【用户验证】这样的思路验证用户是否登录的有没有漏洞、有关问题-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

【用户验证】这样的思路验证用户是否登录的有没有漏洞、有关问题

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 11:59 AM

amp cookie data nbsp this

【用户验证】这样的思路验证用户是否登录的有没有漏洞、问题

本帖最后由 default7 于 2014-05-25 13:31:32 编辑考虑的是服务器最大限度的减少SQL查询。
SESSION如果浏览器关闭就失效，所以改用COOKIE，写了如下方式来检测用户是否登录。

代码如下：

<br>/**<br> * 初始化，用户COOKIE数据验证 by default7#zbphp.com<br> */<br>public function authCheck()<br>{<br>    if (cookie('uid')) {<br>        $uid = cookie('uid');<br>        $umd5 = cookie('umd5');<br>        $udata = cookie('udata');<br>        if (isUid($uid) && isMd5($umd5) && $udata && ($strDecode = authcode($udata, 'DECODE'))<br>            && md5($strDecode) == $umd5 && ($data = json_decode($strDecode)) && $data['uid'] == $uid) {<br><br>            //每隔60s必须查询SQL检测一次<br>            if ($this->time - $data['lastactive'] > self::INTERVAL) {<br>                if (($rsUser = M('Member')->where("mid='$uid'")->getField('mid,uname,pwd,vip,viptime1,viptime2,lastactive,isfbd'))<br>                    && strtolower($rsUser['uname']) == strtolower($data['uname'])<br>                    && strtolower($rsUser['email']) == strtolower($data['email'])<br>                    && md5($rsUser['pwd'].$data['salt']) == $data['upwd']<br>                ) {<br><br>                    if($rsUser['isfbd'] == 't'){<br>                        $this->error('您的账号已被封禁，请联系管理员！');<br>                        $this->resetUser();<br>                        return;<br>                    }<br><br>                    //更新最后在线时间<br>                    M('Member')->setField('lastactive',$this->time);<br><br>                    //重新生成加密密匙<br>                    $data['salt'] = uniqid();<br>                    $data['upwd'] = md5($rsUser['pwd'].$data['salt']);<br><br>                }else{<br><br>                    $this->error('账号信息(邮箱或密码)发生变化，请重新登录！','',U('Member/Index/login?f='.__URL__));<br>                    $this->resetUser();<br>                    return;<br><br>                }<br>            }<br><br>            $data['lastactive'] = $this->time;<br><br>            $this->UserData = $data;<br><br>            $strEncode = json_encode($data);<br><br>            //配置COOKIE默认10天过期<br>            cookie('uid',$data['uid']);<br>            cookie('umd5',md5($strEncode));<br>            cookie('udata',authcode($strEncode,'ENCODE'));<br><br>            return;<br>        }<br><br>        $this->resetUser();<br>    }<br>}<br><br>/**<br> * 注销SESSION 所有<br> *<br> * @return bool<br> */<br>public function resetUser()<div class="clear">
                 
              
              
        
            </div>

Copy after login

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7316

Java Tutorial

1625

CakePHP Tutorial

1349

Laravel Tutorial

1261

PHP Tutorial

1208

Related knowledge

Solution: Your organization requires you to change your PIN Oct 04, 2023 pm 05:45 PM

The message "Your organization has asked you to change your PIN" will appear on the login screen. This happens when the PIN expiration limit is reached on a computer using organization-based account settings, where they have control over personal devices. However, if you set up Windows using a personal account, the error message should ideally not appear. Although this is not always the case. Most users who encounter errors report using their personal accounts. Why does my organization ask me to change my PIN on Windows 11? It's possible that your account is associated with an organization, and your primary approach should be to verify this. Contacting your domain administrator can help! Additionally, misconfigured local policy settings or incorrect registry keys can cause errors. Right now

How to adjust window border settings on Windows 11: Change color and size Sep 22, 2023 am 11:37 AM

