-1
使用cakePHP,我很想擁有關於這個小源代碼的觀點,我不確定它是否足夠安全。將使用另一個散列腳本刪除sha1()
。我發現它可以被優化,但是如何?我的登錄功能是否安全?不知道如何改進它
三江源
類UsersController擴展控制器{
function account($Req){
if(isset($Req->post->login)){
$login = addslashes($Req->post->login);
$password = sha1(addslashes($Req->post->password));
$pass_confirm = sha1(addslashes($Req->post->pass_confirm));
$email = addslashes($Req->post->email);
$signature = addslashes($Req->post->signature);
if(empty($login) || empty($email)){
$this->Session->setFlash("You hav to complete each fiedls", "error");
$this->Request->redirect(SITE . "users/account");
}
elseif($pass_confirm != $password) {
$this->Session->setFlash("You gave two differents password", "error");
$Req->redirect(SITE . "users/account");
}
$this->loadModel("Users");
$dispoLogin = $this->Users->findCount(array(
"login" => $login
));
if($dispoLogin === 0){
$this->Session->setFlash("The login is already use by someone else", "error");
$this->Request->redirect(SITE . "users/account");
}
$dispoEmail = $this->Users->findCount(array(
"email" => $email
));
if($dispoEmail === 0){
$this->Session->setFlash("Email adress already use by someone else", "error");
$this->Request->redirect(SITE . "users/account");
}
if(empty($password)){
$q = $this->Users->findFirst(array(
"fields" => "password",
"conditions" => array(
"id" => $this->User->id
)
));
$password = sha1($q->password);
}
$this->Users->save(array(
"id" => $this->User->id,
"login" => $login,
"password" => $password,
"email" => $email,
"signature" => $signature
));
$this->user->setData(array(
"login" => $login,
"password" => $password,
"email" => $email,
"signature" => $signature
));
$this->Session->setFlash("Your profile page is updated");
$this->Request->redirect(SITE);
}
}
這是一個更適合programmers.stackexchange.com,投票移動那裏。 – Bojangles
@JamWaffles它也不適合那裏。 http://codereview.stackexchange.com – Mob
@Mob Darn it!有兩個混合起來。 – Bojangles