使用cakePHP,我很想对这个小源代码有所了解,我不确定它是否安全。 sha1()将被另一个哈希脚本删除。我发现它可以优化但是如何?
三江源
类UsersController扩展Controller {
function account($Req){
if(isset($Req->post->login)){
$login = addslashes($Req->post->login);
$password = sha1(addslashes($Req->post->password));
$pass_confirm = sha1(addslashes($Req->post->pass_confirm));
$email = addslashes($Req->post->email);
$signature = addslashes($Req->post->signature);
if(empty($login) || empty($email)){
$this->Session->setFlash("You hav to complete each fiedls", "error");
$this->Request->redirect(SITE . "users/account");
}
elseif($pass_confirm != $password) {
$this->Session->setFlash("You gave two differents password", "error");
$Req->redirect(SITE . "users/account");
}
$this->loadModel("Users");
$dispoLogin = $this->Users->findCount(array(
"login" => $login
));
if($dispoLogin === 0){
$this->Session->setFlash("The login is already use by someone else", "error");
$this->Request->redirect(SITE . "users/account");
}
$dispoEmail = $this->Users->findCount(array(
"email" => $email
));
if($dispoEmail === 0){
$this->Session->setFlash("Email adress already use by someone else", "error");
$this->Request->redirect(SITE . "users/account");
}
if(empty($password)){
$q = $this->Users->findFirst(array(
"fields" => "password",
"conditions" => array(
"id" => $this->User->id
)
));
$password = sha1($q->password);
}
$this->Users->save(array(
"id" => $this->User->id,
"login" => $login,
"password" => $password,
"email" => $email,
"signature" => $signature
));
$this->user->setData(array(
"login" => $login,
"password" => $password,
"email" => $email,
"signature" => $signature
));
$this->Session->setFlash("Your profile page is updated");
$this->Request->redirect(SITE);
}
}
答案 0 :(得分:4)
请阅读CakePHP Documentation,最好从一开始就阅读,因为你在这里遇到了很多错误。
addslashes()一切,(或任何事情)这个动作基本上应该是大约6行。 TL; DR:阅读CakePHP身份验证文档,然后重新开始。