Windows 11 brings fresh and elegant design to the forefront; the modern interface allows you to personalize and change the finest details, such as window borders. In this guide, we'll discuss step-by-step instructions to help you create an environment that reflects your style in the Windows operating system. How to change window border settings? Press + to open the Settings app. WindowsI go to Personalization and click Color Settings. Color Change Window Borders Settings Window 11" Width="643" Height="500" > Find the Show accent color on title bar and window borders option, and toggle the switch next to it. To display accent colors on the Start menu and taskbar To display the theme color on the Start menu and taskbar, turn on Show theme on the Start menu and taskbar

10 Ways to Adjust Brightness on Windows 11 Dec 18, 2023 pm 02:21 PM

Screen brightness is an integral part of using modern computing devices, especially when you look at the screen for long periods of time. It helps you reduce eye strain, improve legibility, and view content easily and efficiently. However, depending on your settings, it can sometimes be difficult to manage brightness, especially on Windows 11 with the new UI changes. If you're having trouble adjusting brightness, here are all the ways to manage brightness on Windows 11. How to Change Brightness on Windows 11 [10 Ways Explained] Single monitor users can use the following methods to adjust brightness on Windows 11. This includes desktop systems using a single monitor as well as laptops. let's start. Method 1: Use the Action Center The Action Center is accessible

How to turn off private browsing authentication for iPhone in Safari? Nov 29, 2023 pm 11:21 PM

In iOS 17, Apple introduced several new privacy and security features to its mobile operating system, one of which is the ability to require two-step authentication for private browsing tabs in Safari. Here's how it works and how to turn it off. On an iPhone or iPad running iOS 17 or iPadOS 17, Apple's browser now requires Face ID/Touch ID authentication or a passcode if you have any Private Browsing tab open in Safari and then exit the session or app to access them again. In other words, if someone gets their hands on your iPhone or iPad while it's unlocked, they still won't be able to view your privacy without knowing your passcode

Win10/11 digital activation script MAS version 2.2 re-supports digital activation Oct 16, 2023 am 08:13 AM

The famous activation script MAS2.2 version supports digital activation again. The method originated from @asdcorp and the team. The MAS author calls it HWID2. Download gatherosstate.exe (not original, modified) from https://github.com/massgravel/Microsoft-Activation-Scripts, run it with parameters, and generate GenuineTicket.xml. First take a look at the original method: gatherosstate.exePfn=xxxxxxx;DownlevelGenuineState=1 and then compare with the latest method: gatheros

Where are the cookies on your computer? Dec 22, 2023 pm 03:46 PM

Cookies on your computer are stored in specific locations on your browser, depending on the browser and operating system used: 1. Google Chrome, stored in C:\Users\YourUsername\AppData\Local\Google\Chrome\User Data\Default \Cookies etc.

Where are cookies stored? Dec 20, 2023 pm 03:07 PM

Cookies are usually stored in the cookie folder of the browser. Cookie files in the browser are usually stored in binary or SQLite format. If you open the cookie file directly, you may see some garbled or unreadable content, so it is best to use Use the cookie management interface provided by your browser to view and manage cookies.

How to Hide and Unhide Folders on Windows 11 [3 Ways] Sep 23, 2023 am 08:37 AM

Hiding folders is a great way to keep your desktop organized. Maybe you want to keep your personal files or some client details away from prying eyes. Whatever it is, the ability to put them away and unhide them when necessary is a big saver. In short, these hidden files will not show up in the main menu, but they will still be accessible. It's very simple and shouldn't take you too much time. How to hide a folder in Windows 11? 1. Use File Explorer and hit the + key to open File Explorer. WindowsE Find the folder you want to hide, right-click it and select Properties. Navigate to the General tab, check the Hide box, click Apply, and then click OK. In the next dialog box, check Apply changes to this folder, sub-folder

See all articles