1. 首頁
  2. 問答
  3. 重定向不起作用php

重定向不起作用php

2017-08-16 76 views
0

crudindex.php如果任何用戶使用管理員和密碼混合登錄,請回顯一些信息並重定向到crudview.php。 這裏的問題是任何用戶點擊登錄按鈕它重定向到crudview.php。重定向不起作用php

要求:對於管理員用戶會重定向到crudview和其他crudeditusr.php

2)我需要重新生成會話ID,並把用於登錄頁面也代碼?

3)密鑰可以更改爲任何數字?

<?php 
$con = mysqli_connect("127.0.0.1", "kkits996_ganesh", "", "kkits996_testmysql") or die("Error " . mysqli_error($con)); 

// Declare array for errors 
$error=array();  
//-----------------------------------------------------// 
//---------------------CSRF PROTECT--------------------// 
//-----------------------------------------------------// 

//generate a token/ 
function generateToken($formName) 
{ 
    //secret_key change it 
    $secretKey ='[email protected]!Erpoejsj48'; 
    if (!session_id()) 
    { 
     session_start(); 
    } 
    $sessionId = session_id(); 
    return hash('sha512', $formName.$sessionId.$secretKey); 
} 

//check if the token is valid 
function checkToken($token, $formName) 
{ 
    return $token === generateToken($formName); 
} 

//Separate REGISTER AND LOGIN TO NOT BE CONFUSED// 

//-----------------------------------------------------// 
//---------------------REGISTRATION--------------------// 
//-----------------------------------------------------// 
if (isset($_POST['register']) && checkToken($_POST['csrf_token'], 'userFromRegistration') ) 
{ 
    //if the username required 
    if(!preg_match('/^[A-Za-z0-9]+$/',$_POST['uname'])) 
    { 
     $error['username'] = "Username must have alphanumeric characters "; 
    } 

    //if password has less than 6 characters 
    if(strlen($_POST['pwd']) < 6) 
    { 
     $error['password'] = "Password must be minimum of 6 characters"; 
    } 

    //if password does not match 
    if($_POST['pwd'] !== $_POST['cpwd'] OR empty($_POST['cpwd'])) 
    { 
     $error['passwordmatch'] = "Password and Confirm Password doesn't match"; 
    } 

    //if empty error array 
    if(!array_filter($error)) 
    { 
     //trim data 
     $username = trim($_POST['uname']); 

     // Hash you password, never save PASSWORD AS PLAIN TEXT!!!!!!! 
     // MYSQL! : Allow your storage to expand past 60 characters (VARCHAR 255 would be good) 
     $password = password_hash($_POST['pwd'], PASSWORD_DEFAULT); 

     //if the id is autoincremented leave id 
     //----------USE PREPARED STATEMENT FOR SQL INJECTION---// 

     $query = 'INSERT INTO cruduser (username, password) VALUES (?,?)'; 
     $stmt = $con->prepare($query); 
     $stmt->bind_param("ss", $username, $password); 
     $stmt->execute(); 
     $stmt->close(); 
     $con->close(); 

     //Redirect because we need to consider the post request from crudadd.php 
     header('Location: crudaddusr.php') ; 
    } 
} 

//-----------------------------------------------------// 



//------------------------LOGIN as admin---------------------// 

if (isset($_POST['login'])) 
{ 
    if ($_POST['uname']="admin" && $_POST['pwd']="adminx") 
    { 
     echo $_POST['uname']; 
     echo $_POST['pwd'];  
     $con->close(); 
     header ("Location: crudview.php"); 
    } 
} 

//------------------------LOGIN as Normal-----------------------// 

if (isset($_POST['login']) && checkToken($_POST['csrf_token'], 'userFromRegistration') ) 
{ 
    //if the username required 
    if(!preg_match('/^[A-Za-z0-9]+$/',$_POST['uname'])) 
    { 
     $error['username'] = "Username must have alphanumeric characters "; 
    } 

    //if password has less than 6 characters 
    if(strlen($_POST['pwd']) < 6) 
    { 
     $error['password'] = "Password must be minimum of 6 characters"; 
    } 

    //if password does not match 
    if($_POST['pwd'] !== $_POST['cpwd'] OR empty($_POST['cpwd'])) 
    { 
     $error['passwordmatch'] = "Password and Confirm Password doesn't match"; 
    } 

    //if empty error array 
    if(!array_filter($error)) 
    { 
     //trim data 
     $uname = trim($_POST['uname']); 

