Пожалуйста, помогите мне с моей диссертацией. Я не программист, так что терпите меня, пожалуйста.
У меня есть полностью рабочая система, которая находится в базе данных PHP и MYSQL. Но мне нужно изменить его на Oracle XE, поэтому я скачал его и все настроил. Но сейчас у меня проблемы с тем, чтобы заставить его работать. Ребята, не могли бы вы мне помочь?
Поэтому одна из моих проблем заключается в том, что система не распознает имя пользователя, поэтому я не могу войти в систему.
Вот код, используемый. Все в php.
login.php
<div>
<form action="loginprocess.php" method="post" name="logForm" id="logForm" >
<?php // Display error message
if(!empty($_SESSION['error_msg'])) { echo "<p style=\"color:#FF0000; font-size: 14px; padding: 30px 5px 0 20px\" id=\"message\">".$_SESSION['error_msg']."</p>"; }
unset($_SESSION['error_msg']);
?>
<div class="6u 12u$" style="margin:0 auto">
<input type="text" name="username" id="username" placeholder="User Name / Last Name / e-mail" />
</div>
<br />
<div class="6u 12u$" style="margin:0 auto">
<input type="password" name="password" id="password" placeholder="Password" />
</div><div class="6u 12u$" style="margin:0 auto">
<input type="checkbox" id="remember" name="remember" value="1">Remember me
</div>
<div class="12u$">
<ul class="actions">
<li><input type="submit" value="Login" class="special" name="Login" id="Login"/></li>
</ul>
</div>
<br>
</form>
loginprocess.php
<?php
include 'settings/connect.php';
if(session_id() == '') { session_start(); } // START SESSIONS
// Begin Login
foreach($_POST as $key => $value) { $data[$key] = filter($value); }
// Begin log process
if(isset($_POST) && array_key_exists('Login',$_POST)){
// Filter POST Variables
$user_name = $data['username'];
$pass = $data['password'];
// Can use email, lastname or username to login
// if (strpos($user_name,'@') === false) {
// $user_cond = "(username='$user_name' OR last_name='$user_name')";
// }else{
// $user_cond = "email=$user_name";
// }
$user_cond = "username = '$user_name'";
$result = oci_parse($link, "SELECT user_ID,password,first_name,username,email,middle_name,last_name,user_level,approval FROM qmo.system_users WHERE $user_cond") or die (oci_error());
// oci_bind_by_name($stid, ':user', $user_name);
oci_execute($result);
$num = oci_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$pwd,$first_name,$username,$email,$middle_name,$last_name,$userlevel,$approved) = oci_fetch_row($result);
if(!$approved) {
$_SESSION['error_msg'] = "Account not activated. Please check your email for activation code or contact the administrator";
header("Location: index.php");
}
//check against salt
if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
if($_SESSION['error_msg'] == ""){
// this sets session and logs user in
session_regenerate_id (true); //prevent against session fixation attacks.
$full_name = $first_name." ".$middle_name." ".$last_name;
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['full_name'] = $full_name;
$_SESSION['user_level'] = $userlevel;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
//update the timestamp and key for cookie
// $stamp = time();
// $ckey = GenKey();
// $update = oci_parse($link, "update qmo.system_users set ctime='$stamp', ckey = '$ckey' where user_ID='$id'") or die(oci_error());
// oci_execute($update);
//set a cookie
// if(isset($_POST['remember'])){
// setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
// setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
// setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
// }// if ($userlevel == '1') { // check the value of the 'status' in the db
// //go to admin area
// header("Location: index.php");
// } else {
// //go to members area
// header("Location: backend/index.php");// }
header("Location: backend/index.php");
}
}else{ $_SESSION['error_msg'] = "Invalid Login. Please try again with correct user name and password."; header("Location: index.php"); }
}else{ $_SESSION['error_msg'] = "Error - Invalid login. No such user exists"; header("Location: index.php"); }
} // End log process?>
Я также добавлю свои настройки подключения, так как функции здесь.
connect.php
<?php
CONNECT TO DB
define ("DB_HOST", "localhost/XE"); // HOST NAME
define ("DB_USER", "system"); // DATABASE USER
define ("DB_PASS","qwqwqw"); // DATABASE PASSWORD
define ("DB_NAME","qmo"); // DATABASE NAME
define ("DB_PREFIX",""); // DATABASE PREFIX
$link = oci_connect(DB_USER,DB_PASS,DB_HOST);
$db_name = DB_NAME;
date_default_timezone_set("Asia/Manila");
define("COOKIE_TIME_OUT", 10); //specify cookie timeout in days (default is 10 days)
define('SALT_LENGTH', 9); // salt for password
/* Specify user levels */
define ("ADMIN_LEVEL", 2);
define ("STUDENT_LEVEL", 1);
define ("GUEST_LEVEL", 0);
// DEFINE INCLUDE DIRECTORY
define("ROOT",$_SERVER["DOCUMENT_ROOT"]);
define("PAGE",ROOT."/paging/");
define("SETTING",ROOT."/settings/");
/*************** reCAPTCHA KEYS****************/
$publickey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; // get your key at http://www.google.com/recaptcha/whyrecaptcha
$privatekey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; // get your key at http://www.google.com/recaptcha/whyrecaptcha
// BEGIN FUNCTIONS SECTION//GET URL function
function url(){
return sprintf(
"%s://%s%s",
isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http',
$_SERVER['HTTP_HOST'],
$_SERVER['REQUEST_URI']
);
}
$path = $_SERVER['DOCUMENT_ROOT'];
// Base URL Function
function baseurl($url) {
$result = parse_url($url);
return $result['scheme']."://".$result['host'];
}
$urllink = url();
define('SERVER_PATH', dirname(url()));
// get url address function
function getAddress() {
$protocol = $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
return $protocol.'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
}/**** PAGE PROTECT CODE ********************************
This code protects pages to only logged in users. If users have not logged in then it will redirect to login page.
