Question

我正在尝试建立一个受密码保护的网站。密码目前只是硬编码，以便我更容易测试。

我遇到的问题是，当我输入实际密码时，cookie似乎没有设置。如果我第二次重新输入密码，那么cookie就会被设置。

我知道问题是我调用代码的顺序，但是我很难确定应该更改什么以使其在第一个正确的密码输入上正常运行。任何帮助将不胜感激。

     case 'Maintenance':

$salt = "test";
$adminpass = "adminpass";
$RealPassword = crypt($adminpass, $salt);

function LoginScreen($SaltCode){
?>

    <html>
<head>
  <title>Please enter password to access this page</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
  <style>
    input { border: 1px solid black; }
  </style>
  <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
  <form method="post">
    <h3>Please enter password to access this page</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
    <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  <br />
  </div>
</body>
</html> 






<?php
global $PasswordEntered;
$PasswordEntered = crypt($_POST['access_password'],$SaltCode);

}









if (!isset($_COOKIE["Cookie"]))
{ 

LoginScreen($salt);

if ($PasswordEntered == $RealPassword)
    {
        setcookie("Cookie", $PasswordEntered, time()+600);
    } 

}



if (isset($_COOKIE["Cookie"]))
{

?>  

<B><fontsize=16>Are you sure you want to Format the data disk?</b></font><br><br>


<form method = "post">

<INPUT TYPE = 'Submit' name = 'FormatSubmit' value = 'Submit'>


<br><br><br>
Please check the box to verify you want to Format the data disk.

<Input type = "Checkbox" Name ="FormatCheck" value ="checked">


</form>

<?php
if (($_POST['FormatSubmit'] == "Submit") & ($_POST['FormatCheck'] == "checked"))
    {
    html_exec_cmd('echo -e "o\nn\np\n1\n\n\nw\n" | fdisk /dev/sda;sleep 1;mkfs.ext3 /dev/sda1;mount /dev/sda1 /data/');
     }

}

     break;

Answer 1

Cookie仅作为请求的一部分发送：

setcookie("Cookie", $PasswordEntered, time()+600);

if (isset($_COOKIE["Cookie"])) {
}

如果它在同一个请求中，则会失败。

但您可以执行以下操作：

setcookie("Cookie", $PasswordEntered, time()+600);
// might be consudered bad practice though to directly edit the superglobal, so be wary of WTF's
$_COOKIE["Cookie"] = $PasswordEntered;

if (isset($_COOKIE["Cookie"])) {
}

BTW，这是什么：global $PasswordEntered; ??

Answer 2

可能还有另一个变量，如：

<?php

global $PasswordEntered;
if (isset($_POST['access_password'])){
    $PasswordEntered = crypt($_POST['access_password'],$SaltCode);
} else {
    $PasswordEntered='';
}
}
$pass=false;
if (!isset($_COOKIE["Cookie"]))
{ 
    LoginScreen($salt);

if ($PasswordEntered == $RealPassword)
{
    setcookie("Cookie", $PasswordEntered, time()+600);
    $pass=true;
} 
}

if (isset($_COOKIE["Cookie"]) || $pass)
{
   .
   .
   .

Answer 3

我最终完全删除了setcookie参数，因为我无法找到解决它的方法。我决定使用$ _SESSION参数来使其工作。另外一个好处是会话是在服务器端控制的，因此安全性会更高。

case 'Login':

      $salt = "test";
      $adminpass = "adminpass";
      $RealPassword = crypt($adminpass, $salt);

      if (isset($_SESSION['loggedin'])){
        echo "You are already logged in.";
      }
      else if ($_POST['access_password']){
        $PasswordEntered = crypt($_POST['access_password'],$salt);
        if ($PasswordEntered == $RealPassword){
            $_SESSION['loggedin']=1;
            LogData('Logged in',$logdir);
            echo "You are now logged in!";
        }
        else{
            echo LoginScreen();
            LogData('Failed login attempt',$logdir);
        }
      }
      else{ 
        echo LoginScreen();
      }
    break;

PHP密码保护表格在工作前需要输入两次密码

3 个答案: