为什么我只在输入错误的凭据时才得到一个未定义的变量?
Why am I getting an undefined variable only when the wrong credentials are entered?
首先,我正在做的项目:
创建一个网站,用户可以在其中登录并记录他们所做的志愿者小时数。
我在这里看了一个类似的问题:PHP login error "Undefined Variable"
我尝试了上面 post 中的解决方案,但它对我不起作用。未定义的变量仅在输入错误的 username/password 时出现,但在输入正确的用户名和密码时工作正常。我不确定为什么会这样,但我需要一些帮助来找到解决方案。这是我遇到问题的页面代码。谢谢。
登录html表单:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Simple login form</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/style.css"/>
</head>
<body>
<div class="container">
<div class="login">
<h1 class="login-heading">
<strong>Welcome.</strong> Please login.</h1>
<form method="post" action="login.php">
<input type="text" name="uname" placeholder="Username" required="required" class="input-txt" />
<input type="password" name="pword" placeholder="Password" required="required" class="input-txt" />
<div class="login-footer">
<a href="forgot.html" class="lnk">
<span class="icon icon--min">ಠ╭╮ಠ</span>
<span class="register">I've forgotten something</span></a>
<input name="submit" value="Login" type="submit" class="btn btn--right"><br>
<a href="register.html" class="lnk">
<span class="register">Not a member? Click here to register!</span></a>
</div>
</form>
</div>
</div>
<script src="js/index.js"></script>
</body>
</html>
PHP 处理表单信息的表单:
<?php
include("encrypt_decrypt.php");
$username="root";
$password="";
$server="localhost";
$db_name="userauthentication";
$uname="";
$pword="";
$error_msg="";
if(isset($_POST["submit"])){
$db_handle = mysqli_connect($server, $username, $password);
$db_found = mysqli_select_db($db_handle, $db_name);
$uname = $_POST["uname"];
$uname = htmlspecialchars($uname);
$uname = mysqli_real_escape_string($db_handle, $uname);
$pword = $_POST["pword"];
$pword = htmlspecialchars($pword);
$pword = mysqli_real_escape_string($db_handle, $pword);
$pword = encrypt_decrypt("encrypt", $pword);
if($db_found){
if($uname == "admin"){
$SQL = "SELECT * FROM WHERE username = '$uname' AND pword = '$pword'";
$result = mysqli_query($db_handle, $SQL);
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
session_start();
$_SESSION['login'] = "2";
header("Location: adminpage.html");
}else{
print("error");
}
}else if($uname != "admin"){
$SQL = "SELECT * FROM login WHERE username = '$uname' AND password = '$pword'";
$result = mysqli_query($db_handle, $SQL);
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
session_start();
$_SESSION['login'] = "1";
header("Location: mainpage.html");
}else{
$uname = '';
$pword = '';
print("error");
}
}
}
}
?>
最后但同样重要的是,我使用的 encrypt_decrypt 函数用于密码安全。 这是我在第 6 行和第 7 行遇到未定义变量问题的实际页面。
<?php
function encrypt_decrypt($action, $string) {
$output = false;
$encrypt_method = "AES-256-CBC";
**$secret_key = $pword;**
**$secret_iv = $pword;**
// hash
$key = hash('sha256', $secret_key);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
}
else if( $action == 'decrypt' ){
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
return $output;
}
?>
This is a picture after I entered in the right username but wrong password
您传入一个名为 $pword 的变量,但它在函数中称为 $string。更新代码如下。
$secret_key = $string;
$secret_iv = $string;
错误总是发生。但是在成功登录的情况下,您正在执行 header 重定向到 adminpage.html 或 mainpage.html。这就是为什么在使用正确的 username/password 组合时看不到错误的原因。
该错误是在 encrypt_decrypt() 中使用未知变量 pword 的结果。将其替换为 $string 或使用 global 语句将 $pword 导入到 encrypt_decrypt().
的范围内
首先,我正在做的项目: 创建一个网站,用户可以在其中登录并记录他们所做的志愿者小时数。
我在这里看了一个类似的问题:PHP login error "Undefined Variable"
我尝试了上面 post 中的解决方案,但它对我不起作用。未定义的变量仅在输入错误的 username/password 时出现,但在输入正确的用户名和密码时工作正常。我不确定为什么会这样,但我需要一些帮助来找到解决方案。这是我遇到问题的页面代码。谢谢。
登录html表单:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Simple login form</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/style.css"/>
</head>
<body>
<div class="container">
<div class="login">
<h1 class="login-heading">
<strong>Welcome.</strong> Please login.</h1>
<form method="post" action="login.php">
<input type="text" name="uname" placeholder="Username" required="required" class="input-txt" />
<input type="password" name="pword" placeholder="Password" required="required" class="input-txt" />
<div class="login-footer">
<a href="forgot.html" class="lnk">
<span class="icon icon--min">ಠ╭╮ಠ</span>
<span class="register">I've forgotten something</span></a>
<input name="submit" value="Login" type="submit" class="btn btn--right"><br>
<a href="register.html" class="lnk">
<span class="register">Not a member? Click here to register!</span></a>
</div>
</form>
</div>
</div>
<script src="js/index.js"></script>
</body>
</html>
PHP 处理表单信息的表单:
<?php
include("encrypt_decrypt.php");
$username="root";
$password="";
$server="localhost";
$db_name="userauthentication";
$uname="";
$pword="";
$error_msg="";
if(isset($_POST["submit"])){
$db_handle = mysqli_connect($server, $username, $password);
$db_found = mysqli_select_db($db_handle, $db_name);
$uname = $_POST["uname"];
$uname = htmlspecialchars($uname);
$uname = mysqli_real_escape_string($db_handle, $uname);
$pword = $_POST["pword"];
$pword = htmlspecialchars($pword);
$pword = mysqli_real_escape_string($db_handle, $pword);
$pword = encrypt_decrypt("encrypt", $pword);
if($db_found){
if($uname == "admin"){
$SQL = "SELECT * FROM WHERE username = '$uname' AND pword = '$pword'";
$result = mysqli_query($db_handle, $SQL);
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
session_start();
$_SESSION['login'] = "2";
header("Location: adminpage.html");
}else{
print("error");
}
}else if($uname != "admin"){
$SQL = "SELECT * FROM login WHERE username = '$uname' AND password = '$pword'";
$result = mysqli_query($db_handle, $SQL);
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
session_start();
$_SESSION['login'] = "1";
header("Location: mainpage.html");
}else{
$uname = '';
$pword = '';
print("error");
}
}
}
}
?>
最后但同样重要的是,我使用的 encrypt_decrypt 函数用于密码安全。 这是我在第 6 行和第 7 行遇到未定义变量问题的实际页面。
<?php
function encrypt_decrypt($action, $string) {
$output = false;
$encrypt_method = "AES-256-CBC";
**$secret_key = $pword;**
**$secret_iv = $pword;**
// hash
$key = hash('sha256', $secret_key);
// iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if( $action == 'encrypt' ) {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
}
else if( $action == 'decrypt' ){
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
return $output;
}
?>
This is a picture after I entered in the right username but wrong password
您传入一个名为 $pword 的变量,但它在函数中称为 $string。更新代码如下。
$secret_key = $string;
$secret_iv = $string;
错误总是发生。但是在成功登录的情况下,您正在执行 header 重定向到 adminpage.html 或 mainpage.html。这就是为什么在使用正确的 username/password 组合时看不到错误的原因。 该错误是在 encrypt_decrypt() 中使用未知变量 pword 的结果。将其替换为 $string 或使用 global 语句将 $pword 导入到 encrypt_decrypt().
的范围内