个人中心
文章发布
退出
作者热门文章
- Java 双重比较
- java - 比较器与 Apache BeanComparator
- Objective-C 完成 block 导致额外的方法调用?
- database - RESTful URI 是否应该公开数据库主键?
24
4
我想创建一个网页,用户在其中输入登录名和密码,他将被重定向到另一个网页。
登录名和密码由管理员提供,密码应该经过哈希处理。我尝试使用我在互联网上找到的代码(我做了一些更改)但它对我不起作用(我认为原因是散列密码)请告诉我错误在哪里。
所用代码的链接:http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
(目前我在数据库中插入了一行包含示例中提到的登录名和密码)
我使用示例中给出的密码测试了我的代码:
登录:登录1 密码:6ZaxN2Vzm9NUJT2y为了能够以该用户身份登录,您需要的代码是:
INSERT INTO enquete.Etablissement VALUES(1, 'test_user', login1, '00807432eae173f652f2064bdca1b61b290b52d40e429a7d295d76a71084aa96c0233b82f1feac45529e0726559645acaed6f3ae58a286b9f075916ebf66cacc', 'f9aab579fc1b41ed0c44fe4ecdbfcdb4cb99b9023abb241a6db833288f4eea3c02f76e0d35204a8695077dcf81932aa59006423976224be0390395bae152d4ef');
Login.html页面:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8 " />
<title>Log In</title>
<script type="text/JavaScript" src="./sha512.js"></script>
<script type="text/JavaScript" src="./forms.js"></script>
</head>
<body>
<?php
if(isset($_GET['error'])) {
echo 'Error Logging In!';
}
?>
<form action="process_login.php" method="post" name="login_form">
Email: <input type="text" name="LoginEtab" />
Password: <input type="text" name="PwdEtab" id="PwdEtab"/>
<input type="button" value="Login" onclick="formhash(this.form, this.form.PwdEtab);" />
</form>
</body>
</html>
Forms.js 页面:
function formhash(form, PwdEtab) {
// Create a new element input, this will be our hashed password field.
var p = document.createElement("input");
// Add the new element to our form.
form.appendChild(p);
p.name = "p";
p.type = "hidden";
p.value = hex_sha512(PwdEtab.value);
// Make sure the plaintext password doesn't get sent.
p.value = "";
// Finally submit the form.
form.submit();
}
process_login.php页面:
<?php
include 'db_connect.php';
include 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['LoginEtab'], $_POST['p'])) {
$LoginEtab = $_POST['LoginEtab'];
$PwdEtab = $_POST['p']; // The hashed password.
if (login($LoginEtab, $PwdEtab, $mysqli) == true)
{
// Login success
header('Location: ./protected_page.html');
} else {
// Login failed
header('Location: ./index.php?error=1');
}
} else {
// The correct POST variables were not sent to this page.
echo 'Invalid Request';
}
?>
functions.php 页面:
<?php
include 'psl-config.php';
function sec_session_start() {
$session_name = 'MyOwnsession'; // Set a custom session name
$secure = SECURE;
// This stops JavaScript being able to access the session id.
$httponly = true;
// Forces sessions to only use cookies.
ini_set('session.use_only_cookies', 1);
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
// Sets the session name to the one set above.
session_name($session_name);
session_start(); // Start the PHP session
session_regenerate_id(); // regenerated the session, delete the old one.
}
function login($LoginEtab, $PwdEtab, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT IDEtablissement , LoginEtab, PwdEtab, salt FROM etablissement WHERE LoginEtab = ? LIMIT 1"))
{
$stmt->bind_param('s', $LoginEtab); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($db_IDEtablissement, $db_LoginEtab, $db_PwdEtab, $salt);
$stmt->fetch();
// hash the password with the unique salt.
