这刚刚出现:当我尝试通过ajax登录时,出于某种奇怪的原因,Username field is not set被打印出来,但用户名被明确设置。
<?php
require_once (dirname(__FILE__) . '/../../inc/inc.all.php');
$username;
$password;
$remember;
$token;
if (!isset($_POST['username'])) {
echo "Username field must be set!";
die();
}
$username = $_POST['username'];
if (!isset($_POST['password'])) {
echo "Password field must be set";
die();
}
$password = md5($_POST['password']);
$remember = $_POST['remember'];
if (!isset($_POST['token'])) {
echo "There was a problem logging you in securly, Prehaps you are trying to log in from a different window?";
die();
} else {
$token = $_POST['token'];
}
// Validate token
if (!isset($token) || $token != $_SESSION['token']) {
echo "Invalid token: There was a problem logging you in securley, Prehaps you are trying to log in from a different window?";
die();
}
// Log the user in
$sql = "SELECT ID FROM cs_users WHERE username = '{$username}' AND password = '{$password}'";
$query = $db -> query($sql);
if ($query -> num_rows) {
list($id) = @array_values($query -> fetch_assoc());
if ($remember) {
$expire = time() + 60 * 60 * 24 * 180;
echo $id.'<br>'.$username.'<br>'.$password.'<br>';
setcookie("id", $id, $expire);
setcookie("username", $username, $expire);
setcookie("password", $password, $expire);
header("LOCATION:{$_SERVER['PHP_SELF']}");
} else {
$_SESSION['id'] = $id;
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
}
echo true;
} else {
echo "Invalid username/password";
die();
}
?>
在上面的代码中,如果我将_POST更改为_GET并通过login.php?username=mrkirby153&password=admin&remember=true&token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx访问页面,它仍然显示该字段未设置。(是的,我知道我的代码中存在一些重大的安全"漏洞"。我正在努力修复它。
var_dump($_POST) : array(0){}
网页表单
<div id="login">
<div id="login-err"></div>
<label for="username">Username: </label>
<input type="text" name="username" id="loginUsername" placeholder="Username">
<label for="password">Password: </label>
<input type="password" name="password" id="loginPass" placeholder="Password">
<input type="button" name="loginBttn" id="loginSubmit" class="btn btn-success" value="Log in" onclick="userLogin()">
<br>
<label for="remember">Remember me?</label>
<input type="checkbox" name="remember" id="loginRemember">
<br>
<a href="forgot">Forgot login credentials?</a>
<input type="hidden" name="token" id="loginToken" value="<?php echo $token?>">
</div>
用于 ajax 的方法:
function userLogin() {
var username = $("#loginUsername").val();
var password = $("#loginPass").val();
var remember = $("#loginRemember").is(':checked');
var token = $("#loginToken").val();
alert(username);
$(".ajax-loader").fadeIn("slow");
$("#login").slideUp("slow");
$.ajax({
type : "GET",
url : "internal/CloudShop/ajax/login.php",
dataType : "html",
data : "username=" + username + "&password=" + password + "&remember=" + remember + "&token=" + token,
success : function(result) {
if (result != "1") {
$("#login-err").html(result);
$("#login").slideDown("slow");
} else
location.reload();
$(".ajax-loader").fadeOut("slow");
}
});
}
站点注释:它仍然设置cookie,如果我刷新页面,我就会登录
尝试将data参数更改为:
data : { username: username,
password: password,
remember: remember ? 'true' : 'false',
token: token
},
然后,jQuery将正确编码参数。
您的表单被提交两次的原因可能是因为正常的表单提交发生在userLogin()返回之后。将提交按钮更改为:
<input type="button" name="loginBttn" id="loginSubmit" class="btn btn-success" value="Log in" onclick="userLogin(); return false;">
从提交按钮返回false将禁用默认操作。
我自己修复了它。设置cookie后,我正在执行header("LOCATION:{$_SERVER['PHP_SELF']}");,它将再次重新调用登录表单,但没有任何$_POST数据