爲什麼只有在輸入錯誤憑證時纔會得到未定義的變量？

Question

首先，我正在進行的項目： 創建一個網站，用戶可以登錄並記錄他們完成的志願小時數。

我看了一個類似的問題在這裏：PHP login error "Undefined Variable"

我想那是在支柱上方的解決方案，但它並沒有爲我工作。未定義的變量僅在輸入錯誤的用戶名/密碼時纔會發生，但在輸入正確的用戶名和密碼時工作得很好。我不確定爲什麼會發生這種情況，但我希望能找到解決方案的一些幫助。這是我遇到問題的頁面的代碼。謝謝。

登錄HTML表單：

<!DOCTYPE html>  
<html> 
    <head> 
    <meta charset="UTF-8"> 
    <title>Simple login form</title> 
    <link rel="stylesheet" href="css/reset.css"> 
    <link rel="stylesheet" href="css/style.css"/> 
    </head> 

    <body> 
    <div class="container"> 
    <div class="login"> 
     <h1 class="login-heading"> 
     <strong>Welcome.</strong> Please login.</h1> 
     <form method="post" action="login.php"> 
     <input type="text" name="uname" placeholder="Username" required="required" class="input-txt" /> 
     <input type="password" name="pword" placeholder="Password" required="required" class="input-txt" /> 
     <div class="login-footer"> 
      <a href="forgot.html" class="lnk"> 
      <span class="icon icon--min">ಠ╭╮ಠ</span> 
      <span class="register">I've forgotten something</span></a> 
      <input name="submit" value="Login" type="submit" class="btn btn--right"><br> 
      <a href="register.html" class="lnk"> 
      <span class="register">Not a member? Click here to register!</span></a> 
     </div> 
     </form> 
    </div> 
    </div> 
    <script src="js/index.js"></script> 
</body> 
</html> 

處理來自表單的信息的PHP形式：

<?php 

include("encrypt_decrypt.php"); 

$username="root"; 
$password=""; 
$server="localhost"; 
$db_name="userauthentication"; 

$uname=""; 
$pword=""; 
$error_msg=""; 

if(isset($_POST["submit"])){ 

    $db_handle = mysqli_connect($server, $username, $password); 
    $db_found = mysqli_select_db($db_handle, $db_name); 

    $uname = $_POST["uname"]; 
    $uname = htmlspecialchars($uname); 
    $uname = mysqli_real_escape_string($db_handle, $uname); 

    $pword = $_POST["pword"]; 
    $pword = htmlspecialchars($pword); 
    $pword = mysqli_real_escape_string($db_handle, $pword); 
    $pword = encrypt_decrypt("encrypt", $pword); 

     if($db_found){ 
      if($uname == "admin"){ 
       $SQL = "SELECT * FROM WHERE username = '$uname' AND pword = '$pword'"; 
       $result = mysqli_query($db_handle, $SQL); 

       $num_rows = mysqli_num_rows($result); 

        if($num_rows > 0){ 
         session_start(); 
         $_SESSION['login'] = "2"; 
         header("Location: adminpage.html"); 
        }else{ 
         print("error"); 
        } 
      }else if($uname != "admin"){ 
       $SQL = "SELECT * FROM login WHERE username = '$uname' AND password = '$pword'"; 
       $result = mysqli_query($db_handle, $SQL); 

       $num_rows = mysqli_num_rows($result); 

       if($num_rows > 0){ 
        session_start(); 
        $_SESSION['login'] = "1"; 
        header("Location: mainpage.html"); 
       }else{ 
        $uname = ''; 
        $pword = ''; 
        print("error"); 
       } 
      } 
     } 
    } 
?> 

最後但並非最不重要的，我使用的密碼安全encrypt_decrypt功能。 這是我上線6 & 7.

<?php  
    function encrypt_decrypt($action, $string) { 
    $output = false; 

    $encrypt_method = "AES-256-CBC"; 
    **$secret_key = $pword;** 
    **$secret_iv = $pword;** 

    // hash 
    $key = hash('sha256', $secret_key); 

    // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning 
    $iv = substr(hash('sha256', $secret_iv), 0, 16); 

    if($action == 'encrypt') { 
     $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv); 
     $output = base64_encode($output); 
    } 
    else if($action == 'decrypt'){ 
     $output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv); 
    } 

    return $output; 
} 
?> 

This is a picture after I entered in the right username but wrong password

Answer 1

你傳遞一個變量名爲$ PWORD得到未定義的變量問題的實際網頁，但它調用的函數內$字符串。如下更新代碼。

$secret_key = $string; 
$secret_iv = $string; 

Answer 2

該錯誤總是發生。但是，如果登錄成功，您正在將標題重定向到adminpage.html或mainpage.html。這就是爲什麼在使用正確的用戶名/密碼組合的情況下你看不到錯誤。 錯誤是在encrypt_decrypt（）中使用未知變量pword的結果。將其替換爲$ string或使用全局語句將$ pword導入到encrypt_decrypt（）的範圍中。