1. 首頁
  2. 問答
  3. 登錄失敗(我做了一些改變,不能弄明白)

登錄失敗(我做了一些改變,不能弄明白)

2013-10-16 96 views
-2

我做了一些小的變化,所以我可以做一個「更改密碼」網站..登錄失敗(我做了一些改變,不能弄明白)

我的代碼是現在:

 <?php 
    error_reporting(E_ALL^E_NOTICE); 
    define('INCLUDE_CHECK',true); 

    require 'include/connect.php'; 
    require 'include/functions.php'; 
    // Those two files can be included only if INCLUDE_CHECK is defined 


    session_name('Login'); 
    // Starting the session 

    session_set_cookie_params(2*7*24*60*60); 
    // Making the cookie live for 2 weeks 

    session_start(); 

    if($_SESSION['id'] && !isset($_COOKIE['Remember']) && !$_SESSION['rememberMe']) 
    { 
     // If you are logged in, but you don't have the Remember cookie (browser restart) 
     // and you have not checked the rememberMe checkbox: 

     $_SESSION = array(); 
     session_destroy(); 

     // Destroy the session 
    } 


    if(isset($_GET['logoff'])) 
    { 
     $_SESSION = array(); 
     session_destroy(); 

     header("Location: index.php"); 
     exit; 
    } 

    if($_POST['submit']=='Login') 
    { 
     // Checking whether the Login form has been submitted 

     $err = array(); 
     // Will hold our errors 


     if(!$_POST['username'] || !$_POST['password']) 
      $err[] = 'All the fields must be filled in!'; 

     if(!count($err)) 
     { 
      $_POST['username'] = mysql_real_escape_string($_POST['username']); 
      $_POST['password'] = mysql_real_escape_string($_POST['password']); 
      $_POST['rememberMe'] = (int)$_POST['rememberMe']; 

      // Escaping all input data 

      $row = mysql_fetch_assoc(mysql_query("SELECT id,user FROM user WHERE user='{$_POST['username']}' AND password='".md5($_POST['password'])."'")); 

      if($row['user']) 
      { 
       // If everything is OK login 

       $_SESSION['user']=$row['user']; 
       $_SESSION['id'] = $row['id']; 
       $_SESSION['rememberMe'] = $_POST['rememberMe']; 

       // Store some data in the session 

       setcookie('Remember',$_POST['rememberMe']); 
      } 
      else $err[]='Wrong username and/or password!'; 
     } 

     if($err) 
     $_SESSION['msg']['login-err'] = implode('<br />',$err); 
     // Save the error messages in the session 

     header("Location: index.php"); 
     exit; 
    } 
    else if($_POST['submit']=='Register') 
    { 
     // If the Register form has been submitted 

     $err = array(); 

     if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32) 
     { 
      $err[]='Your username must be between 3 and 32 characters!'; 
     } 

     if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username'])) 
     { 
      $err[]='Your username contains invalid characters!'; 
     } 

     if(!checkEmail($_POST['email'])) 
     { 
      $err[]='Your email is not valid!'; 
     } 

     if(!count($err)) 
     { 
      // If there are no errors 

      $password = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6); 
      // Generate a random password 

      $_POST['email'] = mysql_real_escape_string($_POST['email']); 
      $_POST['username'] = mysql_real_escape_string($_POST['username']); 
      // Escape the input data 


      mysql_query(" INSERT INTO user(user,password,email,regIP,dt) 
          VALUES(

           '".$_POST['username']."', 
           '".md5($password)."', 
           '".$_POST['email']."', 
           '".$_SERVER['REMOTE_ADDR']."', 
           NOW() 

          )"); 

      if(mysql_affected_rows($link)==1) 
      { 
       send_mail( '[email protected]', 
          $_POST['email'], 
          'FuckableFriends - Your New Password', 
          'Your password is: '.$password); 

       $_SESSION['msg']['reg-success']='We sent you an email with your new password!'; 
      } 
      else $err[]='This username is already taken!'; 
     } 

     if(count($err)) 
     { 
      $_SESSION['msg']['reg-err'] = implode('<br />',$err); 
     } 

     header("Location: index.php"); 
     exit; 
    } 

    $script = ''; 

    if($_SESSION['msg']) 
    { 
     // The script below shows the sliding panel on page load 

     $script = ' 
     <script type="text/javascript"> 

      $(function(){ 

       $("div#panel").show(); 
       $("#toggle a").toggle(); 
      }); 

     </script>'; 

    } 
    ?> 


    <!DOCTYPE html> 
    <head> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    <title>FuckAble - Which of your friends is READY?</title> 

     <link rel="stylesheet" type="text/css" href="asset/css/index.css" media="screen" /> 
     <link rel="stylesheet" type="text/css" href="asset/css/slide.css" media="screen" /> 

     <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> 

     <!-- PNG FIX for IE6 --> 
     <!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 --> 
     <!--[if lte IE 6]> 
      <script type="text/javascript" src="asset/js/pngfix/supersleight-min.js"></script> 
     <![endif]--> 

