我有一个登录系统,似乎只能使用Firefox登录,我在Internet Explorer和Chrome中尝试过使用相同的登录详细信息,但它不允许我登录(验证失败!密码不正确,请重试。")
登录页面的代码如下:
<body class="ui-state-processing">
<div id="cp-wrapper-div">
<div id="cp-topheader-div" class="ui-widget-header">
<div id="cp-topheader-content-div">
<img class="cp-topheader-customer-logo left" alt="Logo" src="images/logo.png" />
<img class="cp-topheader-marandy-logo right" alt="Powered by CompanyName" src="images/powered_by_compname.png" />
</div>
</div>
<div class="clear"></div>
<div id="login-page-wrap">
<div id="login-wrapper" class="ui-corner-all page-div">
<div id="login-input-wrapper" class="div-row-style">
<div id="login-title-top" class="centre-div">
<div id="login-title-icon">
<img src="images/padlock.png" alt="Online Booking Login" class="left" />
</div>
<div id="login-title-text">
<h1 class="drk-grey left">Online Booking Login</h1>
</div>
</div>
<form action="?" method="post" id="frm-useracc-login" name="frm-useracc-login" >
<div id="login-username-wrap" >
<div class="login-input-item left">
<div class="div-search-label left">
<div id="div-leftheader-wrap">
<p class="a-topheader-infotext left"><strong>Username: </strong></p>
</div>
</div>
<div class="login-input-content left div-subrow-style ui-corner-all">
<input type="text" tabindex="1" name="txt-username" id="txt-username" class="input-txt-med required addr-search-input txt-username left">
</div>
</div>
</div>
<div id="login-password-wrap" >
<div class="login-input-item left">
<div class="div-search-label left">
<div id="div-leftheader-wrap">
<p class="a-topheader-infotext left"><strong>Password: </strong></p>
</div>
</div>
<div class="login-input-content left div-subrow-style ui-corner-all">
<input type="password" tabindex="1" name="txt-password" id="txt-password" class="input-txt-med required addr-search-input txt-password left">
</div>
</div>
</div>
<div id="login-btn-bottom" class="centre-div">
<div id="login-btn-right">
<button name="btn-login" id="btn-login" class="btn-med ui-button ui-state-default ui-button-text-only ui-corner-all btn-hover-anim btn-row-wrapper left">Login</button>
<button name="btn-cancel" id="btn-cancel" class="btn-med ui-button ui-state-default ui-button-text-only ui-corner-all btn-hover-anim btn-row-wrapper left">Cancel</button><br /><br />
</div>
</div>
</form>
</div>
<p id="login-status" class="fail-text"><strong><? echo $_SESSION['login-status']; ?></strong></p>
</div>
</div>
这是我的会话。controller.php:
<?php
require_once("controllers/server.filter.php");
require_once('models/server.php');
require_once("models/useraccount.php");
require_once("models/sql.php");
class SessionController {
private static $login_status;
private static $redirect_url;
public static $form_action;
## Getters ##
private static function get_loginstatus() {return self::$login_status;}
## Setters ##
private static function set_loginstatus($in_str) {self::$login_status = $in_str;}
## Functions ##
public static function validate_user() {
UserAccount::set_username($_REQUEST['txt-username']);
UserAccount::set_password($_REQUEST['txt-password']);
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does user exist?
$query = "SELECT COUNT(UserName) FROM tblusers WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
$stmt->closeCursor();
if ($number_of_rows <= 0) {
self::set_loginstatus("The user does not exist in our database, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// User verified, check password...
self::verify_password();
}
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
}
private static function verify_password() {
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does the password given match the password held?
$query = "SELECT COUNT(*) FROM tblusers WHERE UserName = :in_username AND Password = :in_password";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_password();
$param2 = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_password', $param1, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
if ($number_of_rows == 1) {
$_SESSION['username'] = UserAccount::get_username();
// Begin verification..
self::set_useraccount(true);
} else {
self::set_loginstatus("Verification failed! Password incorrect, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function verify_account() {
// Account types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_accounttype() == 9) {
self::set_loginstatus("Verification failed! This account has been disabled."); ## Account disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else
// User login types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_usertype() == 9) {
self::set_loginstatus("Verification failed! This login has been disabled."); ## User login disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// Set redirect url here
if (UserAccount::get_accounttype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 0) {
self::$redirect_url = 'newbooking.php';
}
// All ok, set user and account properties
return true;
}
}
public static function set_useraccount($redirect_bool) {
// If username session is set...
