首先,我正在从事的项目:创建一个网站,用户可以在其中登录并记录他们完成的志愿者小时数。
我在这里看了一个类似的问题:PHP 登录错误"未定义的变量"
我尝试了上面帖子中的解决方案,但它对我不起作用。未定义的变量仅在输入错误的用户名/密码时发生,但在输入正确的用户名和密码时工作正常。我不确定为什么会发生这种情况,但我希望得到一些帮助来找到解决方案。这是我遇到问题的页面的代码。谢谢。
登录 html 表单:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Simple login form</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/style.css"/>
</head>
<body>
<div class="container">
<div class="login">
<h1 class="login-heading">
<strong>Welcome.</strong> Please login.</h1>
<form method="post" action="login.php">
<input type="text" name="uname" placeholder="Username" required="required" class="input-txt" />
<input type="password" name="pword" placeholder="Password" required="required" class="input-txt" />
<div class="login-footer">
<a href="forgot.html" class="lnk">
<span class="icon icon--min">ಠ╭╮ಠ</span>
<span class="register">I've forgotten something</span></a>
<input name="submit" value="Login" type="submit" class="btn btn--right"><br>
<a href="register.html" class="lnk">
<span class="register">Not a member? Click here to register!</span></a>
</div>
</form>
</div>
</div>
<script src="js/index.js"></script>
</body>
</html>
处理表单中信息的 PHP 表单:
<?php
include("encrypt_decrypt.php");
$username="root";
$password="";
$server="localhost";
$db_name="userauthentication";
$uname="";
$pword="";
$error_msg="";
if(isset($_POST["submit"])){
$db_handle = mysqli_connect($server, $username, $password);
$db_found = mysqli_select_db($db_handle, $db_name);
$uname = $_POST["uname"];
$uname = htmlspecialchars($uname);
$uname = mysqli_real_escape_string($db_handle, $uname);
$pword = $_POST["pword"];
$pword = htmlspecialchars($pword);
$pword = mysqli_real_escape_string($db_handle, $pword);
$pword = encrypt_decrypt("encrypt", $pword);
if($db_found){
if($uname == "admin"){
$SQL = "SELECT * FROM WHERE username = '$uname' AND pword = '$pword'";
$result = mysqli_query($db_handle, $SQL);
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
session_start();
$_SESSION['login'] = "2";
header("Location: adminpage.html");
}else{
print("error");
}
}else if($uname != "admin"){
$SQL = "SELECT * FROM login WHERE username = '$uname' AND password = '$pword'";
$result = mysqli_query($db_handle, $SQL);
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
session_start();
$_SESSION['login'] = "1";
header("Location: mainpage.html");
}else{
$uname = '';
$pword = '';
print("error");
}
}
}
}
?>
最后但并非最不重要的一点是,我用于密码安全性的encrypt_decrypt功能。这是我在第 6 行和第 7 行遇到未定义变量问题的实际页面。
<?php
function encrypt_decrypt($action, $string) {
$output = false;
$encrypt_method = "AES-256-CBC";
**$secret_key = $pword;**
**$secret_iv = $pword;**
// hash
$key = hash('sha256', $secret_key);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
}
else if( $action == 'decrypt' ){
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
return $output;
}
?>
这是我输入正确的用户名但密码错误后的图片
你传入一个名为 $pword 的变量,但它在函数中被称为$string。更新代码,如下所示。
$secret_key = $string;
$secret_iv = $string;
总是发生错误。但是,如果成功登录,您将执行标头重定向到adminpage.html或主页.html。这就是为什么在使用正确的用户名/密码组合的情况下看不到错误的原因。该错误是在 encrypt_decrypt() 中使用未知变量 pword 的结果。将其替换为 $string 或使用全局语句将$pword导入 encrypt_decrypt() 的范围。