你们的登录功能一般都是怎么写的?
我知道的做法是通过用户名查询密码,如果对的上就登陆成功,之后用cookie保存用户ID和用户名。
这样做是不是有些简单?更进一步的做法是怎样的呢?
回复讨论(解决方案)
都这么做的啊!
通过用户查询出数据,然后在对比数据中的密码,其中密码各种加密过!
COOKIES 部分就不行了,你的方式太简单了。应该加密,其中有用户UID和时间IP等标志位!
访问的时候,程序根据COOKIE解密出数据,然后和数据库对比,是不是同一个人登录
可能还要加一些权限验证之类的吧。一般的应用中都会包含权限管理模块吧。那到登陆中去验证权限则是必然的了。具体可以参考一些源码。
我比你高级一点 加个验证码 算吗?
基本做法就??,然後密?可以加密。
我比你高级一点 加个验证码 算吗?
我也是。
最简单的就是验证 用户名和密码 就可以了, 然后可以加上验证码 可以加上不能同时登陆 可以验证是否在后台的黑名单里面
还可以限制用户输入错误用户名或者密码的次数,当错误次数太多了,就给一定的时间不能登录。 其实仔细想想,登录功能上面能加的东西还是很多的。。
要注意sql注入问题,不要用
SELECT count(*) FROM user WHERE un = 'xxx' and pw = 'xxx'
这种方法
而是先查询指定用户名
SELECT pw FROM user WHERE un = 'xxx'
并判断返回结果数量是否大于零
然后再取密码(pw) 判断是否正确
要注意sql注入问题,不要用
SELECT count(*) FROM user WHERE un = 'xxx' and pw = 'xxx'
这种方法
而是先查询指定用户名
SELECT pw FROM user WHERE un = 'xxx'
并判断返回结果数量是否大于零
然后再取密码(pw) 判断是否正确
这样做是正确的,这是基本的登录功能实现方法
看上面感觉都是新人啊,我说点我们做的经验,一般登录后的状态都不采用cookie吧,应该是session,如果cookie紧用了怎么办?是否考虑过,在网络上cookie容易受攻击,当然密码切记不要进行保存。为安全也是会对session.cookie_httponly 进行设置操作的,说到验证码,最人性化是输错一次后进行验证码输入,很多大网站也是这么做的,然后对用户登录失败进行统计,根据需要锁定用户1小时候再操作。
要注意sql注入问题,不要用
SELECT count(*) FROM user WHERE un = 'xxx' and pw = 'xxx'
这种方法
而是先查询指定用户名
SELECT pw FROM user WHERE un = 'xxx'
并判断返回结果数量是否大于零
然后再取密码(pw) 判断是否正确
为什么要这么做呢?不都一样吗?
我比你高级一点 加个验证码 算吗?
再加个记住登录
要注意sql注入问题,不要用
SELECT count(*) FROM user WHERE un = 'xxx' and pw = 'xxx'
这种方法
而是先查询指定用户名
SELECT pw FROM user WHERE un = 'xxx'
并判断返回结果数量是否大于零
然后再取密码(pw) 判断是否正确
为什么要这么做呢?不都一样吗?
变量在接收的时候做好过滤即可 防范设计应该在SQL 之外
我的比你更简单...
基本上都是基于LDAP验证的..
所以只要稍微判断输入,再验证
验证通过,判断数据库是否有这个id的资料,没有,就从LDAP里面获取并写入数据库...有就直接返回相关信息到session...
最简单的就是验证 用户名和密码 就可以了, 然后可以加上验证码 可以加上不能同时登陆 可以验证是否在后台的黑名单里面
还可以限制用户输入错误用户名或者密码的次数,当错误次数太多了,就给一定的时间不能登录。 其实仔细想想,登录功能上面能加的东西还是很多的。。
正解,再密码加密,解密读取
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
What should I do if I download other people's wallpapers after logging into another account on wallpaperengine?
Mar 19, 2024 pm 02:00 PM
When you log in to someone else's steam account on your computer, and that other person's account happens to have wallpaper software, steam will automatically download the wallpapers subscribed to the other person's account after switching back to your own account. Users can solve this problem by turning off steam cloud synchronization. What to do if wallpaperengine downloads other people's wallpapers after logging into another account 1. Log in to your own steam account, find cloud synchronization in settings, and turn off steam cloud synchronization. 2. Log in to someone else's Steam account you logged in before, open the Wallpaper Creative Workshop, find the subscription content, and then cancel all subscriptions. (In case you cannot find the wallpaper in the future, you can collect it first and then cancel the subscription) 3. Switch back to your own steam
How do I log in to my previous account on Xiaohongshu? What should I do if the original number is lost after it is reconnected?
