Login password comparison question

WBOY
Release: 2016-07-06 13:51:56
Original
1022 people have browsed it

The database saving field is md5 (password), and the password for form reception and processing is md5 (password suffix). Are the logical values ​​returned by these two judgments true? Why did I try last night and the account password returned was incorrect, but the ajax return value was ok. If all were entered randomly, ajax would return null. Why does ajax return ok if the passwords don't match? If there is a match, why is the incorrect password returned? What's the problem?
1.IndexController.class.php:

<code><?php
namespace Home\Controller;
use Think\Controller;
class IndexController extends Controller {
  public function index(){
    $this->display();
  }
  public function checkUserName(){
    if(!IS_AJAX){
      $data=array('errMsg' => '非法访问方式');
    }
    $userName=I('username','','htmlspecialchars');
    $userPass=I('userpass','','htmlspecialchars');
    $userInfo=D("Stuser")->getUserInfo($userName);
    if($userInfo['userpass']!=handleMd5Pass($userPass)){
      //echo $userInfo['userpass']."<br/>";
      //echo handleMd5Pass($userPass);
      echo "用户名或密码不正确";
      //var_dump(handleMd5Pass($userPass));
    }
    if($userInfo){
      //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg);
      session('userId',$userInfo['id']);
      $data=array(
        'info' => 'ok',
        'callback' => U('/stfjzd-13/index.php/Home/Index/index')
      );
    }
    $this->ajaxReturn($data);
  }

}
</code>
Copy after login
Copy after login

2.StuserModel.class.php

<code><?php
  namespace Home\Model;
  use Think\Model;
  //用户表模型
  class StuserModel extends Model{
    private $DB="";
    public function __construct(){
      //构造函数创建模型
      $this->DB=M("Stuser");
    }
    //数据库中检索用户数据,find()检索一条->Index
    public function getUserInfo($userName){
      //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();
      $userInfo=$this->DB->where('username="'.$userName.'"')->find();
      echo $this->DB->getLastSql();
      return $userInfo;
    }
  }
?>
</code>
Copy after login
Copy after login

3.Login.js

<code>$('.search_sub').click(function(event){
  event.preventDefault();
  var userName=$("#username").val();
  var userPass=$("#userpass").val();
  if(userPass=="" || userName==""){
    alert("登陆名称与密码不能为空");
    $("#username").focus();
    return false;
  }else{
    var url="/stfjzd-13/index.php/Home/Index/checkUserName";
    //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";
    $.post(url,{username:userName,userpass:userPass},function(msg){
      if(msg.errMsg=="ok"){
        window.location.href=msg.callback;
      }else{
        alert(msg.errMsg);
      }
    },"JSON")
  }
})
</code>
Copy after login
Copy after login

Reply content:

The database saving field is md5 (password), and the password for form reception and processing is md5 (password suffix). Are the logical values ​​returned by these two judgments true? Why did I try last night and the account password returned was incorrect, but the ajax return value was ok. If all were entered randomly, ajax would return null. Why does ajax return ok if the passwords don't match? If there is a match, why is the incorrect password returned? What's the problem?
1.IndexController.class.php:

<code><?php
namespace Home\Controller;
use Think\Controller;
class IndexController extends Controller {
  public function index(){
    $this->display();
  }
  public function checkUserName(){
    if(!IS_AJAX){
      $data=array('errMsg' => '非法访问方式');
    }
    $userName=I('username','','htmlspecialchars');
    $userPass=I('userpass','','htmlspecialchars');
    $userInfo=D("Stuser")->getUserInfo($userName);
    if($userInfo['userpass']!=handleMd5Pass($userPass)){
      //echo $userInfo['userpass']."<br/>";
      //echo handleMd5Pass($userPass);
      echo "用户名或密码不正确";
      //var_dump(handleMd5Pass($userPass));
    }
    if($userInfo){
      //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg);
      session('userId',$userInfo['id']);
      $data=array(
        'info' => 'ok',
        'callback' => U('/stfjzd-13/index.php/Home/Index/index')
      );
    }
    $this->ajaxReturn($data);
  }

}
</code>
Copy after login
Copy after login

2.StuserModel.class.php

<code><?php
  namespace Home\Model;
  use Think\Model;
  //用户表模型
  class StuserModel extends Model{
    private $DB="";
    public function __construct(){
      //构造函数创建模型
      $this->DB=M("Stuser");
    }
    //数据库中检索用户数据,find()检索一条->Index
    public function getUserInfo($userName){
      //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();
      $userInfo=$this->DB->where('username="'.$userName.'"')->find();
      echo $this->DB->getLastSql();
      return $userInfo;
    }
  }
?>
</code>
Copy after login
Copy after login

3.Login.js

<code>$('.search_sub').click(function(event){
  event.preventDefault();
  var userName=$("#username").val();
  var userPass=$("#userpass").val();
  if(userPass=="" || userName==""){
    alert("登陆名称与密码不能为空");
    $("#username").focus();
    return false;
  }else{
    var url="/stfjzd-13/index.php/Home/Index/checkUserName";
    //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";
    $.post(url,{username:userName,userpass:userPass},function(msg){
      if(msg.errMsg=="ok"){
        window.location.href=msg.callback;
      }else{
        alert(msg.errMsg);
      }
    },"JSON")
  }
})
</code>
Copy after login
Copy after login

<code>    if($userInfo['userpass']!=handleMd5Pass($userPass)){
        //此处只echo了错误,但是没有返回到前端。
      echo "用户名或密码不正确";
      //var_dump(handleMd5Pass($userPass));
    }
    if($userInfo){
        //你的代码运行到这里,用户名对,所以查出了userInfo,所以返回了ok。正确应该在密码验证错误的时候就返回给前端,不再往后运行
      session('userId',$userInfo['id']);
      $data=array(
        'info' => 'ok',
        'callback' => U('/stfjzd-13/index.php/Home/Index/index')
      );
    }
    $this->ajaxReturn($data);</code>
Copy after login

In comments

echo "Username or password is incorrect";

return here

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!