[英]What is the right way to send a password through JavaScript AJAX to PHP?
I have tried a few methods, I have confirmed that it's a special character problem ie. 我尝试了几种方法,我确认这是一个特殊字符问题。 I tried a simple password combination that only included letters/numbers and that worked.
我尝试了一个仅包含字母/数字且有效的简单密码组合。
Since I stopped using jQuery this is the first time I've had a problem where password_verify would not work. 自从我停止使用jQuery以来,这是我第一次遇到密码无法验证的问题。 I did make sure as I mentioned above it wasn't anything wrong with password_verify.
我确实确保如上所述,password_verify没问题。
So I get my password input and I join it with the username like this: 所以我得到了密码输入,并使用如下用户名将其加入:
var params = null,
paramObj = {};
paramObj['user'] = loginInpUser.value;
paramObj['pass'] = loginInpPass.value;
params = encodeURI('post_params='+JSON.stringify(paramObj));
On the PHP side I receive this in POST like so: 在PHP方面,我在POST中收到此消息,如下所示:
$post_params = json_decode($_POST['post_params'], true);
$user = $post_params['user'];
$pass = $post_params['pass'];
I did make sure I get matching values from what I send on the client side, to what PHP gets ie. 我确实确保我从客户端发送的内容与PHP获取的内容匹配值。 echo out $user and $pass, they match exactly... the special characters in question are:
回显$ user和$ pass,它们完全匹配...有问题的特殊字符是:
)(#$$%)(
I haven't even tried to throw in a & in there which may cause problems with how you concatenate the parameters before sending them with an XMLHttpRequest. 我什至没有尝试在其中添加&,这可能会导致在使用XMLHttpRequest发送参数之前将参数连接在一起的方式出现问题。
So what is the right way to do this where special characters are still parsed correctly (password_verify matches hash with password)? 那么在仍然正确解析特殊字符(password_verify将哈希与密码匹配)的情况下,正确的方法是什么?
There is a reason to not use jQuery for me it was to lower file download speed-use async tags. 我不使用jQuery是有原因的,它是为了降低文件下载速度,请使用异步标签。
Edit: 编辑:
Weird thing with hashes: 带有哈希值的怪异事物:
I just needed a basic login system so I didn't bother with a register form, I created a hashing function that used password_hash and inserted it into a db. 我只需要一个基本的登录系统,所以不必理会注册表单,我创建了一个使用password_hash的哈希函数并将其插入到数据库中。 I noticed that using
我注意到使用
$pass = "password with special chars";
Would fail, the error would say that something inside the string was an undefined variable (string is cut up, I guess a parsing error). 将会失败,该错误将表明字符串中的某些内容是未定义的变量(字符串被截断,我想是解析错误)。
But using 但是使用
$pass = 'password with special chars';
This was fine. 很好
You should either send the entire request as JSON, or URL-encoded; 您应该以JSON或URL编码的形式发送整个请求; a mix of both is rather weird:
两者的混合很奇怪:
var params = 'user=' + encodeURIComponent(loginInpUser.value) + '&pass=' + encodeURIComponent(loginInpPass.value);
$user = $_POST['user'];
$pass = $_POST['pass'];
Or: 要么:
var params = JSON.stringify({ user: loginInpUser.value, pass: loginInpPass.value })
$params = json_decode(file_get_contents('php://input'), true);
echo $params['user'], $params['pass'];
This properly preserves arbitrary "special" characters correctly. 这样可以正确地正确保留任意“特殊”字符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.