前端之家

  1. 首页
  2. 问答

登录通过所有密码应该不正确

问答

我有登录表单,当我尝试使用正确的用户名和密码登录时,它可以正常工作。问题是当我输入错误的密码时,它仍然使我登录该网站,并且应该显示密码错误的错误。除此以外的所有其他东西都工作正常。我var_dump-ed我的$ cryptpass和$ password,它们是相同的,当一起转储时,它们返回true。我不知道哪里出了错。

custom_functions.php 

<?php

function validation($form_data)
{
    $form_data = trim(stripcslashes(htmlspecialchars($form_data)) );
    return $form_data;
}

if ($_SERVER['REQUEST_METHOD'] == "POST"){
    if(isset($_POST["submit"])) {
        login_function();
    }
}

function login_function() {

    session_start();
    require 'connection.php';

    $_SESSION["username_error"] = $username_error;
    $_SESSION["password_error"] = $password_error;
    //var_dump($_SESSION["username_error"]); die('!');

    $v_username = $_POST['username'];
    $v_password = $_POST['password'];
    //$v_captcha = $_POST['captcha'];

    $username = validation($v_username);
    $password = validation($v_password);
    //$captcha = validation($v_captcha);

    $remember = isset($_POST['remember']);

    if(empty($username))
    {
        $_SESSION["username_error"] = "<p>Please enter your username!</p>";
        header("Location: login.php");
    }

    if(empty($password))
    {
        $_SESSION["password_error"] = "<p>Please enter your password!</p>";
        header("Location: login.php");
    }

    if(!empty($username) && !empty($password)) {
        $sql = "SELECT * FROM member_auth WHERE username = :username";

        $stmt = $pdo->prepare($sql);

        $stmt->bindValue(':username',$username);

        $stmt->execute();

        $user = $stmt->fetch(PDO::FETCH_ASSOC);

        $cryptpass = $user['cryptpass'];

        if($user === false){
            $_SESSION["username_error"] = "<p>User doesn't exist</p>";
            header("Location: login.php");
        }   elseif($user) {
            $newPass = crypt($password,$cryptpass);
                if($cryptpass == $newPass) {
                    //var_dump($cryptpass == $newPass); die('!');  this returns true
                    $_SESSION['loggedin'] = TRUE;
                    $_SESSION['username'] = $username;
                    if($remember == "on") {
                        setcookie("remember",$username,time()+3600);
                    }
                    header('Location: login_success.php');
                } else {
                    $_SESSION["password_error"] = "<p>Password is not correct!</p>"; 
                    header("Location: login.php"); 
                }
            } 
    }
}

?>

login.php 

<?php 

session_start(); 

?>
<!DOCTYPE HTML>
<html lang="en">

<head>
<meta charset="utf-8">
<title>Welcome to Love Her Feet</title>
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel="stylesheet" href="/login_assets/css/style.css">
<link href="https://fonts.googleapis.com/css?family=Raleway:300,400,500&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/login_assets/css/media.css">
<script src="/login_assets/js/jquery.min.js"></script>
<script src="/login_assets/js/modernizr.custom.js"></script>
<!-- <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous"> -->

</head>

<div id="login_body">
<header class="clear hBlack">
    <div class="jLogo"><a href="/"><img src="/login_assets/images/logo.png" alt=""></a></div>
</header>
<div class="logArea clear">
    <form action="custom_functions.php" method="post" enctype="application/x-www-form-urlencoded">
    <div class="logbox">
    <div class="box clear">
        <h2>Members Area</h2>
        <div class="logTypes">
        <input type="text" name="username" class="logtextbox" placeholder="username or email">
        <span class="text-danger"><?php if(isset($_SESSION['username_error'])){ echo $_SESSION["username_error"]; unset($_SESSION["username_error"]); }  ?></span>
        <input type="password" name="password" class="logtextbox" placeholder="Password"><br>
        <span class="text-danger"><?php if(isset($_SESSION['password_error'])){ echo $_SESSION["password_error"]; unset($_SESSION["password_error"]); }  ?></span>
        <!-- <input type="text" name="captcha" class="logtextbox" placeholder="Enter the code shown below"><br>
        <img style="margin: 0 auto;" src="captcha.php">
        <span class="text-danger"></span> -->
        <div style="text-align: center">Remember my login: <input name="remember" type="checkbox"></div>
        </div>
    </div>
    <input type="submit" value="submit" class="logBtn" name="submit">
    </div>
    </form>
    <div class="logtext1">
    </div>
    <div class="logtext2">
    </div>
</div>
</div>
<footer class="clear">
</footer>
</div>

</html>

login_success.php 

    <?php

    session_start();

    if(isset($_SESSION["loggedin"]) || $_COOKIE["remember"]) {
        header("Location: members");
        /* echo "Welcome,{$_SESSION["username"]} <br>";
        echo "<a href='logout.php'>Logout</a>"; */
    } else {
        header("Location: login.php");
    }
nicklong465 回答:登录通过所有密码应该不正确
暂时没有好的解决方案,如果你有好的解决方案,请发邮件至:iooj@foxmail.com
formsphpsessionvalidation
本文链接:https://www.f2er.com/3110959.html

大家都在问