我不想找任何人帮我做所有的跑腿工作,但我有一个开源项目,它在大多数服务器上都能完美工作,但在一个人的服务器上,当你注册或登录时,页面只会刷新而不是登录。数据库中没有任何东西。
$_POST的var_dump看起来一切都很好,我在表单中去掉了尽可能多的数据验证,但没有骰子。
Chrome或Firefox/Firebug中有没有工具可以帮助我了解发生了什么?Chrome中的控制台日志基本上只是告诉我页面已经重新加载,但没有其他信息。我的错误都没有再出现在页面上。这只是一个简单的页面刷新。
这是未经编辑的(减去一堆html)登录文件。它基于一个名为UserCake的旧系统。其中大部分是遗留代码。我要从头开始彻底重写这个项目。
<?php require_once("models/top-nav.php"); ?>
<!-- If you are going to include the sidebar, do it here -->
<?php //require_once("models/left-nav.php"); ?>
</div>
<!-- /.navbar-collapse -->
</nav>
<!-- PHP GOES HERE -->
<?php
//Prevent the user visiting the logged in page if he/she is already logged in
if(isUserLoggedIn()) { header("Location: account.php"); die(); }
//Forms posted
if(!empty($_POST))
{
$token = $_POST['csrf'];
if(!Token::check($token)){
die('Token doesn''t match!');
}
//reCAPTCHA 2.0 check
// empty response
$response = null;
// check secret key
$reCaptcha = new ReCaptcha($privatekey);
// if submitted check response
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
$_SERVER["REMOTE_ADDR"],
$_POST["g-recaptcha-response"]
);
}
if ($response != null && $response->success) {
$errors = array();
$username = sanitize2(trim($_POST["username"]));
$password = trim($_POST["password"]);
//Perform some validation
//Feel free to edit / change as required
if($username == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if($password == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
//A security note here, never tell the user which credential was incorrect
if(!usernameExists($username))
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
}
else
{
$userdetails = fetchUserDetails($username);
//See if the user's account is activated
if($userdetails["active"]==0)
{
$errors[] = lang("ACCOUNT_INACTIVE");
}
else
{
//- THE OLD SYSTEM IS BEING REMOVED - Hash the password and use the salt from the database to compare the password.
//$entered_pass = generateHash($password,$userdetails["password"]);
$entered_pass = password_verify($password,$userdetails["password"]);
if($entered_pass != $userdetails["password"])
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); //MAKE UPGRADE CHANGE HERE
}
else
{
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$_SESSION["userCakeUser"] = $loggedInUser;
//Redirect to user account page
header("Location: account.php");
die();
}
}
}
}
}
?>
<?php
echo resultBlock($errors,$successes);
echo "
<div id='regbox'>
<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>
<p>
";
?>
<label>Username:</label>
<input class='form-control' type='text' name='username' />
</p>
<p>
<label>Password:</label>
<input class='form-control' type='password' name='password' />
</p>
<p><label>Please enter the words as they appear:</label>
<div class="g-recaptcha" data-sitekey="<?php echo $publickey; ?>"></div>
</p>
<p>
<label> </label>
<input class='btn btn-primary' type='submit' value='Login' class='submit' />
</p>
<input type="hidden" name="csrf" value="<?=Token::generate();?>" >
</form>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<!-- footer -->
<?php require_once("models/footer.php"); ?>
将错误报告添加到文件顶部,这将有助于查找错误。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
旁注:显示错误只能在暂存中进行,而不能在生产中进行。
OP回应:
"你做到了,Fred ii,我忘了添加额外的错误报告!谢谢。我得到了一个https://包装器。它在服务器配置中被allow_url_fopen=0错误禁用。这显然会有很大帮助!–Dan Hoover’