Cookie base64_decode无法正常工作
[英]cookie base64_decode not working correctly
问题描述
Im trying to set a cookie when the user selects the checkbox to remember his data. 
我试图在用户选择复选框以记住其数据时设置cookie。 I´m setting cookie and encoding if checkbox is selected: 如果选中了复选框,我将设置Cookie和编码:
if($f['save'])
{
$cookiesave = base64_encode($adminEmail).'&'.base64_encode($f['pass']);
setcookie('admin',$cookiesave,time()+60*60*24*30,'/');
}
And then I´m decoding 然后我在解码
elseif(!empty($_COOKIE['admin']))
{
$cookie = $_COOKIE['admin'];
$cookie = explode('&',$cookie);
$f['email'] = base64_decode($cookie[0]);
$f['pass'] = base64_decode($cookie[1]);
$f['save'] = 1;
}
But despite being doing the decode, the input appears with encrypted password. 但是,尽管进行了解码,但输入仍带有加密的密码。 I have reviewed all the code and everything seems to be right ... can see anything wrong? 我检查了所有代码,一切似乎都正确……可以看到任何错误吗?
My full code: 我的完整代码:
<?php
if(isset($_POST['sendLogin']))
{
$f['email'] = mysql_real_escape_string($_POST['email']);
$f['pass'] = mysql_real_escape_string($_POST['pass']);
$f['save'] = mysql_real_escape_string($_POST['remember']);
$autEmail = $f['email'];
$autSenha = md5($f['pass']);
$readAdmin = read('admins',"WHERE email = '$adminEmail'");
if($readADmin){
foreach($readAdmin as $admin);
if($adminEmail == $admin['email'] && $adminPass == $admin['pass'])
{
if($f['save'])
{
$cookiesave = base64_encode($adminEmail).'&'.base64_encode($f['pass']);
setcookie('admin',$cookiesave,time()+60*60*24*30,'/');
}
else
{
setcookie('admin','',time()+3600,'/');
}
}
else
{
echo 'Wrong Password';
}
}
else
{
echo 'Email dont exist in DB';
}
}
}
elseif(!empty($_COOKIE['admin']))
{
$cookie = $_COOKIE['admin'];
$cookie = explode('&',$cookie);
$f['email'] = base64_decode($cookie[0]);
$f['pass'] = base64_decode($cookie[1]);
$f['save'] = 1;
}
echo '<pre>';
print_r($cookie);
echo
'</pre>';
?>
<?php
if(!isset($_GET['remember']))
{
?>
<form name="login" action="" method="post">
<label>
<span>Email:</span>
<input type="text" class="radius" name="email" value="<?php if(isset($f['email'])) echo $f['email']; ?>" />
</label>
<label>
<span>Password:</span>
<input type="password" class="radius" name="pass" value="<?php if(isset($f['pass'])) echo $f['pass']; ?>" />
</label>
<input type="submit" value="Login" name="sendLogin" class="btn" />
<div class="remember">
<input type="checkbox" name="remember" value="1" <?php if(isset($f['save'])) echo 'checked="checked"' ?> />
Remember Acess data!
</div>
</form>
<?php
}
1 个解决方案
解决方案1
1 已采纳 2014-03-18 20:43:14
This is a tested login form (PHP 5.3.18). 这是一个经过测试的登录表单(PHP 5.3.18)。 The comments at the start of the script explains how it works and how to use it. 脚本开头的注释说明了它的工作方式和使用方法。
<?php
/*
* Q22459571
*
* a Login script:
*
* There are three actions it will do:
*
* 1) Display a login screen and process the results
*
* 2) Logout a user who has been 'remembered' or 'saved' see 'admin' cookie.
*
* 3) Automatically login a user from the details in the admin' cookie.
*
* The script action is controlled by a parameter in the URL called 'action'.
*
* The 'action' values and results are as follows:
*
* 1) action='login' : will clear any cookies and force the login screen to be shown
*
* 2) action='logout' : will clear any cookies and exit the script
*
* 3) missing 'action' parameter : a) try and login using the 'admin' cookie.
* b) show the login screen if not
* able to login.
*
* The result of the script will be saved in a '$userAuth' array as follows:
*
* 1) 'email' => user email address as stored on the db.
* 2) 'passhash' => MD5 hash as stored on the database
* 3) 'remember' => boolean to indicate that the user can be logged in
* via the 'admin' cookie
* 4) 'loginMethod' => '', 'cookie', 'form'
* 5) 'loginSuccess'=> true | false
*
*/
/*
* We will use 'mysqli' functions, prepared queries and 'bind' variables/values
*/
/*
* User table:
*
* store password as a 'salted' hash
*
* Columns: 1) email -- unique id for an admin
* 2) passhash -- password as a MD5 hash
* 3) salt -- random string that we will use as a prefix to the plaintext password
* before we take the md5 hash.
*/
// database connection...
$mysqlDb = mysqli_connect('localhost', 'test', 'test', 'testmysql');
// User Authorization details will always be in here...
