【发布时间】:2012-07-15 10:47:36
【问题描述】:
我正在使用我在专家交流中找到的登录脚本在用户登录时制作 cookie。
登录页面流程如下:
function process_login() {
var username = $.trim($('#input_username').val());
var password = $.trim($('#input_password').val());
username = $.trim(username);
password = $.trim(password);
var remember = document.getElementById("remember_user_checkbox").checked;
if (!username || !password) {
return false;
}
remember == true ? remember = "true" : remember = "false";
$.ajax({
type: "POST",
cache: false,
url: "login_user.php",
data: "username=" + username + "&password=" + password + "&remember=" + remember,
dataType: "json",
success: function (data) {
if (data == "FALSE") {
$('#input_password').val("");
alert("The username or password you have entered is incorrect.");
return false;
}
window.location = "orders-home.php?<?=time()?>";
}
});
}
并提交到login-user.php,这里:
<?php
include('login-config.php');
$username = pg_escape_string($_POST['username']);
$password = pg_escape_string($_POST['password']);
//no encryption for now
//php gets this as a string
$remember = $_POST['remember'];
if ( $remember == "true" )
{
$remember = TRUE;
}
else
{
$remember = FALSE;
}
$user_query = "SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 1";
$user_result = pg_query( $con , $user_query );
if ( !$user_result )
{
echo json_encode("FALSE");
}
$arr = array();
if (!$user_result)
{
die( pg_last_error($con) );
}
else
{
while ( $row = pg_fetch_array($user_result) )
{
//put the customer id in a session so we can put it in a cookie later
//then when the page is refreshed the stored customer id will be used
//as their ksisoldby identifier
if ( $row['cust_id'] )
{
$_SESSION['customer_id'] = $row['cust_id'];
$_SESSION['customer_name'] = $row['first_name']." ".$row['last_name'];
$_SESSION['uid'] = $row['id'];
if ( $remember )
{
remember_user($row["id"]);
}
}
$arr[] = array(
"first_name" =>$row['first_name'],
"last_name" =>$row['last_name'],
"customer_id" =>$row['cust_id'],
"accepted_terms" =>$row['accepted_terms'],
);
}
}
if ( empty($arr) ){
echo json_encode('FALSE');
}
else
{
$path = '/webtrack';
$site = 'www.isco.net';
if ($remember === TRUE)
{
$remember_time = time()+60*60*24*30;
setcookie('username', $username, $remember_time, $path, $site);
setcookie('customer_id', $_SESSION['customer_id'], $remember_time, $path, $site);
setcookie('customer_name', $_SESSION['customer_name'], $remember_time, $path, $site);
// setcookie('uuk', $uuk, $remember_time, $path, $site);
}
else
{
setcookie('username', $username, false, $path, $site);
setcookie('customer_id', $_SESSION['customer_id'], false, $path, $site);
setcookie('customer_name', $_SESSION['customer_name'], false, $path, $site);
}
echo json_encode($arr);
}
?>
然后我从那个 cookie 打印到主屏幕上
<div class="fl customer_id">
<?= strtoupper($_COOKIE['customer_name']); ?>
</div>
但我得到了错误
Notice: Undefined index: customer_name in /home/iscotest/public_html/webtrack/orders-home.php
实际站点是 www.isco.net。但该网站托管在 iscotest.com。 isco.net 只是指向 iscotest.com。这可能是我的 cookie 没有被设置的原因吗?
这是一个相当大的问题,因为这完全停止了页面的加载,因为该 cookie 信息用于检索显示的数据
另一件奇怪的事情是,这个错误并没有始终如一地出现。我在一台计算机上的 safari 和 chrome 上出现错误,但该站点在 safari 和 chrome 的另一台计算机上正常运行。
感谢您的帮助
【问题讨论】:
-
右舷船头的 SQL 注入,船长!
-
这是我遇到问题的原因,还是只是,我还没有逃避?
-
不,这只是一个潜在的问题(这就是为什么它只是一个评论而不是一个答案:-) 我不确定为什么 cookie 不起作用。
-
其他 cookie 工作正常吗?
-
是的,cookie 绑定到域。是的,你没有逃跑。 (如果您想保留繁琐过时的 mysql_* 接口,而不是使用 PDO 隐式完成,那么它更简单的预处理语句是您的愚蠢选择。)
标签: php javascript postgresql cross-browser browser