1. 技术文章
  2. Login Script Not Executing - Bluehost

Login Script Not Executing - Bluehost

生来就可爱ヽ(ⅴ<●) 提交于 2019-12-25 05:16:24

问题


I have the following log in script that is run when a user hits the submit button on the login form on www.msheeksproductions.com. I have removed the DB login info for security reasons.

    <?php
error_reporting(E_ALL);
        $user = '***************';
        $pass = '***************';
        $host = '***************';
        $data = '***************';
$userN=$_POST['userN'];
$passW=$_POST['passW'];

mysql_connect($host, $user, $pass)or die("Could not connect");
mysql_select_db($data)or die("Database Not Found");

$query="SELECT userID FROM sec_login WHERE Username='$userN' AND Password='passW'";
$result=mysql_query($query) or die(mysql_error());

$user=mysql_num_rows($result);
if($user==1) {
    session_register("userN");
    header("location: ../index.php");
}
else {
echo("You have entered invalid login information.");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>

My issue is, if you land on the security.php page, nothing happens. The PHP script doesn't seem to be being executed at all. I'm not sure if I have a syntax error somewhere, or if it's a configuration issue with my hosting account. The server is using PHP 5.2. Does anyone know if there are known issues with Bluehost for these sorts of things? If there's a coding error, then obviously I would love to know as well. I'm new to this, so I may not have done everything right.

Also, I am attempting to call the variable again in the index.php file, which seems to not return any data.

<?php $usr=$_SESSION['username']; 
echo "User Name Is: $usr"; ?>

Thanks in advance!


回答1:


Please consider the following:

  • Beware of SQL injection(Stopped by mysql_real_escape_string);
  • Beware of session fixation / hijacking;
  • Beware or brute force attacks;

  • Please check http://php.net/pdo for better error handling and query parameters....

    <?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $user = '***************';
    $pass = '***************';
    $host = '***************';
    $data = '***************';

    mysql_connect($host, $user, $pass) or die("Could not connect");
    mysql_select_db($data) or die("Database Not Found");

    $result=mysql_query("SELECT COUNT(1) FROM sec_login WHERE Username='".mysql_real_escape_string($_POST['username'])."' AND Password='".mysql_real_escape_string($_POST['password'])."'") or die(mysql_error());

    if(mysql_result($result) == 1) {
        $_SESSION['username'] = $_POST['username'];
        header("location: ../index.php");
        exit;
    } else {
        $message = 'You have failed to provide valid credentials.';
    }
} else {
    $message = '<form method="post">
                    <input type="text" name="username" value="username" />
                    <br />
                    <input type="password" name="password" value="password" />
                    <br />
                    <input type="submit" />
                </form>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
    </head>

    <body>
        <?php echo $message; ?>
    </body>
</html>



回答2:


Alright, in case anyone stumbles upon this and needs an example. The following is the code I am now using for a functioning log in script:

<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $user = '***********';
    $pass = '***********';
    $host = '***********';
    $data = '***********';

    mysql_connect($host, $user, $pass) or die("Could not connect");
    mysql_select_db($data) or die("Database Not Found");

    $result=mysql_query("SELECT userID FROM sec_login WHERE Username='".mysql_real_escape_string($_POST['userN'])."' AND Password='".mysql_real_escape_string($_POST['passW'])."'") or die(mysql_error());

    if(mysql_num_rows($result) == 1) {
        $_SESSION['login']=1;
        $_SESSION['username']=$_POST['userN'];
        $session= session_name() . '=' . session_id();
        header("location: ../index.php?".$session);
        exit();
    } else {
        $message = 'You have failed to provide valid credentials.';
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
    </head>

    <body>
        <?php echo $message; ?>
    </body>
</html>

connection variables omitted, of course. In order for the other pages to get at the session variables be sure that every page starts with (On literally the first line of code, before even your doctype declaration)

Thanks for you help folks!



来源:https://stackoverflow.com/questions/10689444/login-script-not-executing-bluehost

标签
php
mysql
security
login
bluehost
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!