If you want to add a new page and want to login protect, COPY this from this to END marker.
Remember this code must be placed on very top of any html or php page.
********************************************************/
function page_protect() {
session_start();
global $link;
/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT'])) {
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
logout();
exit;
}
}
// Need to check authentication key - ckey and ctime stored in database before allowing sessions
/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) {
if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
/* Double check cookie expiry time against stored in database */
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysqli_query($link, "select `ckey`,`ctime` from `".DB_PREFIX."system_users` WHERE `user_ID` ='$cookie_user_id'") or die(mysqli_error());
list($ckey,$ctime) = mysqli_fetch_row($rs_ctime);
// coookie expiry
if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {
logout();
}
/* Security check with untrusted cookies - dont trust value stored in cookie.
/* Also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) {
session_regenerate_id(); //against session fixation attacks.
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
/* query user level from database instead of storing in cookies */
list($user_level) = mysqli_fetch_row(mysqli_query($link, "select userlevel from ".DB_PREFIX."system_users where user_ID='$_SESSION[user_id]'"));
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
}else{
logout();
}
}else{
header("Location: index.php");
exit();
}
}
}
// End page protect function// function oci_escape_string($string) {
// return str_replace(array('"', "'", '\\'), array('\\"', '\\\'', '\\\\'), $string);
// }
// Data filtering function
function filter($data) {
global $link;
$data = trim(htmlentities(strip_tags($data)));
if (get_magic_quotes_gpc())
$data = stripslashes($data);
// $data = oci_escape_string($data);
return $data;
}
function EncodeURL($url) {
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}
function DecodeURL($url) {
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}
function ChopStr($str, $len){
if (strlen($str) < $len)
return $str;
$str = substr($str,0,$len);
if ($spc_pos = strrpos($str," "))
$str = substr($str,0,$spc_pos);
return $str . "...";
}
// Email Validation function
function isEmail($email){ return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE; }
// Username Validation Faunction
function isUserID($username) { if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) { return true; } else { return false; } }
// URL Validation Function
function isURL($url) {
if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
return true;
}else{
return false;
}
}
//add http to URL
function addhttp($url) {
if (!preg_match("~^(?:f|ht)tps?://~i", $url)) {
$url = "http://" . $url;
}
return $url;
}
// Password Checker function
function checkPwd($x,$y) {
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 8 || strlen($y) < 8) { return false; }
if (strcmp($x,$y) != 0) {
return false;
}
return true;
}
// Password Generator function
function GenPwd($length = 7) {
$password = "";
$possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels
$i = 0;
while ($i < $length) {
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
return $password;
}
// Key Generator or use Password Generator as alternative function
function GenKey($length = 7)
{
$password = "";
$possible = "0123456789abcdefghijkmnopqrstuvwxyz";
$i = 0;
while ($i < $length)
{
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
if (!strstr($password, $char))
{
$password .= $char;
$i++;
}
}
return $password;
}
// Logout Function
function logout()
{
global $link;
session_start();
$rdirect = baseurl(url()).$_SESSION['oldURL'];
if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id']))
{
mysqli_query($link, "update `".DB_PREFIX."system_users` SET `ckey`= '', `ctime`= '' WHERE `user_ID`='$_SESSION[user_id]' OR `user_ID` = '$_COOKIE[user_id]'") or die(mysqli_error());
}
/************ Delete the sessions****************/
unset($_SESSION['user_id']);
unset($_SESSION['user_name']);
unset($_SESSION['user_level']);
unset($_SESSION['HTTP_USER_AGENT']);
session_unset();
session_destroy();
/* Delete the cookies*******************/
setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
if(isset($rdirect)){ header('Location: index.php'); }
else { header('Location: index.php'); }
}
// Password and salt generation (password encryption)
function PwdHash($pwd, $salt = null)
{
if ($salt === null)
{
$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
}
else
{
$salt = substr($salt, 0, SALT_LENGTH);
}
return $salt . sha1($pwd . $salt);
}
// Check User Levels
function Admin()
{ // Administrator
if($_SESSION['user_level'] == ADMIN_LEVEL) { return 1; }else{ return 0 ; }
}
function Student()
{ // student
if($_SESSION['user_level'] == STUDENT_LEVEL) { return 1; }else{ return 0 ; }
}
function Guest()
{ // guest
if($_SESSION['user_level'] == GUEST_LEVEL) { return 1; }else{ return 0 ; }
}// END FUNCTION SECTION
?>
Пожалуйста, помогите мне с этим. Я застрял на этом уже неделю. Заранее спасибо!
Задача ещё не решена.
Других решений пока нет …