0
我有一個小應用程序,現在是時候在所有內容中包含一個登錄遊戲。剛剛得到它,並在現實世界中運行(:P)設置cookie並且無法在不同的php文件中讀取它們
這是我的登錄頁面上的代碼(login.php中):
<!DOCTYPE html>
<html>
<head>
<title>
Login
</title>
<meta charset="UTF-8">
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<?php include_once("analyticstracking.php") ?>
<form action="login.php" method="POST">
<?php
if (isset($_POST['user']) && isset($_POST['password']))
{
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
{
$secret = '';
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
if($responseData->success)
{
$user = $_POST['user'];
$password = $_POST['password'];
$salt = "d5f332312e3e390c81f6ef9f242c21bf9e472d6296ddd4bebddd0f54eb576f14";
$hpassword = hash('sha256', $salt . $password);
$_COOKIE['user'] = $user;
$_COOKIE['pass'] = $hpassword;
$auth = 1;
$_COOKIE['authorized'] = $auth;
setrawcookie("user", $user, time() + 28800, "/",'domaindig.eu');
setrawcookie("hpass", $hpassword, time() + 28800, "/",'domaindig.eu');
setrawcookie("authorized", $auth, time() + 28800, "/",'domaindig.eu');
print_r($_COOKIE);
header('Location: check.php');
}
}
}
?>
username: <input name="user" type="user"><br>
password: <input name="password" type="password"><br>
<div class="g-recaptcha" data-sitekey=""></div>
<input type="submit" value="Submit" /><br><br>
</form>
</body>
</html>
正如你可能會看到,我使用谷歌驗證碼我爲了防止暴力登錄。到那時(當我插入repcatcha時),我的$ _SESSION變量再也沒有工作過了。所以,我決定使用cookie(由於經常使用會話而引起的新嘗試)。
到目前爲止,這麼好。
當我完成了這個php頁面的編碼之後,我開始整理php文件check.php。在這個文件中,我檢查憑據,如果一切都檢出,我重定向到主頁面和菜單(沒有任何圖表是,只有純粹的PHP)。
我的問題是:
在第二個文件上,我看不到任何cookie。我使用print_r($ _ COOKIE);我只看到來自recaptcha的cookies。在登錄頁面上,我看到了3個我正在嘗試設置的cookie,但在其他文件中,似乎我無法讀取它們。我查了多個瀏覽器和多臺電腦,但運氣一樣。我已經確認,瀏覽器可以接受cookies,但似乎我犯了一個錯誤。
如果我的描述有些模糊,請告訴我,我會澄清。
這裏是我的check.php代碼(檢查使用cookie憑證):
<!DOCTYPE html>
<html>
<head>
<title>
check
</title>
<meta charset="UTF-8">
</head>
<body>
<?php include_once("analyticstracking.php") ?>
<form action="check.php" method="POST">
<?php
if ($_COOKIE['authorized'] == 1)
{
if (isset($_COOKIE['user']) || isset($_COOKIE['hpass']))
{
require('ConnectToDB.php');
$username = $_COOKIE['user'];
$password = $_COOKIE['hpass'];
$result="SELECT `password` FROM `users` WHERE username = '$username'";
$tbl=mysqli_query ($conn, $result);
$table = $tbl->fetch_assoc();
$pass = $table['password'];
if ($pass)
{
if ($password == $pass)
{
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");
$result = "INSERT INTO `logins` (`username`, `date`, `ip`) VALUES ('$username', '$date', '$ip')";
$tbl = mysqli_query($conn, $result);
$_COOKIE['authorized'] = 1;
echo "Login successfull! Redirecting.";
require 'ConnectToDB.php';
$alphanumeric[0] = "0";
$alphanumeric[1] = "1";
$alphanumeric[2] = "2";
$alphanumeric[3] = "3";
$alphanumeric[4] = "4";
$alphanumeric[5] = "5";
$alphanumeric[6] = "6";
$alphanumeric[7] = "7";
$alphanumeric[8] = "8";
$alphanumeric[9] = "9";
$alphanumeric[10] = "a";
$alphanumeric[11] = "b";
$alphanumeric[12] = "c";
$alphanumeric[13] = "d";
$alphanumeric[14] = "e";
$alphanumeric[15] = "f";
$alphanumeric[16] = "g";
$alphanumeric[16] = "h";
$alphanumeric[17] = "i";
$alphanumeric[18] = "j";
$alphanumeric[19] = "k";
$alphanumeric[20] = "l";
$alphanumeric[21] = "m";
$alphanumeric[22] = "n";
$alphanumeric[23] = "o";
$alphanumeric[24] = "p";
$alphanumeric[25] = "q";
$alphanumeric[26] = "r";
$alphanumeric[27] = "s";
$alphanumeric[28] = "t";
$alphanumeric[29] = "u";
$alphanumeric[30] = "v";
$alphanumeric[31] = "w";
$alphanumeric[32] = "x";
$alphanumeric[33] = "y";
$alphanumeric[34] = "z";
$alphanumeric[35] = "A";
$alphanumeric[36] = "B";
$alphanumeric[37] = "C";
$alphanumeric[38] = "D";
$alphanumeric[39] = "E";
$alphanumeric[40] = "F";
$alphanumeric[41] = "G";
$alphanumeric[42] = "H";
$alphanumeric[43] = "I";
$alphanumeric[44] = "J";
$alphanumeric[45] = "K";
$alphanumeric[46] = "L";
$alphanumeric[47] = "M";
$alphanumeric[48] = "N";
$alphanumeric[49] = "O";
$alphanumeric[50] = "P";
$alphanumeric[51] = "Q";
$alphanumeric[52] = "R";
$alphanumeric[53] = "S";
$alphanumeric[54] = "T";
$alphanumeric[55] = "U";
$alphanumeric[56] = "V";
$alphanumeric[57] = "W";
$alphanumeric[58] = "X";
$alphanumeric[59] = "Y";
$alphanumeric[60] = "Z";
global $session;
$session = "";
for ($i=0;$i<20;$i++)
{
$rnd = rand(0, 60);
$session .= $alphanumeric[$rnd];
}
$date = date("Y-m-d");
$ip = $_SERVER['REMOTE_ADDR'];
$result = "INSERT INTO `sessions` (`user`, `date`, `session_id`, `ip`, `login`) VALUES ('$username', '$date', '$session', '$ip', '1')";
$tbl = mysqli_query($conn, $result);
echo "All done";
echo '<script> window.location = "https://domaindig.eu/index.php" </script>';
}
else
{
echo "User found but password provided was wrong. Try again!";
// echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
}
else
{
echo "Failure. Couldn't fetch password!!! Try again.";
//echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
}
else
{
echo "Something went wrong. Try login again!";
//echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
}
else
{
echo "Unauthorized access!!";
//echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
?>
</form>
</body>
</html>
這裏也是我的餅乾的照片時,我向他們展示登錄頁面:
我提前感謝大家。
所有文件,都在相同的域名,並在同一目錄(/) – adamkwn
我剛剛在我的主機上運行您的代碼,我可以得到cookies.Please確保您訪問在同一個域中的兩個php文件。 –
你好。這確實奏效,但如果你將上面的代碼與google recaptcha結合起來,會話不起作用,但我希望cookies能夠工作。你有沒有用recaptcha試過這段代碼? – adamkwn