我不知道我的代码中出了什么问题。我已经使用ajax调用实现了登录和注册。现在,我试图在PHP中使用cookie来实现记住我。我的代码像这样
<?php require 'database.php';
session_start();
if(!empty($_POST["login"])) {
#$conn = mysqli_connect("localhost", "root", "", "blog_samples");
$sql = "Select * from login where Username = '" . $_POST["member_name"] . "' and Password = '" . ($_POST["member_password"]) . "'";
$result = mysqli_query($conn,$sql);
$user = mysqli_fetch_array($result);
if($user) {
if(!empty($_POST["remember"])) {
setcookie ("member_login",$_POST["member_name"],time()+ (10 * 365 * 24 * 60 * 60));
setcookie ("member_password",$_POST["member_password"],time()+ (10 * 365 * 24 * 60 * 60));
} else {
if(isset($_COOKIE["member_login"])) {
setcookie ("member_login","");
}
if(isset($_COOKIE["member_password"])) {
setcookie ("member_password","");
}
}
header("location:private.php");
}
}
?>
<!DOCTYPE html>
<html >
<body>
<div class="container-fluid">
<div class="form-body-login col-md-6 col-xs-6">
<form class="Login" method="post" action="private.php">
<div class="row buttons">
<div type="submit" class="col-md-6 col-xs-6 login">Login</div>
<div type="submit" class="col-md-6 col-xs-6 sign_up">Sign up</div>
</div>
</div>
<div class="login_body">
<div class="row user_name">
<i class="fa fa-user fa-2x col-md-1 col-xs-1" aria-hidden="true"></i>
<input type="text" class="col-md-10 col-xs-10 username" id="username_login" placeholder="abc@xyz.com" name="member_name" value="<?php if(isset($_COOKIE["member_login"])) { echo $_COOKIE["member_login"]; } ?>" />
</div>
<div class="row pwd">
<i class="fa fa-key fa-2x col-md-1 col-xs-1" aria-hidden="true"></i>
<input type="password" class="col-md-10 col-xs-10 password" id="password_login" placeholder="Password" name="member_password" value="<?php if(isset($_COOKIE["member_password"])) { echo $_COOKIE["member_password"]; } ?>"/>
</div>
<div class="row remember col-md-11 col-xs-11">
<label><input type="checkbox" name="autologin" id="checkbox" name="remember" <?php if(isset($_COOKIE["member_login"])) { ?> checked <?php } ?>/> Remember Me </label>
</div>
<div class="row col-md-11 col-xs-11">
<button type="submit" id="button" name="login">Login</button>
</div>
</div>
<div class="form-body-signup">
<div class="row username_signup">
<input type="text" id="username_signup" class="col-md-10" placeholder="Enter user name"/>
</div>
<div class="row password_signup">
<input type="password" id="password_signup" class="col-md-10 col-xs-10" placeholder="Enter password here" />
</div>
<div class="row phone">
<input type="text" id="phone" class="col-md-10 col-xs-10" placeholder="enter phone number" />
</div>
<div class="row signup_button">
<button type="submit" id="check">Create New User</button>
</div>
</div>
</form>
</div>
</div>
</body>
</html>
在登录或注册时,完成了所有必要的验证后,该页面将指向private.php。该页面看起来像这样:
<?php
echo"Hello";
session_start();
#$_SESSION["member_id"] = "";
session_destroy();
#header("Location: ./");
?>
但是,如果我检查记住我的复选框,饼干就不会存储。我是第一次这样做,并且真的不知道这里出了什么问题。
set_cookie在下一页加载之后,我的经验中没有更新$ _cookie超级全局数组。因此,如果您要将信息保存到cookie,请记住,您还需要同时手动将其添加到$ _cookie中,因此您需要添加:
$_COOKIE['member_login'] = $_POST['member_login'];
例如,如果您想检查cookie的值而不重新加载脚本。
这是代码应该是什么样子的示例:
if($user) {
if(!empty($_POST["remember"])) {
setcookie ("member_login",$_POST["member_name"],time()+ (10 * 365 * 24 * 60 * 60));
$_COOKIE['member_login'] = $_POST['member_login']; // This is new
setcookie ("member_password",$_POST["member_password"],time()+ (10 * 365 * 24 * 60 * 60));
$_COOKIE['member_password'] = $_POST['member_password']; // This is new
} else {
if(isset($_COOKIE["member_login"])) {
setcookie ("member_login","");
$_COOKIE['member_login'] = ''; // This is new
}
if(isset($_COOKIE["member_password"])) {
setcookie ("member_password","");
$_COOKIE['member_password'] = ''; // This is new
}
}
header("location:private.php");
}
话虽如此,@oldpadawan的观点是,您确实应该消毒正在通过表格提交的数据,否则您将对SQL注入攻击和XSS攻击保持开放。
,如果您同时包装set_cookie并将Super-Global $ _Cookie设置为这样的完整功能,则将来也可能会更容易。
function set_inline_accessible_cookie( $key, $value, $exp = null ) {
if ( is_null( $exp ) || ! is_numeric( $exp ) ) {
$exp = time() + ( 86400 * 30 );
}
$_COOKIE[ $key ] = $value;
return setcookie( $key, $value, $exp, '/' );
}
Cookies will not become visible until the next loading of a page that the cookie should be visible for.根据php doc
您想实现的目标,(恕我直言(最好的是:
- 对DB 进行检查后,您对用户的数据进行了消毒
- 设置(全(cookie(s(
- 重定向到
private.php(那时Cookie将处于活动状态( - 在该页面上检查cookie(S(以授予/拒绝访问
在您的情况下:$ sql-> $结果 -> $ user-> setCookies(一次一次( ->重定向。在工作示例下方(页面是自称 ->'rememe-me.php'(:
<?php
// only example, adapt to your needs
error_reporting(E_ALL); ini_set('display_errors', 1);
//print_r($_COOKIE); // only for checking if needed
if(isset($_POST['login'])) {
$member_name = $_POST['member_name'];
$remember_me = $_POST['remember_me'];
//print_r($_POST); // only for checking if needed
if(isset($remember_me)) {
setcookie("member_login", $member_name);
setcookie("remember_me", 1);
echo"We will remember you next time! <a href="remember-me.php">Check this !</a>"; // or redirect to private.php without output before
}
}
?>
<form method="post" action="remember-me.php">
<p><input type="text" id="member_name" name="member_name" value="<?php if(isset($_COOKIE["member_login"])) { echo $_COOKIE["member_login"]; } ?>" /></p>
<p><input type="checkbox" name="remember_me" id="remember_me" name="remember_me" <?php if(isset($_COOKIE["remember_me"])) { ?> checked="checked" <?php } ?>/> Remember Me </label></p>
<p><input type="submit" id="login" name="login" value="Login" /></p>
</form>
编辑2 ->适应您的初始问题(聊天和进一步查询 - 下面是原始代码示例(:
<?php
session_start();
require'database.php';
if(isset($_POST['login'])) {
// connect to DB
$sql = " xxxx "; // make query
if($user) { // if results
$member_name = $_POST['member_name']; // or return from DB row, up to you
$remember_me = $_POST['remember_me'];
if(isset($remember_me)) {
setcookie("member_login", $member_name);
setcookie("remember_me", 1);
}
// could use session here if needed and no output before
header("location:private.php");
}
}
?>
不仅在一个页面上,而且在所有页面上(包括您显示的内容(,您应该真正考虑使用PPS:准备的参数化语句。这将有助于防止SQL注入
以及:
永远不要使用/商店plin-Text密码,使用password_hash和password_verify