-2

こんにちは、

PHP スクリプトとログイン フォームがありますが、ログインしようとしてもエラーは表示されません。ログインしようとすると、ユーザー名とパスワードのフィールドがクリアされます。通じません。

以下は私のコードです。

<?php session_start(); ?>
<?php ob_start(); ?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 
header("Cache-Control: post-check=0, pre-check=0", false); 
header("Pragma: no-cache"); // HTTP/1.0 
?>
<?php include ("db.php") ?>
<?php include ("phpmkrfn.php") ?>


<?php

// User levels
define("ewAllowAdd", 1, true);
define("ewAllowDelete", 2, true);
define("ewAllowEdit", 4, true);
define("ewAllowView", 8, true);
define("ewAllowList", 8, true);
define("ewAllowReport", 8, true);
define("ewAllowSearch", 8, true);                                                                                                                       
define("ewAllowAdmin", 16, true);   
if (@$HTTP_POST_VARS["submit"] <> "") {
$bValidPwd = false;

// Setup variables
$sUserId = @$HTTP_POST_VARS["userid"];
$sPassWd = @$HTTP_POST_VARS["passwd"];
if (!($bValidPwd)) {
        $conn = phpmkr_db_connect(HOST, USER, PASS,DB);
    //$sUserId = (!get_magic_quotes_gpc()) ? addslashes($sUserId) : $sUserId;
        $sSql = "SELECT * FROM `users`";
        $sSql .= " WHERE `username` = '" . $sUserId . "'";
        $rs = phpmkr_query($sSql,$conn) or die("Failed to execute query" . phpmkr_error() . ' SQL:' . $sSql);
        if (phpmkr_num_rows($rs) > 0) {
        $row = phpmkr_fetch_array($rs);
            if (strtoupper($row["password"]) == strtoupper($sPassWd)) {         $HTTP_SESSION_VARS["talkto_me_status_User"] = $row["username"];                 $HTTP_SESSION_VARS["talkto_me_status_zita"] =      $row["Full_Name"];                         $HTTP_SESSION_VARS["talkto_me_status_UserLevel"] = $row["security_id"];
                $bValidPwd = true;
                header("Location: index.php");
            }
        }
phpmkr_free_result($rs);
phpmkr_db_close($conn);
}
if ($bValidPwd) {
    SetUpUserLevel();

    // Write cookies
    if (@$HTTP_POST_VARS["rememberme"] <> "") {
        setCookie("talkto_me_userid", $sUserId, time()+365*24*60*60);
    }
    $HTTP_SESSION_VARS["talkto_me_status"] = "login";
    ob_end_clean();
    header("Location: index.php");
    exit();
} else {
    $HTTP_SESSION_VARS["ewmsg"] = "Incorrect user ID or password";
}
}

function SetUpUserLevel()
{
global $HTTP_SESSION_VARS;
$arrSecurity[0][1] = "support"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
    $HTTP_SESSION_VARS["support_menuitem"] = true;
}
$arrSecurity[1][0] = "General_User"; // User Level Name
$arrSecurity[1][1] = 12; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
    $HTTP_SESSION_VARS["support_menuitem"] = (12 & ewAllowList);
}
$arrSecurity[0][2] = "users"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
    $HTTP_SESSION_VARS["users_menuitem"] = true;
}
$arrSecurity[1][2] = 0; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
    $HTTP_SESSION_VARS["users_menuitem"] = (0 & ewAllowList);
}
$arrSecurity[0][3] = "open_calls_report"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
    $HTTP_SESSION_VARS["open_calls_report_menuitem"] = true;
}
$arrSecurity[1][3] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
    $HTTP_SESSION_VARS["open_calls_report_menuitem"] = (8 & ewAllowList);
}
$arrSecurity[0][4] = "calls_by_number"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
    $HTTP_SESSION_VARS["calls_by_number_menuitem"] = true;
}
$arrSecurity[1][4] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
    $HTTP_SESSION_VARS["calls_by_number_menuitem"] = (8 & ewAllowList);
}
$arrSecurity[0][5] = "escalated_calls"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
    $HTTP_SESSION_VARS["escalated_calls_menuitem"] = true;
}
$arrSecurity[1][5] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
    $HTTP_SESSION_VARS["escalated_calls_menuitem"] = (8 & ewAllowList);
}
$arrSecurity[0][6] = "calls_attended_by_technician"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
    $HTTP_SESSION_VARS["calls_attended_by_technician_menuitem"] = true;
}
$arrSecurity[1][6] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
    $HTTP_SESSION_VARS["calls_attended_by_technician_menuitem"] = (8 &    ewAllowList);
}
$arrSecurity[0][7] = "calls_attended_today"; // Table Name
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == -1) {
    $HTTP_SESSION_VARS["calls_attended_today_menuitem"] = true;
}
$arrSecurity[1][7] = 8; // User Level Security
if (@$HTTP_SESSION_VARS["talkto_me_status_UserLevel"] == 1) {
    $HTTP_SESSION_VARS["calls_attended_today_menuitem"] = (8 & ewAllowList);
}
$HTTP_SESSION_VARS["ewSecurity"] = $arrSecurity; // Save Security Table
}
?>
<?php include ("header.php") ?>
<script type="text/javascript" src="ew.js"></script>
<script type="text/javascript">

function EW_checkMyForm(EW_this) {
if (!EW_hasValue(EW_this.userid, "TEXT" )) {
    if  (!EW_onError(EW_this, EW_this.userid, "TEXT", "Please enter user ID"))
        return false;
}
if (!EW_hasValue(EW_this.passwd, "PASSWORD" )) {        if     (!EW_onError(EW_this, EW_this.passwd, "PASSWORD", "Please enter password"))
        return false;
}
return true;
}


</script>
<p> <span class="phpmaker">Login Page</span></p>
<?php
if (@$HTTP_SESSION_VARS["ewmsg"] <> "") {
?>
   <p><span class="phpmaker" style="color: Red;"><?php echo   $HTTP_SESSION_VARS["ewmsg"]; ?  >    </span></p>
<?php
$HTTP_SESSION_VARS["ewmsg"] = ""; // Clear message
}
?>
<form action="" method="post" onSubmit="return EW_checkMyForm(this);">
<table border="0" cellspacing="0" cellpadding="4">
<tr>
    <td><span class="phpmaker">User Name</span></td>
    <td><span class="phpmaker"><input type="text" name="userid" size="20"     value="<?php echo @$HTTP_COOKIE_VARS["talkto_me_userid"]; ?>"></span></td>
</tr>
<tr>
    <td><span class="phpmaker">Password</span></td>
    <td><span class="phpmaker"><input type="password" name="passwd" size="20">    </span></td>
</tr>
    <tr>
    <td>&nbsp;</td>
    <td><span class="phpmaker"><input type="checkbox" name="rememberme"         value="true">Remember me</span></td>
</tr>
<tr>
<td colspan="2" align="center"><span class="phpmaker"><input type="submit"        name="submit" value="Login"></span></td>
</tr>
</table>
</form>
<br>
<p><span class="phpmaker">
</span></p>
<?php include ("footer.php") ?>

前もって感謝します...

4

1 に答える 1

0

データベースに問題がない場合は、$_POST代わりに使用してください@$HTTP_POST_VARS

于 2013-02-11T12:29:54.033 に答える