0
我有一個登錄系統,似乎只能使用Firefox登錄,我已經在Internet Explorer和Chrome中使用相同的登錄信息進行了嘗試,並且它沒有讓我登錄(驗證失敗密碼不正確,請重試!「)。登錄系統 - 適用於Firefox,但不適用於IE,Chrome等
在這裏,在登錄頁面代碼:
<body class="ui-state-processing">
<div id="cp-wrapper-div">
<div id="cp-topheader-div" class="ui-widget-header">
<div id="cp-topheader-content-div">
<img class="cp-topheader-customer-logo left" alt="Logo" src="images/logo.png" />
<img class="cp-topheader-marandy-logo right" alt="Powered by CompanyName" src="images/powered_by_compname.png" />
</div>
</div>
<div class="clear"></div>
<div id="login-page-wrap">
<div id="login-wrapper" class="ui-corner-all page-div">
<div id="login-input-wrapper" class="div-row-style">
<div id="login-title-top" class="centre-div">
<div id="login-title-icon">
<img src="images/padlock.png" alt="Online Booking Login" class="left" />
</div>
<div id="login-title-text">
<h1 class="drk-grey left">Online Booking Login</h1>
</div>
</div>
<form action="?" method="post" id="frm-useracc-login" name="frm-useracc-login" >
<div id="login-username-wrap" >
<div class="login-input-item left">
<div class="div-search-label left">
<div id="div-leftheader-wrap">
<p class="a-topheader-infotext left"><strong>Username: </strong></p>
</div>
</div>
<div class="login-input-content left div-subrow-style ui-corner-all">
<input type="text" tabindex="1" name="txt-username" id="txt-username" class="input-txt-med required addr-search-input txt-username left">
</div>
</div>
</div>
<div id="login-password-wrap" >
<div class="login-input-item left">
<div class="div-search-label left">
<div id="div-leftheader-wrap">
<p class="a-topheader-infotext left"><strong>Password: </strong></p>
</div>
</div>
<div class="login-input-content left div-subrow-style ui-corner-all">
<input type="password" tabindex="1" name="txt-password" id="txt-password" class="input-txt-med required addr-search-input txt-password left">
</div>
</div>
</div>
<div id="login-btn-bottom" class="centre-div">
<div id="login-btn-right">
<button name="btn-login" id="btn-login" class="btn-med ui-button ui-state-default ui-button-text-only ui-corner-all btn-hover-anim btn-row-wrapper left">Login</button>
<button name="btn-cancel" id="btn-cancel" class="btn-med ui-button ui-state-default ui-button-text-only ui-corner-all btn-hover-anim btn-row-wrapper left">Cancel</button><br /><br />
</div>
</div>
</form>
</div>
<p id="login-status" class="fail-text"><strong><? echo $_SESSION['login-status']; ?></strong></p>
</div>
</div>
這是我session.controller.php:
<?php
require_once("controllers/server.filter.php");
require_once('models/server.php');
require_once("models/useraccount.php");
require_once("models/sql.php");
class SessionController {
private static $login_status;
private static $redirect_url;
public static $form_action;
## Getters ##
private static function get_loginstatus() {return self::$login_status;}
## Setters ##
private static function set_loginstatus($in_str) {self::$login_status = $in_str;}
## Functions ##
public static function validate_user() {
UserAccount::set_username($_REQUEST['txt-username']);
UserAccount::set_password($_REQUEST['txt-password']);
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does user exist?
$query = "SELECT COUNT(UserName) FROM tblusers WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
$stmt->closeCursor();
if ($number_of_rows <= 0) {
self::set_loginstatus("The user does not exist in our database, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// User verified, check password...
self::verify_password();
}
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
}
private static function verify_password() {
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does the password given match the password held?
