嘿傢伙,我是新來的mysqli,我有一個問題。我剛剛更新了我的登錄檢查以使用mysqli和準備好的語句,並且一切似乎都正常。但你永遠不會太安全。那麼你能否告訴我這段代碼是否有問題?幫助檢查登錄
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
$mysqli=new mysqli("localhost", "***", "***","***") ;
if(!$mysqli){
die("Database error");
}
function checklogin($username, $password){
global $mysqli;
$result = $mysqli->prepare("SELECT * FROM users WHERE username = ? and password=?");
$result->bind_param("ss", $username, $password);
$result->execute();
if($result != false){
$dbArray=$result->fetch();
if(!$dbArray){
echo '<p class="statusmsg">The username or password you entered is incorrect, or you haven\'t yet activated your account. Please try again.</p><br/><input class="submitButton" type="button" value="Retry" onClick="location.href='."'login.php'\">";
return;
}
$_SESSION['username']=$username;
if(isset($_POST['remember'])){
setcookie("jmuser",$username,time()+60*60*24*356);
setcookie("jmpass",$password ,time()+60*60*24*356);
}
echo'<p class="statusmsg"> You have successfully logged in. You will now be redirected to the homepage.</p>';
redirect();
}
else{
echo'<p class="statusmsg"> The username or password you entered is incorrect. Please try again.</p><br/>input class="submitButton" type="button" value="Retry" onClick="location.href='."'login.php'\">";
return;
}
}
if(isset($_COOKIE['jmuser']) && isset($_COOKIE['jmpass'])){
$status=checkCookie($_COOKIE['jmuser'], $_COOKIE['jmpass']);
if($status==true){
echo '<p class="statusmsg"> Welcome back '.$_COOKIE['jmuser'].'. You will now be redirected to the homepage.</p>';
sleep(5);
redirect();
}
}
else{
if(isset($_POST['sublogin'])){
if((strlen($_POST['user']) >0) && (strlen($_POST['pass']) >0)) {
checklogin($_POST['user'], $_POST['pass']);
}
elseif((isset($_POST['user']) && empty($_POST['user'])) || (isset($_POST['pass']) && empty($_POST['pass']))){
echo '<p class="statusmsg">You didn\'t fill in the required fields.</p><br/><input class="submitButton" type="button" value="Retry" onClick="location.href='."'login.php'\">";
}
}
else{
echo '<p class="statusmsg">You came here by mistake, didn\'t you?</p>';
}
}
而且還當登錄作品似乎不給我重定向到的index.php。這是寫在標籤上方的代碼。
<?php
if(isset($_GET['url'])){
function redirect() {
header('location:'.$_GET['url']);
}
}
else {
function redirect() {
header('location: index.php');
}
}
?>
我試着刪除文本無濟於事。我想我知道這個問題。當點擊登錄按鈕時,我在地址欄中獲取:localhost/JMToday/loginchk.php?url =因此,url是空白的,因此它不會重定向。除非我的理論是錯誤的:P請你幫忙嗎?
沒有,在他的情況下它不是脆弱的 – 2011-01-12 15:30:38
你應該閱讀備忘錄 – 2011-01-12 15:38:49
中的文本,這樣它不會當他使用它時。那麼,你的答案是什麼? – 2011-01-12 15:48:31