Mar 21, 2024 pm 09:41 PM
With the rapid development of social media, Xiaohongshu has become a popular platform for many young people to share their lives and explore new products. During use, sometimes users may encounter difficulties logging into previous accounts. This article will discuss in detail how to solve the problem of logging into the old account on Xiaohongshu, and how to deal with the possibility of losing the original account after changing the binding. 1. How to log in to Xiaohongshu’s previous account? 1. Retrieve password and log in. If you do not log in to Xiaohongshu for a long time, your account may be recycled by the system. In order to restore access rights, you can try to log in to your account again by retrieving your password. The operation steps are as follows: (1) Open the Xiaohongshu App or official website and click the "Login" button. (2) Select "Retrieve Password". (3) Enter the mobile phone number you used when registering your account
The difference between vivox100s and x100: performance comparison and function analysis
Mar 23, 2024 pm 10:27 PM
Both vivox100s and x100 mobile phones are representative models in vivo's mobile phone product line. They respectively represent vivo's high-end technology level in different time periods. Therefore, the two mobile phones have certain differences in design, performance and functions. This article will conduct a detailed comparison between these two mobile phones in terms of performance comparison and function analysis to help consumers better choose the mobile phone that suits them. First, let’s look at the performance comparison between vivox100s and x100. vivox100s is equipped with the latest
What exactly is self-media? What are its main features and functions?
Mar 21, 2024 pm 08:21 PM
With the rapid development of the Internet, the concept of self-media has become deeply rooted in people's hearts. So, what exactly is self-media? What are its main features and functions? Next, we will explore these issues one by one. 1. What exactly is self-media? We-media, as the name suggests, means you are the media. It refers to an information carrier through which individuals or teams can independently create, edit, publish and disseminate content through the Internet platform. Different from traditional media, such as newspapers, television, radio, etc., self-media is more interactive and personalized, allowing everyone to become a producer and disseminator of information. 2. What are the main features and functions of self-media? 1. Low threshold: The rise of self-media has lowered the threshold for entering the media industry. Cumbersome equipment and professional teams are no longer needed.
How to enter Baidu Netdisk web version? Baidu Netdisk web version login entrance
Mar 13, 2024 pm 04:58 PM
Baidu Netdisk can not only store various software resources, but also share them with others. It supports multi-terminal synchronization. If your computer does not have a client downloaded, you can choose to enter the web version. So how to log in to Baidu Netdisk web version? Let’s take a look at the detailed introduction. Baidu Netdisk web version login entrance: https://pan.baidu.com (copy the link to open in the browser) Software introduction 1. Sharing Provides file sharing function, users can organize files and share them with friends in need. 2. Cloud: It does not take up too much memory. Most files are saved in the cloud, effectively saving computer space. 3. Photo album: Supports the cloud photo album function, import photos to the cloud disk, and then organize them for everyone to view.
How to log in if Xiaohongshu only remembers the account? I just remember how to retrieve my account?
Mar 23, 2024 pm 05:31 PM
Xiaohongshu has now been integrated into the daily lives of many people, and its rich content and convenient operation methods make users enjoy it. Sometimes, we may forget the account password. It is really annoying to only remember the account but not be able to log in. 1. How to log in if Xiaohongshu only remembers the account? When we forget our password, we can log in to Xiaohongshu through the verification code on our mobile phone. The specific operations are as follows: 1. Open the Xiaohongshu App or the web version of Xiaohongshu; 2. Click the "Login" button and select "Account and Password Login"; 3. Click the "Forgot your password?" button; 4. Enter your account number. Click "Next"; 5. The system will send a verification code to your mobile phone, enter the verification code and click "OK"; 6. Set a new password and confirm. You can also use a third-party account (such as
What are the functions of Xiaohongshu account management software? How to operate a Xiaohongshu account?
Mar 21, 2024 pm 04:16 PM
As Xiaohongshu becomes popular among young people, more and more people are beginning to use this platform to share various aspects of their experiences and life insights. How to effectively manage multiple Xiaohongshu accounts has become a key issue. In this article, we will discuss some of the features of Xiaohongshu account management software and explore how to better manage your Xiaohongshu account. As social media grows, many people find themselves needing to manage multiple social accounts. This is also a challenge for Xiaohongshu users. Some Xiaohongshu account management software can help users manage multiple accounts more easily, including automatic content publishing, scheduled publishing, data analysis and other functions. Through these tools, users can manage their accounts more efficiently and increase their account exposure and attention. In addition, Xiaohongshu account management software has
What should I do if I can't log in to my account on Google Chrome? Solution to why Google Chrome account cannot be logged in
Mar 13, 2024 pm 02:10 PM
What should I do if I can’t log in to my account on Google Chrome? When many users use this software, certain functions require users to log in to their Google account before they can use it. However, they have tried many times but failed to log in successfully. Faced with this problem, many users do not know how to solve it, so In this issue, the editor is here to share the solution with you. I hope that the content of today’s software tutorial can be helpful to everyone. The solution is as follows: 1. Click on a browser on the desktop, and after opening it, you will see something like this. 2. If a login pops up at this time, click it. If you can't see it, click the upper right corner. 3. Click Login, then enter your account number. You do not need to enter the account after @, and click Next. 4. Enter the password. When you see this prompt, click Enable
