Fatal编程技术网
  • php/
  • 正在检查Login.php-空白页?

正在检查Login.php-空白页?

php login

正在检查Login.php-空白页?,php,login,Php,Login,我正在开发一个基本的登录系统。我使用了很多源代码,其中很多代码都是从其他在线登录系统中提取的。问题是,当我将用户名和密码输入到loginpage.html中,并将其重定向到此文件时,我得到的是一个完全空白的页面 <?php error_reporting(E_ALL ^ E_NOTICE); include 'connectingshit.php'; //Basically naming a session and starting one session_name('litLogin

我正在开发一个基本的登录系统。我使用了很多源代码,其中很多代码都是从其他在线登录系统中提取的。问题是,当我将用户名和密码输入到
loginpage.html
中,并将其重定向到此文件时,我得到的是一个完全空白的页面

<?php
error_reporting(E_ALL ^ E_NOTICE);
include 'connectingshit.php'; 

//Basically naming a session and starting one
session_name('litLogin');

//The cookie is going to live for 2 weeks
session_set_cookie_params(2*7*24*60*60);

//Now we actually start the session
session_start();
ob_start();
if($_SESSION['id'] && !isset($_COOKIE['RemainLoggedIn']) && !$_SESSION['rememberMe'])
{
    // If you are logged in, but you don't have the cookie (browser restarts)
    // and you have not checked the rememberMe checkbox:
    $_SESSION = array();
    session_destroy();
    // Destroy the session
}

if(isset($_POST['submit'])) 
{
    //I hope I know what I am doing, this is supposed to hold our errors.
    $errors = array();

    if(!$_POST['username'] || !$_POST['password'])
        $errors[] = 'All the fields must be filled in buddyboy!';
    if(!count($errors)) 
    {
      //Assigning the input form shit to the variables/strings or wtf they are
      $tinkerbells_username = $_POST['username'];
      $tinkerbells_password = $_POST['password'];
      $_POST['rememberMe'] = (int)$_POST['rememberMe'];

      // We remove all dangerous characters (!!!!) WTF? Escaping them "WOW"...
      $tinkerbells_username = stripslashes($tinkerbells_username);
      $tinkerbells_password = stripslashes($tinkerbells_password);
      $tinkerbells_username = mysqli_real_escape_string($conn, $tinkerbells_username);
      $tinkerbells_password = mysqli_real_escape_string($conn, $tinkerbells_password);

      $row = mysqli_fetch_assoc('SELECT id, username, password FROM members WHERE username = "$niloquieroser_username" AND password = "$niloquieroser_password"');

      //Does basically the username exist when $row lookes for it in the database
      if(($row['username']) && ($niloquieroser_username == $tinkerbells_username && $niloquieroser_password == $tinkerbells_password))
      {
    //Now fortunately or unfortunatley if it did work and everything is fine
    //We can continue.....
    $_SESSION['username'] = $row['username'];
        $_SESSION['id'] = $row['id'];
    $_SESSION['rememberMe'] = $_POST['rememberMe'];

    //We store some data in the session
    setcookie('RemainLoggedIn',$_POST['rememberMe']);
    //cookie gets created
  }
  else $errors[]=("Wrongs username or/and password!");
    }
    header("Location: success.html");
    exit;
}
ob_end_flush();
?>


MySQL字符串应该是单引号;您正在对字符串而不是查询对象调用
mysqli\u fetch\u assoc
;您的变量不会被插值,因为PHP字符串使用单引号。并不是说你无论如何都应该插入它们;使用事先准备好的陈述


另外,请散列你该死的密码。
首先,修复你的查询。如果不使用双引号定义字符串,则无法在字符串中嵌入php值:


$query = "SELECT id, username, password FROM members WHERE username = '$niloquieroser_username' AND password = '$niloquieroser_password'";


你想用它来买一套。然后你可以这样循环:


$result = mysqli_query($link, $query);
while($row = mysqli_fetch_assoc($result)) {
    //echo $row['username'];
    ...
}



如果您设法使脚本正常工作,请注意,即使用户名/密码无效,您仍然会将它们重定向到
success.html
。您应该将
标题(“Location:success.html”)if
中,只检查一行的结果集,如果找不到该行,则回显错误消息。
那么错误是什么?请说明错误,以便我们知道在哪里查找。请缩进您的代码好吗?谢谢@Omulumo:强调使其工作,而不是安全,是50%的安全缺陷存在的原因。不要那样做。无论如何,请检查您的错误日志。我打赌你已经关闭了
display\u errors
。我记得mysql允许对字符串值使用双引号。

$result = mysqli_query($link, $query);
while($row = mysqli_fetch_assoc($result)) {
    //echo $row['username'];
    ...
}