$query = "SELECT COUNT(*) FROM tblusers WHERE UserName = :in_username AND Password = :in_password";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_password();
$param2 = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_password', $param1, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
if ($number_of_rows == 1) {
$_SESSION['username'] = UserAccount::get_username();
// Begin verification..
self::set_useraccount(true);
} else {
self::set_loginstatus("Verification failed! Password incorrect, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function verify_account() {
// Account types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_accounttype() == 9) {
self::set_loginstatus("Verification failed! This account has been disabled."); ## Account disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else
// User login types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_usertype() == 9) {
self::set_loginstatus("Verification failed! This login has been disabled."); ## User login disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// Set redirect url here
if (UserAccount::get_accounttype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 0) {
self::$redirect_url = 'newbooking.php';
}
// All ok, set user and account properties
return true;
}
}
public static function set_useraccount($redirect_bool) {
// If username session is set...
if (isset($_SESSION['username'])) {
UserAccount::set_username($_SESSION['username']);
// Query Database for the rest of the data
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
$query = "SELECT AccountName
FROM tblusers
WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_username();
$stmt->bindParam(':in_username', $param1, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
$stmt->closeCursor();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
UserAccount::set_accountname($row['AccountName']);
try {
$query = "SELECT a.Id, a.AccountName, a.AccountNumber, a.AccountEmail, a.AccountTel,
a.AccountContact, a.AccountType, a.PaymentType, u.UserName,
u.FullName, u.UserEmail, u.UserTel, u.UserType
FROM tblaccounts a JOIN tblusers u
ON a.AccountName = u.AccountName
WHERE a.AccountName = :in_accname
AND u.UserName = :in_username";
$stmt = $dbh->prepare($query);
$param2 = UserAccount::get_accountname();
$param3 = UserAccount::get_username();
$stmt->bindParam(':in_accname', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_username', $param3, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
// Set properties and sessions variables
UserAccount::set_id($row['Id']);
UserAccount::set_accountname($row['AccountName']);
UserAccount::set_accountnumber($row['AccountNumber']);
UserAccount::set_accountemail($row['AccountEmail']);
UserAccount::set_fullname($row['FullName']);
UserAccount::set_accounttel($row['AccountTel']);
UserAccount::set_accountcontact($row['AccountContact']);
UserAccount::set_accounttype((int)$row['AccountType']);
UserAccount::set_paymenttype((int)$row['PaymentType']);
UserAccount::set_useremail($row['UserEmail']);
UserAccount::set_usertel($row['UserTel']);
UserAccount::set_usertype((int)$row['UserType']);
if (self::verify_account()) {
switch (UserAccount::get_paymenttype()) {
case 0:
$_SESSION['ua-paymenttype-asstr'] = 'Credit/Debit Card';
self::$form_action = 'addressdetails.php';
break;
case 1:
$_SESSION['ua-paymenttype-asstr'] = 'Account';
self::$form_action = 'makebooking.php';
break;
case 2:
$_SESSION['ua-paymenttype-asstr'] = 'Cash';
self::$form_action = 'makebooking.php';
break;
}
switch (UserAccount::get_usertype()) {
case 9:
$_SESSION['ua-usertype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-usertype-asstr'] = 'Standard';
break;
case 1:
$_SESSION['ua-usertype-asstr'] = 'Account Administrator';
break;
}
switch (UserAccount::get_accounttype()) {
case 9:
$_SESSION['ua-accounttype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-accounttype-asstr'] = ' ';
break;
case 1:
$_SESSION['ua-accounttype-asstr'] = '(SA)';
break;
}
// Redirect
if ($redirect_bool) {
self::redirect(true);
}
}
} else {
//self::set_loginstatus("Pre-requisite failure! Browser not supporting cookies!"); **Removed**
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function redirect($auth_bool) {
//parent::set_sessionstate(true); ## Set session to active -- persistance to DB
//self::$determine_session_type(); ## Set session type -- persistance to DB
if ($auth_bool == true) {
$doc_root = $_SERVER['DOCUMENT_ROOT'];
self::set_loginstatus('');
$_SESSION['login-status'] = self::get_loginstatus();
header("Location: ".self::$redirect_url);
} else {
header("Location: login.php");
}
}
}
?>
任何人都知道爲什麼它只能在Firefox中工作?
嘗試通過使用輸入類型作爲提交而不是按鈕標記。 –
您是否嘗試在IE/Chrome中調試您的代碼? – Mahn
您似乎將密碼作爲純文本存儲在數據庫中。這絕對不安全會導致災難。 – Jacco