登入密碼比對疑問

來源:互聯網
上載者:User
資料庫儲存欄位是md5(密碼),表單接收處理的密碼是md5(密碼+尾碼),這兩個判斷返回的邏輯值是true嗎?為什麼我昨晚試了,返回賬戶密碼不正確,但是ajax傳回值是ok,如果全部亂輸入,則ajax返回的是null。如果密碼不匹配為什麼ajax返回ok?如果匹配為什麼返回密碼不正確?問題出在哪裡?
1.IndexController.class.php:

display();  }  public function checkUserName(){    if(!IS_AJAX){      $data=array('errMsg' => '非法訪問方式');    }    $userName=I('username','','htmlspecialchars');    $userPass=I('userpass','','htmlspecialchars');    $userInfo=D("Stuser")->getUserInfo($userName);    if($userInfo['userpass']!=handleMd5Pass($userPass)){      //echo $userInfo['userpass']."
"; //echo handleMd5Pass($userPass); echo "使用者名稱或密碼不正確"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg); session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data); }}

2.StuserModel.class.php

DB=M("Stuser");    }    //資料庫中檢索使用者資料,find()檢索一條->Index    public function getUserInfo($userName){      //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();      $userInfo=$this->DB->where('username="'.$userName.'"')->find();      echo $this->DB->getLastSql();      return $userInfo;    }  }?>

3.Login.js

$('.search_sub').click(function(event){  event.preventDefault();  var userName=$("#username").val();  var userPass=$("#userpass").val();  if(userPass=="" || userName==""){    alert("登陸名稱與密碼不可為空");    $("#username").focus();    return false;  }else{    var url="/stfjzd-13/index.php/Home/Index/checkUserName";    //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";    $.post(url,{username:userName,userpass:userPass},function(msg){      if(msg.errMsg=="ok"){        window.location.href=msg.callback;      }else{        alert(msg.errMsg);      }    },"JSON")  }})

回複內容:

資料庫儲存欄位是md5(密碼),表單接收處理的密碼是md5(密碼+尾碼),這兩個判斷返回的邏輯值是true嗎?為什麼我昨晚試了,返回賬戶密碼不正確,但是ajax傳回值是ok,如果全部亂輸入,則ajax返回的是null。如果密碼不匹配為什麼ajax返回ok?如果匹配為什麼返回密碼不正確?問題出在哪裡?
1.IndexController.class.php:

display();  }  public function checkUserName(){    if(!IS_AJAX){      $data=array('errMsg' => '非法訪問方式');    }    $userName=I('username','','htmlspecialchars');    $userPass=I('userpass','','htmlspecialchars');    $userInfo=D("Stuser")->getUserInfo($userName);    if($userInfo['userpass']!=handleMd5Pass($userPass)){      //echo $userInfo['userpass']."
"; //echo handleMd5Pass($userPass); echo "使用者名稱或密碼不正確"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg); session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data); }}

2.StuserModel.class.php

DB=M("Stuser");    }    //資料庫中檢索使用者資料,find()檢索一條->Index    public function getUserInfo($userName){      //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find();      $userInfo=$this->DB->where('username="'.$userName.'"')->find();      echo $this->DB->getLastSql();      return $userInfo;    }  }?>

3.Login.js

$('.search_sub').click(function(event){  event.preventDefault();  var userName=$("#username").val();  var userPass=$("#userpass").val();  if(userPass=="" || userName==""){    alert("登陸名稱與密碼不可為空");    $("#username").focus();    return false;  }else{    var url="/stfjzd-13/index.php/Home/Index/checkUserName";    //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}";    $.post(url,{username:userName,userpass:userPass},function(msg){      if(msg.errMsg=="ok"){        window.location.href=msg.callback;      }else{        alert(msg.errMsg);      }    },"JSON")  }})

    if($userInfo['userpass']!=handleMd5Pass($userPass)){        //此處只echo了錯誤,但是沒有返回到前端。      echo "使用者名稱或密碼不正確";      //var_dump(handleMd5Pass($userPass));    }    if($userInfo){        //你的代碼運行到這裡,使用者名稱對,所以查出了userInfo,所以返回了ok。正確應該在密碼驗證錯誤的時候就返回給前端,不再往後運行      session('userId',$userInfo['id']);      $data=array(        'info' => 'ok',        'callback' => U('/stfjzd-13/index.php/Home/Index/index')      );    }    $this->ajaxReturn($data);

在注釋中

echo "使用者名稱或密碼不正確";

這裡 return

  • 聯繫我們

    該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

    如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.