$PwdEtab = hash('sha512', $PwdEtab . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
echo"text";
// Check if the password in the database matches
// the password the user submitted.
if ($db_PwdEtab == $PwdEtab) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$db_IDEtablissement = preg_replace("/[^0-9]+/", "", $db_IDEtablissement);
$_SESSION['db_IDEtablissement'] = $db_IDEtablissement;
// XSS protection as we might print this value
$db_LoginEtab = preg_replace("/[^a-zA-Z0-9_\-]+/","",$db_LoginEtab);
$_SESSION['db_LoginEtab'] = $db_LoginEtab;
$_SESSION['login_string'] = hash('sha512',$PwdEtab .$user_browser);
// Login successful.
return true;
echo"false2";
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
echo"false1";
}
}
} else {
// No user exists.
return false;
echo"false";
}
}
?>
db_connect.php 页面
<?php
include 'psl-config.php'; // Needed because functions.php is not included
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
?>
psl-config.php'页面:
<?php
/**
* These are the database login details
*/
define("HOST", "localhost"); // The host you want to connect to.
define("USER", "root"); // The database username.
define("PASSWORD", ""); // The database password.
define("DATABASE", "enquete"); // The database name.
define("SECURE", FALSE);
?>
更新:我总是被重定向到索引页面 :header('Location: ./index.php?error=1');
appach 日志是:
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant HOST already defined in C:\\wamp\\www\\loginSecurity\\psl-config.php on line 5, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:\\wamp\\www\\loginSecurity\\process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:\\wamp\\www\\loginSecurity\\process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:\\wamp\\www\\loginSecurity\\functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:\\wamp\\www\\loginSecurity\\psl-config.php:5, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant USER already defined in C:\\wamp\\www\\loginSecurity\\psl-config.php on line 6, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:\\wamp\\www\\loginSecurity\\process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:\\wamp\\www\\loginSecurity\\process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:\\wamp\\www\\loginSecurity\\functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:\\wamp\\www\\loginSecurity\\psl-config.php:6, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant PASSWORD already defined in C:\\wamp\\www\\loginSecurity\\psl-config.php on line 7, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:\\wamp\\www\\loginSecurity\\process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:\\wamp\\www\\loginSecurity\\process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:\\wamp\\www\\loginSecurity\\functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:\\wamp\\www\\loginSecurity\\psl-config.php:7, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant DATABASE already defined in C:\\wamp\\www\\loginSecurity\\psl-config.php on line 8, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:\\wamp\\www\\loginSecurity\\process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:\\wamp\\www\\loginSecurity\\process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:\\wamp\\www\\loginSecurity\\functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:\\wamp\\www\\loginSecurity\\psl-config.php:8, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant SECURE already defined in C:\\wamp\\www\\loginSecurity\\psl-config.php on line 18, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:\\wamp\\www\\loginSecurity\\process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:\\wamp\\www\\loginSecurity\\process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:\\wamp\\www\\loginSecurity\\functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:\\wamp\\www\\loginSecurity\\psl-config.php:18, referer: http://localhost/loginSecurity/login.html
更新我发现问题出在哪里 :) 我必须添加到我的代码中
$PwdEtab = hash('sha512', $PwdEtab );
在登录函数中加盐的散列之前
最佳答案
您两次包含文件 psl-config.php,如果需要,请尝试 include_once 而不是 include
****** EDIT ******
让它发挥作用。
首先,散列一个新密码:
include_once 'psl-config.php';
$user = 'admin';
$pass = '123';
$token = 'test';
$password = hash('sha512', $pass . $token);
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
$stmt = $mysqli->prepare("UPDATE etablissement SET LoginEtab = '{$user}', PwdEtab = '{$password}', salt = '{$token}' WHERE IDEtablissement = 1");
$stmt->execute();
然后,改变你的形式:
<form action="process_login.php" method="post" name="login_form">
Email: <input type="text" name="LoginEtab" value="admin"/>
<br><br>
Password: <input type="text" name="PwdEtab" id="PwdEtab" value="123"/>
<br><br>
<input type="submit" value="Login"/>
</form>
现在更改 process_login.php:
<?php
include_once 'db_connect.php';
include_once 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['LoginEtab'])) { //<======CHANGE HERE
$LoginEtab = $_POST['LoginEtab'];
$PwdEtab = $_POST['PwdEtab']; // The hashed password. //<======AND HERE
if (login($LoginEtab, $PwdEtab, $mysqli) == true) {
// Login success
header('Location: ./protected_page.html');
} else {
// Login failed
header('Location: ./index.php?error=1');
}
} else {
// The correct POST variables were not sent to this page.
