我试图使这段代码工作,但由于某种原因我不能:
<?php
include 'AS.php';
//csrf protection
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
die("Sorry bro!");
$url = parse_url( isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
if( !isset( $url['host']) || ($url['host'] != $_SERVER['SERVER_NAME']))
die("Sorry bro!");
$action = $_POST['action'];
switch ($action) {
case 'checkLogin':
$logged = $login->userLogin($_POST['username'], $_POST['password']);
if($logged === true)
header( "refresh: 5; url=index.php" );
echo 'You''ll be redirected in about 5 secs. ';
echo 'If not, click <a href="index.php">here</a>.';
break;
不知道为什么header("refresh: 5;url = index . php ");
如果我只是尝试头重定向,它做的工作,但页面不能正确加载,它加载与一些CSS问题,所以我决定使用刷新。
这个想法是,当用户登录时,它只是刷新页面,所以他将在我的脚本的后端区域。
好吧,所以我认为是我的错误没有解释好情况:
我有这个脚本,原始代码是这样的:<?php
include 'AS.php';
//csrf protection
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
die("Sorry bro!");
$url = parse_url( isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
if( !isset( $url['host']) || ($url['host'] != $_SERVER['SERVER_NAME']))
die("Sorry bro!");
$action = $_POST['action'];
switch ($action) {
case 'checkLogin':
$logged = $login->userLogin($_POST['username'], $_POST['password']);
if($logged === true)
echo "true";
break;
case "registerUser":
$register->register($_POST['user']);
break;
case "addUser":
$registeruser->registeruser($_POST['user']);
break;
case "resetPassword":
$register->resetPassword($_POST['newPass'], $_POST['key']);
break;
case "forgotPassword":
$register->forgotPassword($_POST['email']);
break;
case "logout":
ASSession::destroySession();
break;
case "postComment":
$ASComment = new ASComment();
echo $ASComment->insertComment(ASSession::get("user_id"), $_POST['comment']);
break;
case "updatePassword":
$user = new ASUser(ASSession::get("user_id"));
$user->updatePassword($_POST['oldpass'], $_POST['newpass']);
break;
case "updateDetails":
$user = new ASUser(ASSession::get("user_id"));
$user->updateDetails($_POST['details']);
break;
case "updateEmail":
$user = new ASUser(ASSession::get("user_id"));
$user->updateEmail($_POST['email']);
break;
case "updateUser":
$loggedUser = new ASUser(ASSession::get("user_id"));
if(!$loggedUser->isAdmin()) exit();
//$idusuario = ASSession::get("iduser");
$username = $_POST['userdata']['username'];
$result = $db->select("SELECT * FROM `as_users` WHERE `username` = :u", array( 'u' => $username ));
$user = new ASUser($result[0]['user_id']);
$user->updateUser($_POST['userdata']);
break;
case "updatePass":
$loggedUser = new ASUser(ASSession::get("user_id"));
if(!$loggedUser->isAdmin()) exit();
$idusuario = ASSession::get("iduser");
$result = $db->select("SELECT * FROM `as_users` WHERE `user_id` = :u", array( 'u' => $idusuario ));
$user = new ASUser($result[0]['user_id']);
$user->updatePass($_POST['newpass']);
break;
case "changeRole":
$loggedUser = new ASUser(ASSession::get("user_id"));
if(!$loggedUser->isAdmin()) exit();
$user = new ASUser($_POST['userId']);
echo ucfirst($user->changeRole());
break;
case "deleteUser":
$loggedUser = new ASUser(ASSession::get("user_id"));
if(!$loggedUser->isAdmin()) exit();
$user = new ASUser($_POST['userId']);
$user->deleteUser();
break;
case "getUserDetails":
$user = new ASUser($_POST['userId']);
$loggedUser = new ASUser(ASSession::get("user_id"));
if(!$loggedUser->isAdmin()) exit();
$info = $user->getInfo();
//prepare and output result
$result = $user->getDetails();
$result['email'] = $info['email'];
$result['username'] = $info['username'];
echo json_encode($result);
break;
case "addRole":
$loggedUser = new ASUser(ASSession::get("user_id"));
if(!$loggedUser->isAdmin()) exit();
$res = $db->select("SELECT * FROM `as_user_roles` WHERE `role` = :r", array( 'r' => $_POST['role'] ));
if(count($res) == 0) {
$db->insert("as_user_roles", array("role" => strtolower(strip_tags($_POST['role']))));
$result = array(
"status" => "success",
"roleName" => strip_tags($_POST['role']),
"roleId" => $db->lastInsertId()
);
}
else {
$result = array(
"status" => "error",
"message" => "Role already exists."
);
}
echo json_encode($result);
break;
case "deleteRole":
$loggedUser = new ASUser(ASSession::get("user_id"));
if(!$loggedUser->isAdmin()) exit();
//default user roles can't be deleted
if(in_array($_POST['roleId'], array(1,2,3)) )
exit();
$db->delete("as_user_roles", "role_id = :id", array(
"id" => $_POST['roleId']
));
$db->update("as_users", array( 'user_role' => "1" ), "user_role = :r", array( "r" => $_POST['roleId'] ) );
break;
default:
break;
}
问题是,脚本是为了与ajax一起工作,它应该,用ajax重新加载页面,但不是,我在子域上运行这个脚本,我也有一个wordpress安装在主域,ajax工作得很好,但我不确定为什么不工作在这个脚本上,所以我决定也许重新加载页面后提交登录表单的问题将得到解决。
问题是,当我提交表单时,它只显示:"true"消息,但它不重新加载页面,如果我手动重新加载页面,所以它工作,我已经登录了。这就是问题所在。
我仍然是一个新手在整个编码的东西,但我努力,如果有任何其他的代码你需要,为了使这更清楚,我会尝试做它。
您可以简单地使用Location头,即:
header('Location: /home.php');
代替:
header( "refresh: 5; url=index.php" );
你确定$logged giving back是真的吗?
if($logged === true)
header( "refresh: 5; url=index.php" );
echo 'You''ll be redirected in about 5 secs. ';
echo 'If not, click <a href="index.php">here</a>.';
因为如果它不这样做,它仍然会输出echo text但是header不会运行。
确保使用这段代码(使用{}括号)
if($logged === true)
{
header( "refresh: 5; url=index.php" );
echo 'You''ll be redirected in about 5 secs. ';
echo 'If not, click <a href="index.php">here</a>.';
}
else
{
echo 'Wrong username or password!';
}
感谢所有的帮助,最后我找到了这个代码,它工作得很好,登录验证也正常工作,这是代码更改和工作:
`<?php
include 'AS.php';
//csrf protection
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
die("Sorry bro!");
$url = parse_url( isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
if( !isset( $url['host']) || ($url['host'] != $_SERVER['SERVER_NAME']))
die("Sorry bro!");
$action = $_POST['action'];
switch ($action) {
case 'checkLogin':
$logged = $login->userLogin($_POST['username'], $_POST['password']);
if($logged === true)
echo '<script>parent.window.location.reload(true);</script>';
break;`
成功了:
echo '<script>parent.window.location.reload(true);</script>';
我想知道是否可以添加延迟到这个重新加载,所以我可以在登录之前放一个消息,并且我想知道这种方式是否安全。
问好。