我有登录表单,当我尝试使用正确的用户名和密码登录时,它可以正常工作。问题是当我输入错误的密码时,它仍然使我登录该网站,并且应该显示密码错误的错误。除此以外的所有其他东西都工作正常。我var_dump-ed我的$ cryptpass和$ password,它们是相同的,当一起转储时,它们返回true。我不知道哪里出了错。
custom_functions.php
<?php
function validation($form_data)
{
$form_data = trim(stripcslashes(htmlspecialchars($form_data)) );
return $form_data;
}
if ($_SERVER['REQUEST_METHOD'] == "POST"){
if(isset($_POST["submit"])) {
login_function();
}
}
function login_function() {
session_start();
require 'connection.php';
$_SESSION["username_error"] = $username_error;
$_SESSION["password_error"] = $password_error;
//var_dump($_SESSION["username_error"]); die('!');
$v_username = $_POST['username'];
$v_password = $_POST['password'];
//$v_captcha = $_POST['captcha'];
$username = validation($v_username);
$password = validation($v_password);
//$captcha = validation($v_captcha);
$remember = isset($_POST['remember']);
if(empty($username))
{
$_SESSION["username_error"] = "<p>Please enter your username!</p>";
header("Location: login.php");
}
if(empty($password))
{
$_SESSION["password_error"] = "<p>Please enter your password!</p>";
header("Location: login.php");
}
if(!empty($username) && !empty($password)) {
$sql = "SELECT * FROM member_auth WHERE username = :username";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':username',$username);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$cryptpass = $user['cryptpass'];
if($user === false){
$_SESSION["username_error"] = "<p>User doesn't exist</p>";
header("Location: login.php");
} elseif($user) {
$newPass = crypt($password,$cryptpass);
if($cryptpass == $newPass) {
//var_dump($cryptpass == $newPass); die('!'); this returns true
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $username;
if($remember == "on") {
setcookie("remember",$username,time()+3600);
}
header('Location: login_success.php');
} else {
$_SESSION["password_error"] = "<p>Password is not correct!</p>";
header("Location: login.php");
}
}
}
}
?>
login.php
<?php
session_start();
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Welcome to Love Her Feet</title>
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<link rel="stylesheet" href="/login_assets/css/style.css">
<link href="https://fonts.googleapis.com/css?family=Raleway:300,400,500&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap" rel="stylesheet">
<link rel="stylesheet" href="/login_assets/css/media.css">
<script src="/login_assets/js/jquery.min.js"></script>
<script src="/login_assets/js/modernizr.custom.js"></script>
<!-- <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous"> -->
</head>
<div id="login_body">
<header class="clear hBlack">
<div class="jLogo"><a href="/"><img src="/login_assets/images/logo.png" alt=""></a></div>
</header>
<div class="logArea clear">
<form action="custom_functions.php" method="post" enctype="application/x-www-form-urlencoded">
<div class="logbox">
<div class="box clear">
<h2>Members Area</h2>
<div class="logTypes">
<input type="text" name="username" class="logtextbox" placeholder="username or email">
<span class="text-danger"><?php if(isset($_SESSION['username_error'])){ echo $_SESSION["username_error"]; unset($_SESSION["username_error"]); } ?></span>
<input type="password" name="password" class="logtextbox" placeholder="Password"><br>
<span class="text-danger"><?php if(isset($_SESSION['password_error'])){ echo $_SESSION["password_error"]; unset($_SESSION["password_error"]); } ?></span>
<!-- <input type="text" name="captcha" class="logtextbox" placeholder="Enter the code shown below"><br>
<img style="margin: 0 auto;" src="captcha.php">
<span class="text-danger"></span> -->
<div style="text-align: center">Remember my login: <input name="remember" type="checkbox"></div>
</div>
</div>
<input type="submit" value="submit" class="logBtn" name="submit">
</div>
</form>
<div class="logtext1">
</div>
<div class="logtext2">
</div>
</div>
</div>
<footer class="clear">
</footer>
</div>
</html>
login_success.php
<?php
session_start();
if(isset($_SESSION["loggedin"]) || $_COOKIE["remember"]) {
header("Location: members");
/* echo "Welcome,{$_SESSION["username"]} <br>";
echo "<a href='logout.php'>Logout</a>"; */
} else {
header("Location: login.php");
}