php - Index.php 导致实时网站出现空警报

Question

所以我的index.php有我的默认页面。它在 xampp 上运行良好。因此，我将整个网站上传到 1&1(我的域/托管提供商)，当我尝试访问我的域时，我收到一个空警报，没有消息，页面完全空白。

我将文件名更改为index.html，网页加载得很好。所以我知道它一定是带有 .php 扩展名或我的代码的东西。

我还添加了一个名为 .htaccess 的文件，它仅包含:

DirectoryIndex index.php

这是我在index.php顶部的php代码(用*s替换敏感信息):

<?php

//Connect to a database
  $host_name  = "******.db.1and1.com";
  $database   = "db****";
  $user_name  = "dbo******";
  $password   = "***z.0**";

  $connect = mysqli_connect($host_name, $user_name, $password, $database);
  //    echo("nice job");

//Take the values from the html form and assign them to variables
  $ID = $_POST['name'];
  $userpassword = $_POST['password'];

//If no passsowrd entered then go straight to index.php
  echo "<script type='text/javascript'>alert($userpassword);</script>";
  if ($userpassword == null) {
    header("Location: http://localhost:82/index3.php");
    die();
  }

//Check to see if the password matches the hashes
  if (md5($userpassword) === '******************' 
      or md5($userpassword) === '***********' 
      or md5($userpassword) === '****************' 
      or md5($userpassword) === '**************') 
 {
 //Add the visitor name to our list
    mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES  ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
      //    echo "You have entered the correct password, congrats.";

  // Start the session so they can access other pages
    session_start();
    $_SESSION['loggedIn'] = true;
  // Redirect them to rest of site
    header("Location: http://localhost:82/home.php");
    die();
   }

    else {
    header("Refresh: 0; url=index2.php");
    echo "<script type='text/javascript'>alert(\"Wrong Password. Check your     invitation card.\");</script>";

  }
  ?>

Answer 1

由于 $_POST 请求仅在您提交表单后发出，因此您只需在 $_POST["name"情况下执行用户名和密码检查] 和 $_POST["password"] 存在。

因此在使用和操作之前给出一个 if 语句 if(isset($_POST['name']) && isset($_POST['password'])) $_POST 变量。另外 session_start() 应在脚本顶部给出。

下面是您的完整代码，包括检查

<?php
session_start();
// session start should be at top of your script

error_reporting(E_ERROR); // reports only errors

//Connect to a database

$host_name  = "******.db.1and1.com";
$database   = "db****";
$user_name  = "dbo******";
$password   = "***z.0**";

$connect = mysqli_connect($host_name, $user_name, $password, $database);

// $_POST request comes only when form is submitted in your case. So check for $_POST['name'] and $_POST['password']

if(isset($_POST['name']) && isset($_POST['password'])) 
{

        $ID = $_POST['name'];
        $userpassword = $_POST['password'];

        //If no passsowrd entered then go straight to index.php

        if ($userpassword == null)
        {
                echo "<script type='text/javascript'>alert("Empty Password");</script>";
                header("Location: http://localhost:82/index3.php");
                die();
        }

        //Check to see if the password matches the hashes

        if (md5($userpassword) === '******************' 
                  or md5($userpassword) === '***********' 
                  or md5($userpassword) === '****************' 
                  or md5($userpassword) === '**************') 
       {

             //Add the visitor name to our list

             mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES  ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));

              $_SESSION['loggedIn'] = true;

              // Redirect them to rest of site

              header("Location: http://localhost:82/home.php");
              die();
         }
         else
         {
               echo "<script type='text/javascript'>alert(\"Wrong Password. Check your     invitation card.\");</script>";

               header("Refresh: 0; url=index2.php");

        }

  }
  ?>