每当给定正确的用户名时,将显示密码,但问题是如果密码是在解密格式,然后当我显示密码加密密码显示…意思是如果密码为"pass",加密格式为"1a1dc91c907325c69271ddf0c944bc72",那么第二次将加密格式粘贴到密码框中,然后密码出错,我该如何解决?意味着如何解密密码在javascript..
//Index.php页面从这里开始
<form name="login" method="post" action="upload_file_enter.php">
Username: <input type="text" id="name"name="username" onBlur="check()"><br>
<?php if(!$_COOKIE['password']){?>
Password: <input type="password" name="password"><br>
<?php };?>
<?php if(isset($_COOKIE['password'])){?>
Password: <input type="password" id="pass" name="password" value=""><br>
<?php };?>
Remember Me: <input type="checkbox" name="rememberme" value="1"><br>
<input type="submit" name="submit" value="Login!">
</form>
<script type="text/javascript">
//这个函数检查用户名是否正确
function check()
{
var username=getCookie("username"); alert(username);
var name=document.getElementById("name").value;alert(name);
if(username==name)
{
document.getElementById("pass").value=getCookie("password"); //here pasting the
// enter code here`password in the password field if the username is correct
}
}
//从document.cookie中获取cookie值
function getCookie(c_name)
{
var c_value = document.cookie;
var c_start = c_value.indexOf(" " + c_name + "=");
if (c_start == -1)
{
c_start = c_value.indexOf(c_name + "=");
}
if (c_start == -1)
{
c_value = null;
}
else
{
c_start = c_value.indexOf("=", c_start) + 1;
var c_end = c_value.indexOf(";", c_start);
if (c_end == -1)
{
c_end = c_value.length;
}
c_value = unescape(c_value.substring(c_start,c_end));
}
return c_value;
}
</script>
//Index.php页面结束于此
//upload_file_enter.php//设置cookie使用$_POST和here
从index.php获取值<?php
/* These are our valid username and passwords */
$user = 'king1';
$pass = 'pass';
if(isset($_POST['username']) && isset($_POST['password'])) {
if (($_POST['username'] == $user) && ($_POST['password'] == $pass)) {
if (isset($_POST['rememberme'])) {//echo"asda";exit;
/* Set cookie to last 1 year */
setcookie('username', $_POST['username'], time()+60*60*24*365, '/');
setcookie('password', md5($_POST['password'])/*here encoded*/, time()+60*60*24*365, '/');
} else {
/* Cookie expires when browser closes */
setcookie('username', $_POST['username'], false, '/');
setcookie('password', md5($_POST['password'])/*here encoded*/, false, '/');
}
echo $p='showing some another page here';
} else {
echo 'Username/Password Invalid';
}
} else {
echo 'You must supply a username and password.';
}
?>
如果您坚持使用MD5…
MD5应该是un-decryptable,所以通过JS检查的唯一方法是加密输入并根据cookie检查它,但是你需要找到一个为JS剪切的MD5。
试试这个http://phpjs.org/functions/md5/
我不会粘贴它,因为它太长了;)
。
function md5(string){
//make string to md5
}
function check(){
var username=getCookie("username"); alert(username);
var name=document.getElementById("name").value; alert(name);
if(username==md5(name))
{
document.getElementById("pass").value=getCookie("password");
}
}
然而我建议使用一种更安全的算法来存储具有密钥/盐的密码
我不知道如何解密密码,但有一个选项,我们可以将密码与登录密码进行比较,所以不需要使用以下代码解密密码
Router.post('/signin', async (req, res) => {
const { email, password } = req.body
const userLogin = await Info.findOne({ email: email })
const isMatching = await bycrpt.compare(password, userLogin.password)
if (!userLogin.email || !isMatching) {
res.json({ ok: "USER NOT SIGNED" })
console.log("Invalid Credential !!")
} else {
res.json({ ok: "USER SIGNED" })
console.log("wellcome user signed")
}