I have tried my code on lamp, wamp and xampp - with it only working on lamp. However, if I swap out the php.ini file from lamp into xampp, it works - hence, I surmise I'm coding in a sloppy way on LAMP that my php.ini is irritatingly permissive of.
Currently, my LAMP php.ini breaks my xampp mysqli, and it seems to me that my lamp code must be dirty in any case, so I was wondering if you guys could see what needs cleaning here?
class datamanagement{
protected $mysql_host = "localhost";
protected $mysql_username = "root";
protected $mysql_password = "";
protected $mysql_database = "data";
protected $security_table = "users";
function __construct($security_level = 0)
{
$this->security($security_level);
}
protected function mysql_connect_func(){
// ...standard mysql connect stuff
}
protected function security($security_level){
session_start();
if(isset($_GET['logout'])){
session_unset();
}
if($security_level > 0)
{
if(!isset($_SESSION['initiated'])){
if(!isset($_POST['username']) || empty($_POST['username']) || empty($_POST['password']))
{
if(isset($_GET['logout']))
{
$string = rtrim($_SERVER['PHP_SELF'], '?logout');
}
?>
<div class="main_container">
<div class="form_container">
<?php
if(isset($_GET['logout']))
{
echo "<p>successfully logged out</p>";
}else
{
echo "<p>Access to this section require logging in</p>";
}
?>
<form method="post" action="<?php echo $string ?>"><input
type="hidden" name="login" value="true"></input>
<div><label for="title">Username:</label> <input name="username"
type="text" value="<?php echo $_POST['username']; ?>"></input><?php if(isset($_POST['username']) && $_POST['username'] == ''){echo "username required";}?><br>
</div>
<div><label for="post">Password:</label> <input name="password"
type="password"></input><?php if(isset($_POST['username']) && $_POST['password'] == ''){echo "password required";}?><br>
</div>
<input type="submit" value="Sign in" name="submit"></input></form>
</div>
</div>
<?
exit();
} // end if - no username or password were posted
else{
$this->mysql_connect_func();
$sql = "SELECT * FROM " . $this->security_table . " WHERE username='" . $_POST['username'] . "'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fet开发者_开发知识库ch_assoc($result);
if(mysql_num_rows($result) != 0)
{
if(sha1($_POST['password']) == $row['password'])
{
session_regenerate_id();
$_SESSION['initiated'] = "true";
$_SESSION['username'] = $row['username'];
$_SESSION['authority'] = $row['authority'];
} // end if sha1 of $_POST password == $row password
else {
?>
<div class="main_container">
<div class="form_container">
<?php
echo 'Incorrect password<br><a href="' . $_SERVER['PHP_SELF'] . '">Please try again</a>';
?>
</div>
</div>
<?php
exit();
} // if password is wrong
} // end if no rows with username returned
else{
?>
<div class="main_container">
<div class="form_container">
<?php
echo 'Incorrect username <br><a href="' . $_SERVER['PHP_SELF'] . '">Please try again</a>';
?>
</div>
</div>
<?php
exit();
} // if username not found
} // end else - no username or password were posted
} // end if - check the session !initiated
else { //*THIS IS THE LINE THAT THROWS THE ERROR IN XAMPP AND WAMP*
if($_SESSION['authority'] < $security_level)
{
die("security clearance insufficient");
}
} // end else - check the session !initiated
} // end if $security_level <= 0
} // end of function security()
}
I apologise that it's such a hefty chunk of code, I couldn't think of a logical way to break it up without compromising someone's ability to help me find the error. If you guys have any suggestions about bringing the size of the beast down to a more readable amount, please do say!
i am not sure if this will help you - however in line 67 you are missing a terminal ;
after the $string
variable.
and on a lighter note - </input>
tags are not part of the HTML strict markup...
use <input type="submit" value="Sign in" name="submit" />
instead
精彩评论