PHP uses AJAX to send passwords in the past, the receiver found that the password is clipped
This post was last edited by Kevinjhoo on 2015-01-04 10:53:52
I didn't use PHP much. Special to this forum to ask.
Now the problem is that the user entered the user name and password, login, if the password simple point, can be passed. But if the password is ab@;&1 this, then found that the server gets the password value is clipped, into ab@; But immediately after the code, the following part is also so operation, incredibly can, really did not find two differences, seeking doubts.
Client part of PHP
function Getfirstu8accid ()
{
var susername = document.getElementById ("user_name"). Value.tolowercase ();
var spassword = document.getElementById ("password"). Value;
sUserName = Escape (sUserName);
if (susername== "")
{
Return ("");
}
var surl = '/server/a.php?t= ' +escape (Date ()) + ' &a= ' +susername+ ' &b= ' +spassword;
var xml = Createxmlhttp ();
Xml.open ("GET", Surl,false);
Xml.send ();
var sloginuser = Xml.responsetext;
Processing.......
}
The exact invocation is shown in the following code
The call to Getfirstu8accid () failed here, and the specific error is that PHP on the server does not have the full password content.
Accid = Getfirstu8accid ();
Try{var guid = obj. Getclientguid ();} catch (E) {return "error:failed to call Getclientguid,error message:" + e.message;}
var surl = '/server/b.php?t= ' +escape (Date ()) + ' &a= ' +user+ ' &b= ' +password+ ' &c= ' +sdomain;
var xml = Createxmlhttp ();
Xml.open ("GET", Surl,false);
Xml.send (NULL);
This will return normally, because the code in the b.php can get the contents of the password normally
return xml.responsetext; [/color]
a.php b.php in the code is probably the following, in fact, basically the same, just a number of parameters in B, more than an analytic.
[code=php]
$langs =$_cookie[' LANGUAGES '];
$langs =empty ($langs)? ' CN ': $langs;
$language =include "lang-$langs. php";
Require ("cmxconsts.php");
Require ("cmxcommon.php");
try {
$sUserName = $_get["a"];
$sUserName = Str_replace ("| Yj| "," & ", $sUserName);
$sUserName = Str_replace ("| Yjj| "," # ", $sUserName);
The password obtained below is clipped.
$sPassword = $_get["B"];
//...................
?>
Give me the feeling, is the first time after the failure, then do the second time, just with more parameters, on the success. Although the server, a, B, two PHP files, but actually no difference.
------to solve the idea----------------------
JS don't have encodeURI, encodeURIComponent method?