我有一個買家的形式,被稱爲 「Buyer.php」:拒絕訪問PHP的登錄
<form method="post" action="check_buyer.php" id="LoggingInBuyer">
<div style="width:265px;margin:0; padding:0; float:left;">
<label>Username: <span><a href="#">Forgot Username?</span></a></label> <br />
<input id="UserReg" style="width:250px;" type="text" name="userName" tabindex="1" class="required" /></div>
<div style="width:265px;margin:0; padding:0; float:right;">
<label>Password: <span><a href="#">Forgot Password?</span></a></label> <br />
<input id="UserReg" style="width:250px;" type="password" name="userPass" tabindex="2" class="required" /></div>
<div class="clearB"> </div>
<input type="submit" style="width:100px; margin:10px 200px;" id="UserRegSubmit" name="submit" value="Login" tabindex="3" />
</form>
一個名爲check_buyer.php(在相同的目錄):
<?php
session_start(); #recall session from index.php where user logged include()
function isLoggedIn()
{
if(isset($_SESSION['valid']) && $_SESSION['valid'])
header('Location: buyer/'); # return true if sessions are made and login creds are valid
echo "Invalid Username and/or Password";
return false;
}
require_once('../inc/db/dbc.php');
$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);
$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uID, uUPass, dynamSalt, uUserType FROM User WHERE uUName = '$LoginUserName';";
function validateUser($ifUserExists['uID'], $ifUserExists['uUserType']) {
$_SESSION['valid'] = 1;
$_SESSION['uID'] = $uID;
$_SESSION['uUserType'] = $uUserType; // 1 for buyer - 2 for merchant
}
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such USER exists
{
echo "Invalid Username and/or Password";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);
$dynamSalt = $ifUserExists['dynamSalt']; #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass
if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
{
echo "Invalid Username and/or Password";
}else {
validateUser();
}
// If User *has not* logged in yet, keep on /login
if(!isLoggedIn())
{
header('Location: index.php');
die();
}
?>
//現在拋出錯誤:解析錯誤:語法錯誤,意外的'[',期待')'在線23即function validateUser($ifUserExists['uID'], $ifUserExists['uUserType']) {
並在買方/目錄下的文件「的index.php」:
<?php
session_start();
if($_SESSION['uUserType']!=1)
{
die("You may not view this page. Access denied.");
}
function isLoggedIn()
{
return (isset($_SESSION['valid']) && $_SESSION['valid']);
}
//if the user has not logged in
if(!isLoggedIn())
{
header('Location: index.php');
die();
}
?>
<?php
if($_SESSION['valid'] == 1){
#echo "<a href='../logout.php'>Logout</a>";
require_once('buyer_profile.php');
}else{
echo "<a href='../index.php'>Login</a>";
}
?>
這樣做的一點是,在輸入用戶名和密碼時,該用戶登錄並定向到/buyer/index.php
,到該網站的部分爲buyer
。似乎每次我使用我製作的虛擬憑證登錄時,它只是脫口而出:You may not view this page. Access denied
。但是,如果我通過在瀏覽器中按回箭頭返回,它有我logged in
和showing a link to logout
。
我做了一些故障排除: 1)顯示在這裏,測試我的sql query
是好的,的確如此。 http://i.stack.imgur.com/n2b5z.png
2)嘗試choing
出echo 'the userid: ' . $userid;
它哼唧約You may not view..
之前,它不會顯示任何信息。
我該如何去得到這個userID
?我雙重檢查的字段名稱在數據庫中,所有的罰款..
然後我必須定義$ ifUserExists? – Walley
不,你已經有了,在這裏:'$ ifUserExists = mysql_fetch_array($ result,MYSQL_ASSOC);'這將返回一個包含你在查詢中選擇的字段的數組。 –
請參閱我現在遇到的錯誤和更新的check_buyer.php文件。 – Walley