1. 首頁
  2. 問答
  3. 這個PHP登錄代碼中的邏輯缺陷在哪裏?

這個PHP登錄代碼中的邏輯缺陷在哪裏?

2013-06-25 86 views
0

在這段代碼中肯定存在一個邏輯缺陷,但我找不到它。問題是無論輸入什麼,它都會成功(模擬重定向到主頁面)echo。我不知道爲什麼。下面的代碼:這個PHP登錄代碼中的邏輯缺陷在哪裏?

$signIn = new UserService($dbuser, $dbpass, $dbhost, $dbname); //Create new class instance 
$signIn->sec_session_start(); //Begin session 
$_SESSION['token'] = $token; //Store token valualbe in super global variable 

//***************************************************************************************// 

//***************************************************************************************// 
//Begin Login Functions 

if(isset($_POST['username'], $_POST['password'],$_POST['siteToken'])) { 

    //Assign POST submissions to passable php variables 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    $passedToken = $_POST['siteToken']; 

    //Check Token Values (prevent CSRF attacks) 
    /* 
    if($passedToken != $_SESSION['token']) { 
     $error = "CSRF attack detected. Please close your browser and try again."; 
     $signIn->csrfAttackLog($username); 
     echo $error; 
     exit();  
    } 
    */ 

    //Test if both fields are not null 
    if($username == "" || $password = "") 
    { 
     $error = "Not all fields were entered<br />"; 
     echo $error; 
     exit(); 
    } 

    //Start login process 
    else 
    { 
     $success = $signIn->login($username, $password); 
     if ($success == true) 
     { //Login Successful 
      echo "Success!"; //Direct to main page. 
      exit(); 
     } 
     //Specific login failure determination 
     else 
     { 
      switch ($success){ 
       case 1: 
        $error = "Your account has been locked."; 
        echo $error; 
        break; 
       case 2: 
        $error = "Invalid Username/Password (2)"; 
        echo $error; 
        break; 
       case 3: 
        $error = "Invalid Username/Password"; 
        echo $error; 
        break; 
       case 4: 
        $error = "Invalid Username/Password (3)"; 
        echo $error; 
        break; 
      } 
     } 

    }

這裏的login類方法:

public function login($username, $password) 
     { 
      //****************// 
      $this->username = $username; 
      $this->password = $password; 
      $user_Id = ""; 
      $user = ""; 
      $hashPassword = ""; 
      $dbPassword = ""; 
      $salt = ""; 
      $userBrowser = ""; 
      //**************// Local declerations 

      $this->connect(); //connect to database 

      if ($stmt = $this->dbh->prepare("SELECT UserId, Username, Pass, Salt FROM user WHERE Username = :param1 LIMIT 1")) //Prepared procedure 
      { 
       $stmt->bindParam(':param1', $this->username); //Bind $this->username to parameter 
       $stmt->execute(); //Execute the prepared query 

       if ($stmt->rowCount() == 1) //If the user exists 
       { 
        $this->user = $stmt->fetch(PDO::FETCH_ASSOC); //Grab the variables from the selected database row 

        $user_Id = $this->user['UserId']; //Transfer variables from array to local variables 
        $user = $this->user['Username']; 
        $dbPassword = $this->user['Pass']; 
        $salt = $this->user['Salt']; 

        if($user_Id = "") 
         echo "Why"; 
        //Check if account has been locked 
        if($this->checkBrute($user_Id, $this->dbh) == true) 
        { 
         //Account is locked 
         return 1; //Used in userControl as a switch condition: Indicates a locked account 
         //Possibly send an email here 
        } else { 
           $hashPassword = hash('sha512', $this->password.$salt); //Hash the password with the unique salt 

           if($dbPassword == $hashPassword) 
           { //Check if the password in the database matches the password the user submitted 
           //Password is correct! 

           $userBrowser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user 
           $_SESSION['p_id'] = $user_Id; //Store user id to global session variable 
           $_SESSION['userName'] = $user; //Store username to global session variable 
           $_SESSION['loginString'] = hash('sha512', $hashPassword.$userBrowser); //Hash the concentanation of the hashedpassword (password + salt) and userBrowser 
           //Login succesful!!!!!! 
           return true; 
           } else { 
             //Password is not correct 
             //Record this attempt in the database 
             $now = time(); 
             $userIp = $_SERVER['REMOTE_ADDR']; 
             $insert = $this->dbh->query("INSERT INTO loginattempts (UserId, UserIp, EventTime) VALUES ('$user_Id', 'userIP', '$now')"); 
             if($insert == false){ 
              return 2; //Used in userControl as a switch condition: Indicated a failure to log failed login attempt 
             } else { 
              return 3; //Used in userControl as a switch condition: Indicates an inccorect password 
             } 
            } 
          } 

       } 
       else 
       { 
        //No user exists 
        return 4; 
       } 
      } 
     }

我知道SQL查詢工作:我測試過他們這個代碼之外。我不明白爲什麼它會一直回覆真實。 PHP沒有拋出任何異常或錯誤(是的,我多次閱讀「不要編寫自己的登錄函數,使用已經有效的函數」。這不是一個公共站點,我只是爲了它的赫克)。任何幫助表示讚賞。

來源

2013-06-25 Mlagma

+0

我知道你說它不管輸入是否成功,但是當沒有輸入時它會迴應成功嗎? – Kyle

+3

'if($ success == true)' - 這會做鬆散的類型匹配,我懷疑是將你的返回值轉換爲布爾值,所以任何非0的返回值都會匹配。嘗試'if($ success === true)'以進行類型比較。 – andrewsi

+0

@凱爾我沒有特別嘗試過。我有三個防止空登錄的驗證級別。我會嘗試刪除它們並給它一個鏡頭。 – Mlagma

回答

1

您的登錄代碼具有各種返回碼 - 如果一切正常,則爲true,或者數字表示各種錯誤狀態。那麼你檢查與返回值:

if ($success == true)

PHP不是強類型的,所以它會投返回值的布爾對於比較;並且任何非0整數都將評估爲true。做一個類型檢查,以及一個價值進行檢查,您需要使用嚴格的比較操作:

if ($success === true)

如果$success是雙方真實和一個布爾值,將評估事實。

來源

2013-06-25 19:41:43 andrewsi

相關問題

 相關問題