     // Hash you password, never save PASSWORD AS PLAIN TEXT!!!!!!! 
     // MYSQL! : Allow your storage to expand past 60 characters (VARCHAR 255 would be good) 
     //$pwd = password_hash($_POST['pwd'], PASSWORD_DEFAULT); 
     $pwd = $_POST['pwd']; 

     $con->close(); 

     //Redirect because we need to consider the post request from crudadd.php 
      header("Location: crudeditusr.php?suname=".$uname."&spwd=".$pwd); 


//   header("Location: crudeditusr.php?suname=$uname&spwd=$pwd"); 
    } 
} 
//-----------------------------------------------------// 
//if (isset($_POST['login'])) 
//{ 
    //what ever you want 
    //Use password_verify() and session_regenerate_id() 
    //to compare passwords and to generate a session id to prevent session fixation. 

//} 
//?> 

<!--HTMl PART--> 
<!DOCTYPE html> 
<html> 
    <head> 
     <title>"Login Registration"</title> 
     <!-- bootstrap link is downloaded from bootstrapcdn.com for css and js --> 
     <!-- col-mod-6 col-mod-offset are bootstrap related--> 
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> 
     <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> 
    </head> 
    <body> 
    <div class="container"> 
     <div class="row"> 
      <form method="post" action="" class="form-horizontal col-mod-6 col-mod-offset-3"> 
      <input type="hidden" name="csrf_token" value="<?php echo generateToken('userFromRegistration'); ?>" required/> 
      <h2>Login Registration</h2> 
      <div class="form-group"> 
       <label for="input" class="col-sm-2 control-label">Username : </label> 
       <div class="col-sm-10 <?php if(!empty($error['username'])){ echo 'has-error';} ?> "> 
        <input type="text" name="uname" class="form-control" id="input1" placeholder="Username"/> 
        <span class="help-block"><?php if (!empty($error['username'])) echo $error['username'];?></span> 
       </div> 
      </div> 
      <div class="form-group"> 
       <label for="input" class="col-sm-2 control-label">Password: </label> 
       <div class="col-sm-10 <?php if(!empty($error['password'])){ echo 'has-error';} ?>"> 
        <input type="password" name="pwd" class="form-control" id="input1" placeholder="Password"/> 
        <span class="help-block"><?php if (!empty($error['password'])) echo $error['password'];?></span> 
       </div> 
      </div> 
      <div class="form-group"> 
       <label for="input" class="col-sm-2 control-label">Confirm Password : </label> 
       <div class="col-sm-10 <?php if(!empty($error['passwordmatch'])){ echo 'has-error';} ?>"> 
        <input type="password" name="cpwd" class="form-control" id="input1" placeholder="Confirm Password"/> 
        <span class="help-block"><?php if (!empty($error['passwordmatch'])) echo $error['passwordmatch'];?></span> 
       </div> 
      </div> 
      <div class="row"> 

       <div class="col-mod-6 col-mod-offset-3"> 
        <button id="submit1" name="register" class="btn btn-primary pull-right">Register</button> 
        <button id="submit2" name="login" class="btn btn-secondary pull-right">Login</button> 
       </div> 
      </div> 
     </form> 
    </body> 
</html>

來源

2017-08-16 yesganesh

+1

你有什麼錯誤嗎?有很多重定向功能哪一個不工作? –

+0

在嘗試發送HTTP標頭之前,您正在迴應'$ _POST ['uname']'和'$ _POST ['pwd']'。輸出正文內容後,您無法發送標題。 – Phylogenesis

+0

此外,輸入的每個用戶名/密碼都將採用此代碼路徑,因爲您使用賦值運算符('=')而不是相等運算符('=='或'===')。 – Phylogenesis

回答

1

因爲提交按鈕不是type="Submit",所以此表格甚至不會發布。

此外,當點擊login或單擊register時,您需要進行檢查以區分操作。

您的表單似乎是一種註冊形式。將表單標籤中的動作添加爲$_SERVER["PHP_SELF"]。現在,改變

<button id="submit1" type='submit' name="register" class="btn btn-primary pull-right"> 
Register </button>

這將張貼在同一頁上的表單數據和您的支票register檢查應該工作。

來源

2017-08-16 07:53:30

+0

當前窗體正在工作即註冊和登錄是好的沒有問題只有當用admin和密碼adminx登錄時,它應該重定向到crudview.php。 – yesganesh

相關問題

 相關問題