1. 首頁
  2. 問答
  3. 與php使用會話時出錯

與php使用會話時出錯

2017-05-08 105 views
1

我正在使用JS,JQuery和PHP的簡單登錄頁面。與php使用會話時出錯

的login.php

<!DOCTYPE html> 
<head> 
    <title>Login activity to learn AJAX</title> 
    <link rel="stylesheet" type="text/css" href="login.css"> 
    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script> 
    <script type="text/javascript" src="login.js"></script> 
</head> 
<body> 
    <h1>AJAX learning</h1> 
    <h2>Login below to continue</h2> 
    <div class="row"> 
     <p>User ID:</p> 
    </div> 
    <div class="row"> 
     <p><input type="text" name="uid" id="usr"></p> 
    </div> 
    <div class="row"> 
     <p>Password:</p> 
    </div> 
    <div class="row"> 
     <p><input type="password" name="pwd"></p> 
    </div> 
    <div class="row"> 
     <p><input type="button" onclick="checkLogin()" value="Login"></p> 
    </div> 
    <div class="row"> 
     <p id="status"></p> 
    </div> 
</body>

login.js

function ajaxRequest(){ 
var activexmodes=["Msxml2.XMLHTTP", "Microsoft.XMLHTTP"] //activeX versions to check for in IE 
if (window.ActiveXObject){ //Test for support for ActiveXObject in IE first (as XMLHttpRequest in IE7 is broken) 
    for (var i=0; i<activexmodes.length; i++){ 
    try{ 
    return new ActiveXObject(activexmodes[i]) 
    } 
    catch(e){ 
    } 
    } 
} 
else if (window.XMLHttpRequest) // if Mozilla, Safari etc 
    return new XMLHttpRequest() 
else 
    return false 
} 
function checkLogin(){ 
    var xhttp=new ajaxRequest(); 
    var uid=$('input[name=uid]').val(); 
    var pwd=$('input[name=pwd]').val(); 
    xhttp.open("POST","do_login.php",true); 
    xhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"); 
    var param = "UID="+uid+"&PASS="+pwd; 
    xhttp.send(param); 
    xhttp.onreadystatechange=function(){ 
     if(xhttp.readyState == 4){ 
      if(xhttp.status==200){ 
       generateResponse(xhttp.responseText,uid); 
      } 
      else{ 
       window.alert("Error while making request"); 
      } 
     } 
    } 
} 
function generateResponse(data,uid){ 
    if(data==="Error 1"){ 
     $("#status").text("USER NOT FOUND!"); 
     $("input[name=uid]").val(""); 
     $("input[name=pwd]").val(""); 
    } 
    else if(data==="Error 2"){ 
     $("#status").text("INCORRECT PASSWORD!"); 
     $("input[name=pwd]").val(""); 
    } 
    else{ 
     window.location='page2.php'; 
    } 
}

do_login.php

<?php 
    session_start(); 
    $uid=$_POST['UID']; 
    $pass=$_POST['PASS']; 

    $connection = mysqli_connect("localhost","shreyansh","","ajax"); 
    $query1 = "SELECT user FROM login WHERE user = '$uid' AND pass = '$pass' "; 
    $query2 = "SELECT user FROM login WHERE user = '$uid'"; 
    $result = mysqli_fetch_array(mysqli_query($connection,$query1)); 
    // checking credentials 
    $response = ""; 
    if(count($result)==0){ 
     $res = mysqli_fetch_array(mysqli_query($connection,$query2)); 
     if(count($res)==0){ 
      $response = "Error 1"; 
     } 
     else 
      $response = "Error 2"; 
    } 
    else{ 
     $_SESSION['username']=$uid; 
    } 
    echo $response; 
?>

使page2.php

<?php 
    session_start(); 
    if(!isset($_SESSION['username']) || empty($_SESSION['username'])) 
    header("Location: login.php"); 
?> 
<!DOCTYPE html> 
<head> 
    <title>Welcome Page</title> 
    <script type="text/javascript" src="login.js"></script> 
</head> 
<body> 
    <p>Hello <?php echo $_SESSION['username']?> </p> 
</body>

主要目標是在login.php頁面中顯示錯誤消息,並在證書正確的情況下重定向到page2.php
按下登錄按鈕時,頁面會被重定向到page2.php,但不會顯示任何內容。整個網頁是空白的。請確定我的代碼中的錯誤。

來源

2017-05-08 user3422177

+2

你必須在'do_login.php'頁面的頂部添加'session_start();'。從'else'部分移除並添加在頂部,並檢查 –

+0

嘗試這樣做。仍然不起作用 – user3422177

+0

添加session_start();在頁面頂部的do_login.php中,並從page2.php中刪除 –

回答

2

你必須在代碼中一個錯字:

<?php 
    session_start(); 
    if(!isset($_SESSION(['username'])) || empty($_SESSION['username'])) 
    header("Location: login.php"); 
?>

$_SESSION不是那麼使用它與()函數會返回一個錯誤。也只是一個頭不會阻止頁面運行,所以你的代碼仍然會被執行。你必須防止設置位置標頭

<?php 
    session_start(); 
    if(!isset($_SESSION['username']) || empty($_SESSION['username'])) { 
     header("Location: login.php"); 
     die(); 
    } 
?>

你也有一個MySQL注入您的SQL後的代碼執行"SELECT user FROM login WHERE user = '$uid'"https://en.wikipedia.org/wiki/SQL_injection 嘗試使用' or 1 or 'a作爲用戶名 最簡單的方法,以防止它是圈地傳遞的變量你的隊列中去與addslashes

"SELECT user FROM login WHERE user = '" . addslashes($uid) . "'"

來源

2017-05-08 09:06:24

0

的config.php

在session_start();

數據庫憑據//你也可以寫你的數據庫的細節在這裏

do_login.php

include_once( 'config.php文件');

您的登錄碼。

使page2.php

include_once( '的config.php');

print_r($ _ SESSION);

來源

2017-05-08 08:50:16

1

首先,我強烈支持建議說你考慮使用PPS : Prepared Parameterized Statements。這將有助於Preventing SQL injection

此外,你應該店明文密碼,因此:

你應該真的考慮使用password_hash和他的同事collegue password_verify

除此之外,我會讓你的代碼有點不同,例如:

- >修改generateResponse功能如下:

function generateResponse(data,uid){ 
if(data === "Error"){ 
    $("#status").text("user not found : make sure you are using correct credentials."); 
    $("input[name=uid]").val(""); 
    $("input[name=pwd]").val(""); 
} 
else { 
    window.location='page2.php'; 
} 
}

- >只使用一個查詢(這就是PPS會更安全)

<?php 
session_start(); 

$connection = mysqli_connect("localhost","shreyansh","","ajax"); 
$query1 = "SELECT user FROM login WHERE user = '$uid' AND pass = '$pass' "; 
$result = mysqli_fetch_array(mysqli_query($connection,$query1)); 
// checking credentials 
$response = ""; 
if(count($result) == 0){ $response = "Error"; } else { $_SESSION['username'] = $uid; $response = ""; } 
echo $response; 

?>

- 最後>,糾正濫用$ _SESSION在使page2.php(CREDIT去@迪米特里-L)

<?php 
session_start(); 
if(!isset($_SESSION['username']) || empty($_SESSION['username'])) 
{ 
header("Location: login.php"); 
} 
else 
{ 
?> 
<p>Hello <?php echo $_SESSION['username']; ?></p> 
<?php 
} 
?>

來源

2017-05-08 09:42:29 OldPadawan

相關問題

 相關問題