C#+ PHP - 调用方法和返回数据

时间:2014-02-28 12:49:26

标签: c# php

我似乎无法获得正确的数据返回。这是我的PHP代码:

<?php
$u = $_GET['u'];
$p = $_GET['p'];

require_once("models/config.php");
if (!securePage($_SERVER['PHP_SELF'])){die();}

//Prevent the user visiting the logged in page if he/she is already logged in
if(isUserLoggedIn()) { header("Location: account.php"); die(); }

//Forms posted
if(!empty($_POST))
{
$errors = array();
$username = sanitize(trim($_POST[$u]));
$password = trim($_POST[$p]);

//Perform some validation
//Feel free to edit / change as required
if($username == "")
{
    $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if($password == "")
{
    $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}

if(count($errors) == 0)
{
    //A security note here, never tell the user which credential was incorrect
    if(!usernameExists($username))
    {
        $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
    }
    else
    {
        $userdetails = fetchUserDetails($username);
        //See if the user's account is activated
        if($userdetails["active"]==0)
        {
            $errors[] = lang("ACCOUNT_INACTIVE");
        }
        else
        {
            //Hash the password and use the salt from the database to compare the password.
            $entered_pass = generateHash($password,$userdetails["password"]);

            if($entered_pass != $userdetails["password"])
            {
                //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
                $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
                return 0;
            }
            else
            {
                //Passwords match! we're good to go'
                return 1;
                //Update last sign in
                $loggedInUser->updateLastSignIn();
                $_SESSION["userCakeUser"] = $loggedInUser;
            }
        }
    }
}
}
?>

它总是返回不正确的细节(0)。这是C#代码:

public static string Login(string user, string pass)
    {
        WebClient c = new WebClient();

        string a = c.DownloadString("http://www.zilentsoftware.com/static/user/account/zlogin.php?u=" + user + "&p=" + pass);

        return a;
    }

即使所有信息都正确,它也不会返回正确的值。我不知道如何解决这个问题!我想检查数据库的用户名和密码。这与网站登录方法相同,但不起作用。我查看了UserCake文档,没有任何内容!

1 个答案:

答案 0 :(得分:0)

你确定这一行

$entered_pass = generateHash($password,$userdetails["password"]);

做你想要的? 您可以使用用户输入的密码和数据库中保存的密码生成哈希值。

在此之后,您将此生成的哈希值与之前用于哈希输入密码的密码进行比较。这将永远是假的(除了你碰撞)

if($entered_pass != $userdetails["password"])

我想你可能意味着

$entered_pass = generateHash($password,$userdetails["hash"]);

或类似的东西,因为你的评论说你使用哈希来生成密码哈希。

我不知道你如何生成哈希方法,所以我无法确定这是否是你的应用程序无法正常工作的原因。您也可以在返回后查看语句,因为我不确定它们是否会被执行

相关问题
最新问题