最受欢迎

PHP MySql用户帐户绕过cookie

PHP MySql user account bypassing cookies

本文关键字:cookie MySql 用户 PHP | 更新日期: 2024-01-22

好吧,我已经修改了一段时间,除了用户帐户页面,我的问题是;有人能认出我在这里打错的字吗?或者帮我一点忙?

网站似乎绕过了这一部分,直接转到了其他部分(如下所示):

<?
                if(isset($_COOKIE['ID_my_site'])){
                    $email = $_COOKIE['ID_my_site']; 
                    $pass = $_COOKIE['Key_my_site'];
                    $con = mysqli_connect(DATABASE STUFF) or die(mysqli_error());
                    $check = mysqli_query($con,"SELECT email, pass2 FROM userAccount WHERE email=$email")or die(mysqli_error()); 
                    while($info = mysqli_fetch_array($check)){ 
                        if ($pass != $info['pass2']){
                            echo "Wrong Password or Email!, Please <a href='login.php'>Login here</a> to see your account or <a href='register.php'>Register here</a>.";
                        }else{
                            $con=mysqli_connect(DATABASE STUFF);
                            $sqlCommand = "(SELECT * FROM userAccount WHERE email=$email)";
                            $query = mysqli_query($con,$sqlCommand) or die("Error: ".mysqli_error($con));
                            $column = mysqli_fetch_array($query);
                            echo "<section class='userName'><h3>".$column['firstName']." ".$column['surname']."</h3></section>";
                            echo "<section class='address'>".$column['addressLine1']."<br />".$column['addressLine2']."<br />".$column['county']."<br />".$column['country']."<br />".$column['postCode']."</section>";
                            echo "<section class='email'><h3>".$column['email']."</h3></section>";
                            echo "<section class='passwordUpdate'><a href='update.php?user_id=".$column['user_id']."'>Change Password</a></section>";
                        } 
                    }

无论发生什么,它都会直接进入的"其他":

                }else{
                    echo "You cannot see this page, Please <a href='login.php'>Login here</a> to see your account or <a href='register.php'>Register here</a>.";
                }

以下是登录过程,以防有人问:

<?
$con = mysqli_connect(DATABASE STUFF) or die(mysqli_error($con)); 
if(isset($_COOKIE['ID_my_site'])){ 
$email = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysqli_query($con,"SELECT email, pass2 FROM userAccount WHERE email='".$_POST['email']."'")or die(mysqli_error($con));
while($info = mysqli_fetch_array($check)){
    if ($pass != $info['pass2']){
    }else{
        header("Location: http://www.littlepenguindesigns.co.uk/pages/CMX/pages/userAccount.php");
    }
}
}
if (isset($_POST['submit'])) {
if(!$_POST['email'] | !$_POST['pass']) {
    die('You did not fill in a required field.');
}
if (!get_magic_quotes_gpc()) {
    $_POST['email'] = addslashes($_POST['email']);
}
if(IsInjected($email)){
    die('Bad email value!');
}
$check = mysqli_query($con,"SELECT * FROM userAccount WHERE email='".$_POST['email']."'")or die(mysqli_error($con));
$check2 = mysqli_num_rows($check);
if ($check2 == 0) {
    die('That user does not exist in our database. <a href="http://www.littlepenguindesigns.co.uk/pages/CMX/pages/registration.php">Register</a>');
}
while($info = mysqli_fetch_array($check)){
    $_POST['pass'] = stripslashes($_POST['pass']);
    $info['pass2'] = stripslashes($info['pass2']);
    $_POST['pass'] = md5($_POST['pass']);
    if($_POST['pass'] != $info['pass2']) {
        die('Incorrect password, please <a href="http://www.littlepenguindesigns.co.uk/pages/CMX/pages/login.php">try again</a>.');
    }else{
        $_POST['email'] = stripslashes($_POST['email']);
        $hour = time() + 3600;
        setcookie(ID_my_site, $_POST['email'], $hour); 
        setcookie(Key_my_site, $_POST['pass'], $hour);   
        header("Location: http://www.littlepenguindesigns.co.uk/pages/CMX/pages/userAccount.php"); 
    }
}
}else{
header("Location: http://www.littlepenguindesigns.co.uk/pages/CMX/pages/login.php");
} 
function IsInjected($str){
$injections = array('('n+)',
              '('r+)',
              '('t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)');
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)){
    return true;
}else{
    return false;
}
}

以及PHP文件中的登录表单:

            <form action="extras/loginProcess.php" method="post" name="login_form">
                Email: <input type="text" name="email" /><br />
                Password: <input type="password" name="pass" id="pass" /><br />
                <input type="submit" name="submit" value="Sign in" />
            </form>

最后是MyPHPAdmin:中的TABLE

CREATE TABLE `userAccount` (
    `user_id` int(11) NOT NULL AUTO_INCREMENT,
    `firstName` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
    `surname` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
    `addressLine1` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
    `addressLine2` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
    `county` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
    `country` varchar(20) COLLATE utf8_unicode_ci DEFAULT NULL,
    `postCode` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
    `email` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
    `email2` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
    `pass` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
    `pass2` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
    PRIMARY KEY (`user_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=5 ;

数据库是正确的,我已经尽了最大的努力来实现这一点,一直回到默认代码,我知道它主要是为了安全。

我已经尝试过将pass2更改为pass(甚至将数据库中的pass更改为password并在需要的地方进行配置,但情况也是如此)。

如果有人能帮我,那就太好了,谢谢。

好吧,学习写一些自己的东西总是很好的。。但是你为什么不使用一些现有的平台来实现这一点,比如wordpress、drupal等,它们都有内置的登录系统?

您的代码极易受到攻击。我可以在我的cookie中写入任何SQL,您可以将该变量添加到SQL查询中($email变量)。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习