正在检查Login.php-空白页?
我正在开发一个基本的登录系统。我使用了很多源代码,其中很多代码都是从其他在线登录系统中提取的。问题是,当我将用户名和密码输入到正在检查Login.php-空白页?,php,login,Php,Login,我正在开发一个基本的登录系统。我使用了很多源代码,其中很多代码都是从其他在线登录系统中提取的。问题是,当我将用户名和密码输入到loginpage.html中,并将其重定向到此文件时,我得到的是一个完全空白的页面 <?php error_reporting(E_ALL ^ E_NOTICE); include 'connectingshit.php'; //Basically naming a session and starting one session_name('litLogin
loginpage.html
中,并将其重定向到此文件时,我得到的是一个完全空白的页面
<?php
error_reporting(E_ALL ^ E_NOTICE);
include 'connectingshit.php';
//Basically naming a session and starting one
session_name('litLogin');
//The cookie is going to live for 2 weeks
session_set_cookie_params(2*7*24*60*60);
//Now we actually start the session
session_start();
ob_start();
if($_SESSION['id'] && !isset($_COOKIE['RemainLoggedIn']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the cookie (browser restarts)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_POST['submit']))
{
//I hope I know what I am doing, this is supposed to hold our errors.
$errors = array();
if(!$_POST['username'] || !$_POST['password'])
$errors[] = 'All the fields must be filled in buddyboy!';
if(!count($errors))
{
//Assigning the input form shit to the variables/strings or wtf they are
$tinkerbells_username = $_POST['username'];
$tinkerbells_password = $_POST['password'];
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// We remove all dangerous characters (!!!!) WTF? Escaping them "WOW"...
$tinkerbells_username = stripslashes($tinkerbells_username);
$tinkerbells_password = stripslashes($tinkerbells_password);
$tinkerbells_username = mysqli_real_escape_string($conn, $tinkerbells_username);
$tinkerbells_password = mysqli_real_escape_string($conn, $tinkerbells_password);
$row = mysqli_fetch_assoc('SELECT id, username, password FROM members WHERE username = "$niloquieroser_username" AND password = "$niloquieroser_password"');
//Does basically the username exist when $row lookes for it in the database
if(($row['username']) && ($niloquieroser_username == $tinkerbells_username && $niloquieroser_password == $tinkerbells_password))
{
//Now fortunately or unfortunatley if it did work and everything is fine
//We can continue.....
$_SESSION['username'] = $row['username'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
//We store some data in the session
setcookie('RemainLoggedIn',$_POST['rememberMe']);
//cookie gets created
}
else $errors[]=("Wrongs username or/and password!");
}
header("Location: success.html");
exit;
}
ob_end_flush();
?>
MySQL字符串应该是单引号;您正在对字符串而不是查询对象调用mysqli\u fetch\u assoc
;您的变量不会被插值,因为PHP字符串使用单引号。并不是说你无论如何都应该插入它们;使用事先准备好的陈述
另外,请散列你该死的密码。首先,修复你的查询。如果不使用双引号定义字符串,则无法在字符串中嵌入php值:
$query = "SELECT id, username, password FROM members WHERE username = '$niloquieroser_username' AND password = '$niloquieroser_password'";
你想用它来买一套。然后你可以这样循环:
$result = mysqli_query($link, $query);
while($row = mysqli_fetch_assoc($result)) {
//echo $row['username'];
...
}
如果您设法使脚本正常工作,请注意,即使用户名/密码无效,您仍然会将它们重定向到success.html
。您应该将标题(“Location:success.html”)在if
中,只检查一行的结果集,如果找不到该行,则回显错误消息。那么错误是什么?请说明错误,以便我们知道在哪里查找。请缩进您的代码好吗?谢谢@Omulumo:强调使其工作,而不是安全,是50%的安全缺陷存在的原因。不要那样做。无论如何,请检查您的错误日志。我打赌你已经关闭了display\u errors
。我记得mysql允许对字符串值使用双引号。
$result = mysqli_query($link, $query);
while($row = mysqli_fetch_assoc($result)) {
//echo $row['username'];
...
}