echo 'Invalid Request';
}
瞧瞧。
关于javascript - 带有散列密码的代码 php 无法工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35720776/
24
4
0
我正在 csv 上使用 hadoop 来分析一些数据。我使用sql/mysql(不确定)来分析数据,现在陷入了僵局。 我花了好几个小时在谷歌上搜索,却没有找到任何相关的东西。我需要一个查询,在该查询中
我正在为 Bootstrap 网格布局的“简单”任务而苦苦挣扎。我希望在大视口(viewport)上有 4 列,然后在中型设备上有 2 列,最后在较小的设备上只有 1 列。 当我测试我的代码片段时,似
对于这个令人困惑的标题,我深表歉意,我想不出这个问题的正确措辞。相反,我只会给你背景信息和目标: 这是在一个表中,一个人可能有也可能没有多行数据,这些行可能包含相同的 activity_id 值,也可
具有 3 列的数据库表 - A int , B int , C int 我的问题是: 如何使用 Sequelize 结果找到 A > B + C const countTasks = await Ta
我在通过以下功能编写此查询时遇到问题: 首先按第 2 列 DESC 排序,然后从“不同的第 1 列”中选择 只有 Column1 是 DISTINCT 此查询没有帮助,因为它首先从第 1 列中进行选择
使用 Bootstrap 非常有趣和有帮助,目前我在创建以下需求时遇到问题。 “使用 bootstrap 在桌面上有 4 列,在平板电脑上有 2 列,在移动设备上有 1 列”谁能告诉我正确的结构 最佳
我是 R 新手,正在问一个非常基本的问题。当然,我在尝试从所提供的示例中获取指导的同时做了功课here和 here ,但无法在我的案例中实现这个想法,即可能是由于我的问题中的比较维度更大。 我的实
通常我会使用 R 并执行 merge.by,但这个文件似乎太大了,部门中的任何一台计算机都无法处理它! (任何从事遗传学工作的人的附加信息)本质上,插补似乎删除了 snp ID 的 rs 数字,我只剩
我有一个 df , delta1 delta2 0 -1 2 0 -1 0 0 0 我想知道如何分配 delt
您好,我想知道是否可以执行以下操作。显然,我已经尝试在 phpMyAdmin 中运行它,但出现错误。也许还有另一种方式来编写此查询。 SELECT * FROM eat_eat_restaurants
我有 2 个列表(标题和数据值)。我想要将数据值列 1 匹配并替换为头文件列 1,以获得与 dataValue 列 1 和标题值列 2 匹配的值 头文件 TotalLoad,M0001001 Hois
我有两个不同长度的文件,file2 是一个很大的引用文件,我从中提取文件 1 的数据。 我有一行 awk,我通常会对其进行调整以在我的文件中进行查找和替换,但它总是在同一列中进行查找和替换。 所以对于
假设我有两个表,如下所示。 create table contract( c_ID number(1) primary key, c_name varchar2(50) not
我有一个带有 varchar 列的 H2 表,其检查约束定义如下: CONSTRAINT my_constraint CHECK (varchar_field <> '') 以下插入语句失败,但当我删
这是最少量的代码,可以清楚地说明我的问题: One Two Three 前 2 个 div 应该是 2 个左列。第三个应该占据页面的其余部分。最后,我将添加选项来隐藏和
在 Azure 中的 Log Analytics 中,我为 VM Heartbeat 选择一个预定义查询,我在编辑器中运行查询正常,但当我去创建警报时,我不断收到警报“查询未返回 TimeGenera
在 Azure 中的 Log Analytics 中,我为 VM Heartbeat 选择一个预定义查询,我在编辑器中运行查询正常,但当我去创建警报时,我不断收到警报“查询未返回 TimeGenera
今天我开始使用 JexcelApi 并遇到了这个:当您尝试从特定位置获取元素时,不是像您通常期望的那样使用sheet.getCell(row,col),而是使用sheet.getCell(col,ro
我有一个包含 28 列的数据库。第一列是代码,第二列是名称,其余是值。 public void displayData() { con.Open(); MySqlDataAdapter
我很沮丧:每当我缩小这个网页时,一切都变得一团糟。我如何将网页居中,以便我可以缩小并且元素不会被错误定位。 (它应该是 2 列,但所有内容都合并为 1)我试过 但由于某种原因,这不起作用。 www.o
我是一名优秀的程序员,十分优秀!