if (isset($_SESSION['username'])) {
UserAccount::set_username($_SESSION['username']);
// Query Database for the rest of the data
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
$query = "SELECT AccountName
FROM tblusers
WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_username();
$stmt->bindParam(':in_username', $param1, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
$stmt->closeCursor();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
UserAccount::set_accountname($row['AccountName']);
try {
$query = "SELECT a.Id, a.AccountName, a.AccountNumber, a.AccountEmail, a.AccountTel,
a.AccountContact, a.AccountType, a.PaymentType, u.UserName,
u.FullName, u.UserEmail, u.UserTel, u.UserType
FROM tblaccounts a JOIN tblusers u
ON a.AccountName = u.AccountName
WHERE a.AccountName = :in_accname
AND u.UserName = :in_username";
$stmt = $dbh->prepare($query);
$param2 = UserAccount::get_accountname();
$param3 = UserAccount::get_username();
$stmt->bindParam(':in_accname', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_username', $param3, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
// Set properties and sessions variables
UserAccount::set_id($row['Id']);
UserAccount::set_accountname($row['AccountName']);
UserAccount::set_accountnumber($row['AccountNumber']);
UserAccount::set_accountemail($row['AccountEmail']);
UserAccount::set_fullname($row['FullName']);
UserAccount::set_accounttel($row['AccountTel']);
UserAccount::set_accountcontact($row['AccountContact']);
UserAccount::set_accounttype((int)$row['AccountType']);
UserAccount::set_paymenttype((int)$row['PaymentType']);
UserAccount::set_useremail($row['UserEmail']);
UserAccount::set_usertel($row['UserTel']);
UserAccount::set_usertype((int)$row['UserType']);
if (self::verify_account()) {
switch (UserAccount::get_paymenttype()) {
case 0:
$_SESSION['ua-paymenttype-asstr'] = 'Credit/Debit Card';
self::$form_action = 'addressdetails.php';
break;
case 1:
$_SESSION['ua-paymenttype-asstr'] = 'Account';
self::$form_action = 'makebooking.php';
break;
case 2:
$_SESSION['ua-paymenttype-asstr'] = 'Cash';
self::$form_action = 'makebooking.php';
break;
}
switch (UserAccount::get_usertype()) {
case 9:
$_SESSION['ua-usertype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-usertype-asstr'] = 'Standard';
break;
case 1:
$_SESSION['ua-usertype-asstr'] = 'Account Administrator';
break;
}
switch (UserAccount::get_accounttype()) {
case 9:
$_SESSION['ua-accounttype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-accounttype-asstr'] = ' ';
break;
case 1:
$_SESSION['ua-accounttype-asstr'] = '(SA)';
break;
}
// Redirect
if ($redirect_bool) {
self::redirect(true);
}
}
} else {
//self::set_loginstatus("Pre-requisite failure! Browser not supporting cookies!"); **Removed**
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function redirect($auth_bool) {
//parent::set_sessionstate(true); ## Set session to active -- persistance to DB
//self::$determine_session_type(); ## Set session type -- persistance to DB
if ($auth_bool == true) {
$doc_root = $_SERVER['DOCUMENT_ROOT'];
self::set_loginstatus('');
$_SESSION['login-status'] = self::get_loginstatus();
header("Location: ".self::$redirect_url);
} else {
header("Location: login.php");
}
}
}
?>
有人知道为什么它似乎只在Firefox中工作吗?
检测登录尝试POST请求的代码在哪里?
通常,当您在检测到按钮或提交字段的$_POST/$_REQUEST变量时触发登录过程时,就会发生这种情况。特别是IE不会总是在你表单的其他部分发布这个。
解决此问题的最佳方法是在表单中提交一个隐藏字段:
<form method = "post" >
<input type = "text" name = "username" value = "1" />
<input type = "password" name = "password" value = "1" />
<input type = "hidden" name = "login_attempt" value = "1" />
<input type = "submit" value = "submit" name = "submit" />
</form>
<?php
if($isset($_POST['login_attempt'])){
$User->login();
}
?>
尝试在一些大型浏览器中通过点击回车或单击提交来提交这样的表单,唯一不可靠的字段将是提交。