     <script src="asset/js/slide.js" type="text/javascript"></script> 

     <?php echo $script; ?> 
    </head> 

    <body> 

    <!-- Panel --> 
    <div id="toppanel"> 
     <div id="panel"> 
      <div class="content clearfix"> 
       <div class="left"> 
        <h1>Log In</h1> 
        <h2>First login</h2>   
        <p class="grey">You will have to connect to facebook to see your friends.</p> 
        <h2>Further logins</h2> 
        <p class="grey">You are able to click 'Fuckable' on a friend, and hope the best!</p> 
       </div> 


       <?php 

       if(!$_SESSION['id']): 

       ?> 

       <div class="left"> 
        <!-- Login Form --> 
        <form class="clearfix" action="index.php" method="post"> 
         <h1>Member Login</h1> 

         <?php 

          if($_SESSION['msg']['login-err']) 
          { 
           echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>'; 
           unset($_SESSION['msg']['login-err']); 
          } 
         ?> 

         <label class="grey" for="username">Username:</label> 
         <input class="field" type="text" name="username" id="username" value="" size="23" /> 
         <label class="grey" for="password">Password:</label> 
         <input class="field" type="password" name="password" id="password" size="23" /> 
         <label><i><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> &nbsp;Remember me</i></label> 
         <div class="clear"></div> 
         <input type="submit" name="submit" value="Login" class="bt_login" /> 
        </form> 
       </div> 
       <div class="left right">    
        <!-- Register Form --> 
        <form action="index.php" method="post"> 
         <h1>Not a member yet? Sign Up!</h1>  

         <?php 

          if($_SESSION['msg']['reg-err']) 
          { 
           echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>'; 
           unset($_SESSION['msg']['reg-err']); 
          } 

          if($_SESSION['msg']['reg-success']) 
          { 
           echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>'; 
           unset($_SESSION['msg']['reg-success']); 
          } 
         ?> 

         <label class="grey" for="username">Username:</label> 
         <input class="field" type="text" name="username" id="username" value="" size="23" /> 
         <label class="grey" for="email">Email:</label> 
         <input class="field" type="text" name="email" id="email" size="23" /> 
         <label>A password will be e-mailed to you.</label> 
         <input type="submit" name="submit" value="Register" class="bt_register" /> 
        </form> 
       </div> 

       <?php 

       else: 

       ?> 

       <div class="left"> 

       <h1>Members panel</h1> 

       <p>MemberPanel:</p> 
       <a href="fuckable.php">Main site</a><br/> 
       <a href="settings.php">Settings</a><br/> 
       <a href="contact.php">Contact us</a><br/> 
       <a href="?logoff">Log out</a> 

       </div> 

       <div class="left right"> 
       </div> 

       <?php 
       endif; 
       ?> 
      </div> 
     </div> <!-- /login --> 

     <!-- The tab on top --> 
     <div class="tab"> 
      <ul class="login"> 
       <li class="left">&nbsp;</li> 
       <li>Hello <?php echo $_SESSION['user'] ? $_SESSION['user'] : 'Guest';?>!</li> 
       <li class="sep">|</li> 
       <li id="toggle"> 
        <a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a> 
        <a id="close" style="display: none;" class="close" href="#">Close Panel</a>   
       </li> 
       <li class="right">&nbsp;</li> 
      </ul> 
      </ul> 
     </div> <!--/top --> 

    </div> <!--panel --> 

    <div class="pageContent"> 
     <div id="main"> 
     <center> 
     <img id="logo" src="asset/images/logo.png"> 
      <div class="container"> 

       <h1>Fuck a friend</h1> 
       <h2>Easy steps to fuck a friend</h2> 
      </center> 
      </div> 
     </div> 
    </div> 
    <!---<?php 
     #include('footer.php'); 
    ?>---> 
    </body> 
    </html>

而且我changepassword.php:

 <?php 
    error_reporting(E_ALL^E_NOTICE); 
    define('INCLUDE_CHECK',true); 
    session_start(); 
    include("include/connect.php"); 
    if($_REQUEST["Submit"]=="Update") 
    { 
    $sql="update user set password ='$_REQUEST[newpassword]' where user='$_SESSION[uname]'"; 
    //echo $sql; 
    mysql_query($sql); 
    header("Location:changepassword.php?msg=updated"); 
    } 


