数据库保存字段是md5(密码),表单接收处理的密码是md5(密码+后缀),这两个判断返回的逻辑值是true吗?为什么我昨晚试了,返回账户密码不正确,但是ajax返回值是ok,如果全部乱输入,则ajax返回的是null。如果密码不匹配为什么ajax返回ok?如果匹配为什么返回密码不正确?问题出在哪里?
1.IndexController.class.php:
<code><?php namespace Home\Controller;
use Think\Controller;
class IndexController extends Controller {
public function index(){
$this->display();
}
public function checkUserName(){
if(!IS_AJAX){
$data=array('errMsg' => '非法访问方式');
}
$userName=I('username','','htmlspecialchars');
$userPass=I('userpass','','htmlspecialchars');
$userInfo=D("Stuser")->getUserInfo($userName);
if($userInfo['userpass']!=handleMd5Pass($userPass)){
//echo $userInfo['userpass']."<br>";
//echo handleMd5Pass($userPass);
echo "用户名或密码不正确";
//var_dump(handleMd5Pass($userPass));
}
if($userInfo){
//$userInfo->where(array('id' => $userInfo['id']))->save($errMsg);
session('userId',$userInfo['id']);
$data=array(
'info' => 'ok',
'callback' => U('/stfjzd-13/index.php/Home/Index/index')
);
}
$this->ajaxReturn($data);
}
}
</code>Salin selepas log masuk
Salin selepas log masuk
2.StuserModel.class.php
<code><?php namespace Home\Model;
use Think\Model;
//用户表模型
class StuserModel extends Model{
private $DB="";
public function __construct(){
//构造函数创建模型
$this->DB=M("Stuser");
}
//数据库中检索用户数据,find()检索一条->Index
public function getUserInfo($userName){
//$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();
$userInfo=$this->DB->where('username="'.$userName.'"')->find();
echo $this->DB->getLastSql();
return $userInfo;
}
}
?>
</code>Salin selepas log masuk
Salin selepas log masuk
3.Login.js
<code>$('.search_sub').click(function(event){
event.preventDefault();
var userName=$("#username").val();
var userPass=$("#userpass").val();
if(userPass=="" || userName==""){
alert("登陆名称与密码不能为空");
$("#username").focus();
return false;
}else{
var url="/stfjzd-13/index.php/Home/Index/checkUserName";
//var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";
$.post(url,{username:userName,userpass:userPass},function(msg){
if(msg.errMsg=="ok"){
window.location.href=msg.callback;
}else{
alert(msg.errMsg);
}
},"JSON")
}
})
</code>Salin selepas log masuk
Salin selepas log masuk
回复内容:
数据库保存字段是md5(密码),表单接收处理的密码是md5(密码+后缀),这两个判断返回的逻辑值是true吗?为什么我昨晚试了,返回账户密码不正确,但是ajax返回值是ok,如果全部乱输入,则ajax返回的是null。如果密码不匹配为什么ajax返回ok?如果匹配为什么返回密码不正确?问题出在哪里?
1.IndexController.class.php:
<code><?php namespace Home\Controller;
use Think\Controller;
class IndexController extends Controller {
public function index(){
$this->display();
}
public function checkUserName(){
if(!IS_AJAX){
$data=array('errMsg' => '非法访问方式');
}
$userName=I('username','','htmlspecialchars');
$userPass=I('userpass','','htmlspecialchars');
$userInfo=D("Stuser")->getUserInfo($userName);
if($userInfo['userpass']!=handleMd5Pass($userPass)){
//echo $userInfo['userpass']."<br>";
//echo handleMd5Pass($userPass);
echo "用户名或密码不正确";
//var_dump(handleMd5Pass($userPass));
}
if($userInfo){
//$userInfo->where(array('id' => $userInfo['id']))->save($errMsg);
session('userId',$userInfo['id']);
$data=array(
'info' => 'ok',
'callback' => U('/stfjzd-13/index.php/Home/Index/index')
);
}
$this->ajaxReturn($data);
}
}
</code>Salin selepas log masuk
Salin selepas log masuk
2.StuserModel.class.php
<code><?php namespace Home\Model;
use Think\Model;
//用户表模型
class StuserModel extends Model{
private $DB="";
public function __construct(){
//构造函数创建模型
$this->DB=M("Stuser");
}
//数据库中检索用户数据,find()检索一条->Index
public function getUserInfo($userName){
//$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();
$userInfo=$this->DB->where('username="'.$userName.'"')->find();
echo $this->DB->getLastSql();
return $userInfo;
}
}
?>
</code>Salin selepas log masuk
Salin selepas log masuk
3.Login.js
<code>$('.search_sub').click(function(event){
event.preventDefault();
var userName=$("#username").val();
var userPass=$("#userpass").val();
if(userPass=="" || userName==""){
alert("登陆名称与密码不能为空");
$("#username").focus();
return false;
}else{
var url="/stfjzd-13/index.php/Home/Index/checkUserName";
//var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";
$.post(url,{username:userName,userpass:userPass},function(msg){
if(msg.errMsg=="ok"){
window.location.href=msg.callback;
}else{
alert(msg.errMsg);
}
},"JSON")
}
})
</code>Salin selepas log masuk
Salin selepas log masuk
<code> if($userInfo['userpass']!=handleMd5Pass($userPass)){
//此处只echo了错误,但是没有返回到前端。
echo "用户名或密码不正确";
//var_dump(handleMd5Pass($userPass));
}
if($userInfo){
//你的代码运行到这里,用户名对,所以查出了userInfo,所以返回了ok。正确应该在密码验证错误的时候就返回给前端,不再往后运行
session('userId',$userInfo['id']);
$data=array(
'info' => 'ok',
'callback' => U('/stfjzd-13/index.php/Home/Index/index')
);
}
$this->ajaxReturn($data);</code>Salin selepas log masuk
在注释中
echo "用户名或密码不正确";
这里 return
![[Web front-end] Permulaan pantas Node.js](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
