EAF12A1B336 DEBA86E0EE94817C5BE3 | |!=把它放在前面condition@Beginner编辑了我的评论,但是通行证应该是fde02ddf8aaadbe8c88c2c8f929ed861,root是我登录的帐户,您在db中的值是fde02ddf8aaadbe8c88c2c8f929ed861吗?
$this->pass = md5($this->prefix.md5($_POST['pass'])); //hash password. salt with prefix
$this->pass = md5($this->prefix.$_POST['pass']); //hash password. salt with prefix