[英]Login and Sessions with PHP
我正在使用的登錄腳本有問題,我添加了密碼解密部分,因為我使用 password_hasf 函數加密了密碼。 由於我是 php 新手,我很難解決這個問題。 我希望你們能幫我解決這個問題。 謝謝!
以下是登錄代碼:
*<?php
session_start();
include "../config.php";
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
// dehashing
$sql = "SELECT COUNT * FROM tbl_user WHERE username='$username' AND
password='$password'";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_assoc($result);
$pwd_hash = $row['password'];
$hash = password_verify($row,$pwd_hash);
if($hash == FALSE){
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.');
</script>";
} else {
$sql = "SELECT uid,username,password,activated FROM tbl_user WHERE
username='$username' AND password='$password'";
$result = mysqli_query($con,$sql);
$login_variables = mysqli_fetch_array($result);
$_SESSION['login_username']=$login_variables['username'];
if(isset($_SESSION['login_username'])){
echo "<script type='text/javascript'>alert ('You are now logged in as ".
$_SESSION['login_username'] ."'); document.location.href='../index.php'
</script>";
} else {
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.');
document.location.href='javascript: history.go(-1)'</script>";
exit;
}
}
?>
還有我的索引:
*<?php
header("location: list.php");
?>*
還有我的清單:
*<?php
session_start();
if(!isset($_SESSION['login_username']))
{
header("location: ../login.php");
exit;
}
?>*
清單上有一些 html 表格和東西。
錯別字:
*<?php
session_start();
include "../config.php"; //database connection
$username = $_REQUEST['username']; //information from login form
$password = $_REQUEST['password']; //information from login form
$sql = "SELECT uid,username,password FROM tbl_user WHERE username='$username' AND password='$password'";
$result = mysqli_query($con,$sql);
$login_variables = mysqli_fetch_array($result);
$_SESSION = array(
'sess_username' => $login_variables['username'],
'sees_password' => $login_variables['password']
);
if(isset($_SESSION['sess_username']) && isset($_SESSION['sees_password']))
{
header ("location: ../index.php");
}
else
{
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.'); document.location.href='javascript: history.go(-1)'</script>";
}
?>*
和
*<?php
session_start();
if(!isset($_SESSION['sess_username']) && ($_SESSION['sees_password']))
{
header("location: ../login.php");
}
?>*
你不告訴我們你有什么問題。 除了為 sql 注入打開自己的代碼之外,您還可以嘗試更改
$_SESSION = array(
'sess_username' => $login_variables['username'],
'sees_password' => $login_variables['password']
);
到
$_SESSION['sess_username']=$login_variables['username'];
$_SESSION['sees_password']=$login_variables['password'];
編輯:如果您要存儲登錄詳細信息,例如:
INSERT INTO table (username,password) VALUES ('{$user}',password_hash($pass) );
然后你可以使用
$sql = "SELECT COUNT * FROM tbl_user WHERE username='$username' AND
password='".password_hash($password)."'";
檢索相關信息
在代碼中,您有一個“sess_username”,其余的是“sees_username”。 那將阻止它工作!
該站點的漏洞和密碼保密性,如果登錄后有效,您就可以改進。
登錄代碼:
*<?php
session_start();
include "../config.php"; //database connection
$username = $_REQUEST['username']; //information from login form
$password = $_REQUEST['password']; //information from login form
$sql = "SELECT uid,username,password FROM tbl_user WHERE username='$username' AND password='$password'";
$result = mysqli_query($con,$sql);
$login_variables = mysqli_fetch_array($result);
$_SESSION['sess_username'] = $login_variables['username'];
$_SESSION['sess_password'] = $login_variables['password'];
if(isset($_SESSION['sess_username']) && isset($_SESSION['sess_password']))
{
header ("location: ../index.php");
}
else
{
echo "<script type='text/javascript'>alert ('Sorry! Cannot login.'); document.location.href='javascript: history.go(-1)'</script>";
}
?>*
指數:
*<?php
header("location: list.php");
?>*
列表:
*<?php
session_start();
if(!isset($_SESSION['sess_username']) && ($_SESSION['sess_password']))
{
header("location: ../login.php");
exit;
}
?>*
您是否有機會被重定向回並陷入循環?
if(!isset($_SESSION['sees_username']) && ($_SESSION['sees_password']))
?
改成
if(!isset($_SESSION['sees_username']) && !isset($_SESSION['sees_password']))
在你的 index.php
因為一個將檢查密碼是否存在,另一個將檢查用戶名是否未設置
因此,在您的代碼中,如果滿足 stamenent,它將重定向到登錄為條件 2
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.