Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

Login password comparison question

WBOY
Release: 2016-07-06 13:51:56
Original
1038 people have browsed it

The database saving field is md5 (password), and the password for form reception and processing is md5 (password suffix). Are the logical values ​​returned by these two judgments true? Why did I try last night and the account password returned was incorrect, but the ajax return value was ok. If all were entered randomly, ajax would return null. Why does ajax return ok if the passwords don't match? If there is a match, why is the incorrect password returned? What's the problem?
1.IndexController.class.php:

<code><?php
namespace Home\Controller;
use Think\Controller;
class IndexController extends Controller {
  public function index(){
    $this->display();
  }
  public function checkUserName(){
    if(!IS_AJAX){
      $data=array('errMsg' => '非法访问方式');
    }
    $userName=I('username','','htmlspecialchars');
    $userPass=I('userpass','','htmlspecialchars');
    $userInfo=D("Stuser")->getUserInfo($userName);
    if($userInfo['userpass']!=handleMd5Pass($userPass)){
      //echo $userInfo['userpass']."<br/>";
      //echo handleMd5Pass($userPass);
      echo "用户名或密码不正确";
      //var_dump(handleMd5Pass($userPass));
    }
    if($userInfo){
      //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg);
      session('userId',$userInfo['id']);
      $data=array(
        'info' => 'ok',
        'callback' => U('/stfjzd-13/index.php/Home/Index/index')
      );
    }
    $this->ajaxReturn($data);
  }

}
</code>
Copy after login
Copy after login

2.StuserModel.class.php

<code><?php
  namespace Home\Model;
  use Think\Model;
  //用户表模型
  class StuserModel extends Model{
    private $DB="";
    public function __construct(){
      //构造函数创建模型
      $this->DB=M("Stuser");
    }
    //数据库中检索用户数据,find()检索一条->Index
    public function getUserInfo($userName){
      //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();
      $userInfo=$this->DB->where('username="'.$userName.'"')->find();
      echo $this->DB->getLastSql();
      return $userInfo;
    }
  }
?>
</code>
Copy after login
Copy after login

3.Login.js

<code>$('.search_sub').click(function(event){
  event.preventDefault();
  var userName=$("#username").val();
  var userPass=$("#userpass").val();
  if(userPass=="" || userName==""){
    alert("登陆名称与密码不能为空");
    $("#username").focus();
    return false;
  }else{
    var url="/stfjzd-13/index.php/Home/Index/checkUserName";
    //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";
    $.post(url,{username:userName,userpass:userPass},function(msg){
      if(msg.errMsg=="ok"){
        window.location.href=msg.callback;
      }else{
        alert(msg.errMsg);
      }
    },"JSON")
  }
})
</code>
Copy after login
Copy after login

Reply content:

The database saving field is md5 (password), and the password for form reception and processing is md5 (password suffix). Are the logical values ​​returned by these two judgments true? Why did I try last night and the account password returned was incorrect, but the ajax return value was ok. If all were entered randomly, ajax would return null. Why does ajax return ok if the passwords don't match? If there is a match, why is the incorrect password returned? What's the problem?
1.IndexController.class.php:

<code><?php
namespace Home\Controller;
use Think\Controller;
class IndexController extends Controller {
  public function index(){
    $this->display();
  }
  public function checkUserName(){
    if(!IS_AJAX){
      $data=array('errMsg' => '非法访问方式');
    }
    $userName=I('username','','htmlspecialchars');
    $userPass=I('userpass','','htmlspecialchars');
    $userInfo=D("Stuser")->getUserInfo($userName);
    if($userInfo['userpass']!=handleMd5Pass($userPass)){
      //echo $userInfo['userpass']."<br/>";
      //echo handleMd5Pass($userPass);
      echo "用户名或密码不正确";
      //var_dump(handleMd5Pass($userPass));
    }
    if($userInfo){
      //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg);
      session('userId',$userInfo['id']);
      $data=array(
        'info' => 'ok',
        'callback' => U('/stfjzd-13/index.php/Home/Index/index')
      );
    }
    $this->ajaxReturn($data);
  }

}
</code>
Copy after login
Copy after login

2.StuserModel.class.php

<code><?php
  namespace Home\Model;
  use Think\Model;
  //用户表模型
  class StuserModel extends Model{
    private $DB="";
    public function __construct(){
      //构造函数创建模型
      $this->DB=M("Stuser");
    }
    //数据库中检索用户数据,find()检索一条->Index
    public function getUserInfo($userName){
      //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();
      $userInfo=$this->DB->where('username="'.$userName.'"')->find();
      echo $this->DB->getLastSql();
      return $userInfo;
    }
  }
?>
</code>
Copy after login
Copy after login

3.Login.js

<code>$('.search_sub').click(function(event){
  event.preventDefault();
  var userName=$("#username").val();
  var userPass=$("#userpass").val();
  if(userPass=="" || userName==""){
    alert("登陆名称与密码不能为空");
    $("#username").focus();
    return false;
  }else{
    var url="/stfjzd-13/index.php/Home/Index/checkUserName";
    //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";
    $.post(url,{username:userName,userpass:userPass},function(msg){
      if(msg.errMsg=="ok"){
        window.location.href=msg.callback;
      }else{
        alert(msg.errMsg);
      }
    },"JSON")
  }
})
</code>
Copy after login
Copy after login

<code>    if($userInfo['userpass']!=handleMd5Pass($userPass)){
        //此处只echo了错误,但是没有返回到前端。
      echo "用户名或密码不正确";
      //var_dump(handleMd5Pass($userPass));
    }
    if($userInfo){
        //你的代码运行到这里,用户名对,所以查出了userInfo,所以返回了ok。正确应该在密码验证错误的时候就返回给前端,不再往后运行
      session('userId',$userInfo['id']);
      $data=array(
        'info' => 'ok',
        'callback' => U('/stfjzd-13/index.php/Home/Index/index')
      );
    }
    $this->ajaxReturn($data);</code>
Copy after login

In comments

echo "Username or password is incorrect";

return here

Related labels:
php thinkphp
source:php.cn
Previous article:PHP finds common multiples of consecutive numbers Next article:How to get the ID in SELECT when deleting?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1978
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
10
2142
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1804
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1702
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1713
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template