$userAuth = array( 'email' => '', 'passhash' => '', 'remember' => false,
'loginMethod' => '', 'loginSuccess' => false);
// set the login action so we can use it later
$loginAction = isset($_GET['action']) ? $_GET['action'] : '';
/*
* see what the URL action is
*/
if ($loginAction == 'logout')
{
setcookie('admin', '' , 0, '/'); // delete cookie
echo 'user logged out'; // do what you wish here
exit; // leave the script
}
if ($loginAction == 'login')
{
if (!empty($_COOKIE['admin'])) // clear the cookie to force login
{
setcookie('admin', '' , time() + 3600, '/'); // will be empty next time
}
}
elseif (!empty($_COOKIE['admin'])) // The cookie should be encrypted -- not in this version.
{
$cookie = $_COOKIE['admin'];
$emailLen = substr($cookie, 0, 3); // get the length
$b64 = substr($cookie, 3); // get b64 encoded string
$b64decoded = base64_decode($b64); // convert back to original string
// split it up...
$userAuth['email'] = substr($b64decoded, 0, $emailLen);
$userAuth['passhash'] = substr($b64decoded, $emailLen);
$userAuth['remember' ] = 1;
// ensure user is in the database and the details match...
$sql = 'SELECT email, salt from admins WHERE email = ? and passhash = ? limit 1';
$query = mysqli_prepare($mysqlDb, $sql);
$allOk = mysqli_stmt_bind_param($query, 'ss', $userAuth['email'], $userAuth['passhash']);
$allOk = mysqli_execute($query);
$queryResult = mysqli_stmt_get_result($query);
$admin = mysqli_fetch_array($queryResult);
$userAuth['loginMethod'] = 'cookie';
$userAuth['loginSuccess'] = !empty($admin['email'])
&& $admin['email'] === $userAuth['email'];
if ($userAuth['loginSuccess'])
{
echo 'user: ', $userAuth['email'], ' was logged in via the cookie...';
exit;
}
else
{
echo 'user: ', $userAuth['email'], ' cookie details are wrong!!';
exit;
}
}
/*
* We may have a login request that we need to check...
*/
if (isset($_POST['sendLogin'])) // new login attempt
{
$userAuth['loginMethod'] = 'form';
$userAuth['loginSuccess'] = false;
$userAuth['email'] = mysqli_real_escape_string($mysqlDb, $_POST['email']);
$userPass = mysqli_real_escape_string($mysqlDb, $_POST['pass']);
$userAuth['remember'] = mysqli_real_escape_string($mysqlDb, $_POST['remember']);
// will use prepared queries and bind parameters as required
$sql = 'SELECT email, passhash, salt from admins WHERE email = ? limit 1';
$query = mysqli_prepare($mysqlDb, $sql);
$allOk = mysqli_stmt_bind_param($query, 's', $userAuth['email']);
$allOk = mysqli_execute($query);
$queryResult = mysqli_stmt_get_result($query);
$admin = mysqli_fetch_array($queryResult); // admin details
if ( !empty($userAuth['email']) && $userAuth['email'] == $admin['email']
&& !empty($userPass))
{
// calculate the MD5 hash and assume it is ok
$userAuth['passhash'] = md5($admin['salt'] . $userPass);
}
if (!empty($userAuth['passhash']) && $userAuth['passhash'] === $admin['passhash']) // passwords must have matched
{
$userAuth['loginSuccess'] = true;
if ($userAuth['remember' ])
{
$emailLen = sprintf('%03u', strlen($userAuth['email']));
$cookiesave = $emailLen . base64_encode($userAuth['email'] . $userAuth['passhash']);
setcookie('admin', $cookiesave, time() + 60 * 60 * 24 * 30, '/');
}
else
{
setcookie('admin', '' , 0, '/'); // delete cookie
}
}
else
{
setcookie('admin', '' , 0, '/'); // delete cookie if unsuccessful login
echo 'Wrong Email / Password or both';
}
} // end of form login
// if successful login
if ($userAuth['loginSuccess'])
{
echo 'user: ', $userAuth['email'], ' is logged in via: ', $userAuth['loginMethod'];
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Enter Login Details</title>
</head>
<body>
<form name="login" action="/testmysql/Q22459571_cookie_base64.php
" method="post">
<label>
<span>Email:</span>
<input type="text" class="radius" name="email" value="<?php echo $userAuth['email']; ?>" />
</label>
<label>
<span>Password:</span>
<input type="password" class="radius" name="pass" value="" />
</label>
<div class="remember">
<input type="checkbox" id="remember" name="remember" value="1" <?php echo 'checked="checked"' ?> />
<label for="remember">Remember Me!</label>
</div>
<input type="submit" value="Login" name="sendLogin" class="btn" />
</form>
</body>
</html>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
base64_decode对PHP不起作用 - base64_decode not working for PHP
base64_decode问题 - base64_decode problem
PHP Base64_decode - PHP Base64_decode
php base64_decode函数在实时服务器上无法正常工作 - php base64_decode function working incorrectly on live server
Php | 验证base64_decode为图像| 不工作 - Php | validate base64_decode as image | Not working
如何解码 php base64_decode - how to decode php base64_decode
Symfony2-树枝中的base64_decode - Symfony2 - base64_decode in twig
base64_decode省略一个字节 - base64_decode omits one byte
PHP base64_decode! “@”出现为“¡” - PHP base64_decode! “@” comes out as a “¡”
base64_decode返回null - base64_decode returns null
相关标签