    ?> 
    <!DOCTYPE html> 
    <html><head><TITLE>Change password</TITLE> 
    <script language="javascript" type="text/javascript"> 
    function validate() 
    { 

    var formName=document.frm; 

    if(formName.newpassword.value == "") 
    { 
    document.getElementById("newpassword_label").innerHTML='Please Enter New Password'; 
    formName.newpassword.focus(); 
    return false; 
    } 
    else 
    { 
    document.getElementById("newpassword_label").innerHTML=''; 
    } 


    if(formName.cpassword.value == "") 
    { 
    document.getElementById("cpassword_label").innerHTML='Enter ConfirmPassword'; 
    formName.cpassword.focus(); 
    return false; 
    } 
    else 
    { 
    document.getElementById("cpassword_label").innerHTML=''; 
    } 


    if(formName.newpassword.value != formName.cpassword.value) 
    { 
    document.getElementById("cpassword_label").innerHTML='Passwords Missmatch'; 
    formName.cpassword.focus() 
    return false; 
    } 
    else 
    { 
    document.getElementById("cpassword_label").innerHTML=''; 
    } 
    } 
    </script> 
    <style type="text/css"> 
    <!-- 
    .style1 {font-weight: bold} 
    .style7 { 
    color: yellow; 
    font-size: 24px; 
    } 
    .style9 { 
    color: #FF6666; 
    font-weight: bold; 
    } 
    .style12 { 
    color: #666666; 
    font-weight: bold; 
    } 
    .style14 {color: #CC0033; font-weight: bold; } 
    --> 
    </style> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    </head> 
    <body> 

    <form action="changepassword.php" method="post" name="frm" id="frm" onSubmit="return validate();"> 
    <table width="47%" border="1" cellspacing="0" cellpadding="0"> 
    <tr> 
    <td colspan="2" align="center"></td> 
    </tr> 
    <tr bgcolor="#666666"> 
    <td colspan="2"><span class="style7">Change Password</span></td> 
    </tr> 
    <?php if($_REQUEST[msg]=="updated") { ?> 
    <tr bgcolor="#666666"> 
    <td colspan="2"><span class="style7">Password has been changed successfully.</span></td> 
    </tr> 
    <?php } ?> 
    <tr> 
    <td bgcolor="#CCCCCC"><span class="style14">New Password:</span></td> 
    <td bgcolor="#CCCCCC"><input type="password" name="newpassword" id="newpassword" size="20" autocomplete="off"/>&nbsp; <label id="newpassword_label" class="level_msg"></td> 
    </tr> 
    <tr> 
    <td bgcolor="#CCCCCC"><span class="style14">Confirm Password:</span></td> 
    <td bgcolor="#CCCCCC"><input type="password" name="cpassword" id="cpassword" size="20" autocomplete="off">&nbsp; <label id="cpassword_label" class="level_msg"></td> 
    </tr> 

    <tr bgcolor="#666666"> 
    <td colspan="2" align="center"><input type="submit" name="Submit" value="Update" onSubmit="return validate();"/></td> 
    </tr> 

    </table> 
    <a href="index.php">Login</a> 
    </form> 
    </body> 
    </html>

DB結構:

id 
email 
user 
password 
regIP 
dt

DB的名稱是'user'..

Q1:這些能夠一起工作嗎? (這樣的密碼將被更改數據庫中的 Q2:我得到一個錯誤,當我嘗試登錄(用戶名和/或密碼錯誤),怎麼來

解答!:

好,謝謝?它還挺很難搞清楚新的語言(我的第一個到目前爲止)

所以...我只需要更換一部分?但它不會幫助我登錄無論如何?

enter code here

來源

2013-10-16 Marco Egekjær

回答

1

您的更新查詢直接使用字符串中的變量,但是,它們是數組和ne ED被包裹在大括號:

$sql="update user set password ='$_REQUEST[newpassword]' where user='$_SESSION[uname]'";

更改爲:

$sql="update user set password ='{$_REQUEST[newpassword]}' where user='{$_SESSION[uname]}'";

然而,這是非常非常糟糕。此代碼直接容易受到SQL注入的攻擊。

相反,你應該清理你的用戶輸入:

$username = mysql_real_escape_string($_REQUEST['uname']); 
$password = mysql_real_escape_string($_REQUEST['newpassword']); 

$sql = "update user set password = '" . $password . "' where user = '" . $username . "';";

更結束了,你應該儘量注意使用舊/過時mysql_功能,轉而用更多的支持MySQLiPDO庫。除了整體更安全之外,兩者都提供了一種使用參數化查詢的方法,這可以幫助解決上述問題。

您的查詢,通過mysqli的一份準備好的聲明:

$stmt = $mysqli->prepare("UPDATE user SET password = ? WHERE username = ?"); 

// bind parameters 
$stmt->bind_param("s", $_REQUEST['username']); 
$stmt->bind_param("s", $_REQUEST['newpassword']); 

// execute 
$stmt->execute(); 

// close the statement 
$stmt->close();

來源

2013-10-16 17:28:32 newfurniturey

+0

$ SQL = 「更新用戶設置密碼= '$ _ REQUEST [新密碼]',其中用戶= '$ _ SESSION [UNAME]'」; –

+0

@MarcoEgekjær你應該更新該行,是的。 – newfurniturey

+0

完成。但是,我如何解決登錄問題?謝謝。 –

相關問題

 相關問題