1. 首頁
  2. 問答
  3. 這段代碼有什麼問題[PHP Cookies]

這段代碼有什麼問題[PHP Cookies]

2012-04-06 32 views
0

我有這段代碼,但是當我嘗試加載頁面時,它是空白的:(我用USERCOOKIEID和PASSCOOKIEID替換了cookie的實際名稱,並刪除了當用戶登錄)這段代碼有什麼問題[PHP Cookies]

if(isset($_COOKIE['USERCOOKIEID'])) { 
$user = $_COOKIE['USERCOOKIEID']; 
$pass = $_COOKIE['PASSCOOKIEID']; 
$check = mysql_query("SELECT * FROM users WHERE username = '$user'")or die(); 
while($info = mysql_fetch_array($check)) { 
    if ($pass != $info['password']) {   
    }else{ 
    //This is were the code goes for a user that is signed on 
    } 
} 

}else{//what happens if they don't have the cookie 
header("Location: login.php");

}

感謝

來源

2012-04-06 Matt

+0

使用基本的語法高亮IDE將阻止這些類型的錯誤 – nathanjosiah 2012-04-06 22:05:23

+1

此外,這個代碼是在當前非常不安全狀態,始終清理來自用戶的任何數據,包括cookies – nathanjosiah 2012-04-06 22:06:29

+1

對於安全體系結構,系統不應存儲明文密碼。總是不可逆地加密或散列它們,最好用足夠的鹽,包括將散列與用戶名,每個用戶的鹽和全系統鹽結合起來。這些步驟渲染[彩虹表攻擊](http://en.wikipedia.org/wiki/Rainbow_table)無用。 – wallyk 2012-04-06 22:10:21

回答

1

看起來應該像

if(isset($_COOKIE['USERCOOKIEID'])) 
{ 
    $user = $_COOKIE['USERCOOKIEID']; 
    $pass = $_COOKIE['PASSCOOKIEID']; 
    $check = mysql_query("SELECT * FROM `users` WHERE `username`='$user'") or die(); 
    if (mysql_result($check, 0, 'passwordcolnum') == $pass) { 
    } else { 
     //This is were the code goes for a user that is signed on 
    } 
} else { //what happens if they don't have the cookie 
    header("Location: login.php"); 
}

也,而不是mysql_fetch_array,你爲什麼不使用mysql_result爲肯定只會有一個記錄

來源

2012-04-06 22:04:33 topherg

相關問題

 相關問題