我一直在尝试使用一些代码,但是为了我的目的使用它更多一些。对于isset,原始代码如下所示,但令人困惑。
// Check if we're already logged in, and check session information against cookies
// credentials to protect against session hijacking
if (isset ($_COOKIE['project-name']['userID']) &&
crypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'],
$_COOKIE['project-name']['secondDigest']) ==
$_COOKIE['project-name']['secondDigest'] &&
(!isset ($_COOKIE['project-name']['username']) ||
(isset ($_COOKIE['project-name']['username']) &&
Users::checkCredentials($_COOKIE['project-name']['username'],
$_COOKIE['project-name']['digest']))))
我目前的代码:
function encrypt($input)
{
$hash = password_hash($input, PASSWORD_DEFAULT);
return $hash;
}
function checkUserCreds($username, $password)
{
//do code at some point
return $username;
return $password;
}
function checkLoggedIn($page)
{
session_start();
//Check if already logged in and check session information against cookies
if (isset($_COOKIE['sukd']['id']) && encrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2'] && (!isset ($_COOKIE['sukd']['login']) || (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash']))))
{
//Some code here.. eventually
}
}
虽然我修复了语法错误,但我真的对我试图复制的内容感到困惑。
答案 0 :(得分:1)
function encrypt($input)
{
$hash = password_hash($input, PASSWORD_DEFAULT);
return $hash;
}
password_hash()使用强大的单向散列算法创建新的密码哈希。
调用encrypt($ input)将返回哈希密码
function checkUserCreds($username, $password)
{
//do code at some point
return $username;
return $password;
}
调用checkUserCreds($ username,$ password)将返回您提交的内容
除非你有一些代码
//在某些时候做代码
function checkLoggedIn($ page) { 在session_start();
//Check if already logged in and check session information against cookies
if (isset($_COOKIE['sukd']['id']) && encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2'] && (!isset ($_COOKIE['sukd']['login']) || (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash'])))
{
//Some code here.. eventually
}
}
我试图打破checkLoggedIn函数
(1) if (isset($_COOKIE['sukd']['id'])
(2) && encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2']
(3) && (!isset ($_COOKIE['sukd']['login'])
|| (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash'])))
{
//Some code here.. eventually
}
$_SERVER['REMOTE_ADDR'] = visitors IP
$_SERVER['HTTP_USER_AGENT'] = visitors browser
$_COOKIE['sukd']['hashv2'] = your defined cookie( i GUESS to your password )
$_COOKIE['sukd']['login'] = user defined cookie( i GUESS to check if login )
(1). you check if $_COOKIE['sukd']['id'] isset and
(2). create a password hash by calling encrypt function and compare it to the cookie $_COOKIE['sukd']['hashv2']
encrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2']
encrypt is a user defined function where you pass the combination of $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2'] to retrieve password hash
(3). you check if $_COOKIE['sukd']['login'] exist or
cookie is set and calls the function that returns
$_COOKIE['sukd']['login'](username), $_COOKIE['sukd']['hash'](password)
if any of the 3 fails, it will not proceed
编辑
另外,你正在比较中
$_COOKIE['sukd']['hashv2']
(if)等于
encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2'])
有
$_COOKIE['sukd']['hashv2']
我认为这将是假的
另外,请注意3号
如果
$_COOKIE['sukd']['login'] is not set
或
$_COOKIE['sukd']['login'] is set and $_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash']
will just return the param(not empty)
另外,请确保在调用checkLoggedIn()之前设置cookie
希望这有帮助