資料庫儲存欄位是md5(密碼),表單接收處理的密碼是md5(密碼+尾碼),這兩個判斷返回的邏輯值是true嗎?為什麼我昨晚試了,返回賬戶密碼不正確,但是ajax傳回值是ok,如果全部亂輸入,則ajax返回的是null。如果密碼不匹配為什麼ajax返回ok?如果匹配為什麼返回密碼不正確?問題出在哪裡?
1.IndexController.class.php:
display(); } public function checkUserName(){ if(!IS_AJAX){ $data=array('errMsg' => '非法訪問方式'); } $userName=I('username','','htmlspecialchars'); $userPass=I('userpass','','htmlspecialchars'); $userInfo=D("Stuser")->getUserInfo($userName); if($userInfo['userpass']!=handleMd5Pass($userPass)){ //echo $userInfo['userpass']."
"; //echo handleMd5Pass($userPass); echo "使用者名稱或密碼不正確"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg); session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data); }}
2.StuserModel.class.php
DB=M("Stuser"); } //資料庫中檢索使用者資料,find()檢索一條->Index public function getUserInfo($userName){ //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find(); $userInfo=$this->DB->where('username="'.$userName.'"')->find(); echo $this->DB->getLastSql(); return $userInfo; } }?>
3.Login.js
$('.search_sub').click(function(event){ event.preventDefault(); var userName=$("#username").val(); var userPass=$("#userpass").val(); if(userPass=="" || userName==""){ alert("登陸名稱與密碼不可為空"); $("#username").focus(); return false; }else{ var url="/stfjzd-13/index.php/Home/Index/checkUserName"; //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}"; $.post(url,{username:userName,userpass:userPass},function(msg){ if(msg.errMsg=="ok"){ window.location.href=msg.callback; }else{ alert(msg.errMsg); } },"JSON") }})
回複內容:
資料庫儲存欄位是md5(密碼),表單接收處理的密碼是md5(密碼+尾碼),這兩個判斷返回的邏輯值是true嗎?為什麼我昨晚試了,返回賬戶密碼不正確,但是ajax傳回值是ok,如果全部亂輸入,則ajax返回的是null。如果密碼不匹配為什麼ajax返回ok?如果匹配為什麼返回密碼不正確?問題出在哪裡?
1.IndexController.class.php:
display(); } public function checkUserName(){ if(!IS_AJAX){ $data=array('errMsg' => '非法訪問方式'); } $userName=I('username','','htmlspecialchars'); $userPass=I('userpass','','htmlspecialchars'); $userInfo=D("Stuser")->getUserInfo($userName); if($userInfo['userpass']!=handleMd5Pass($userPass)){ //echo $userInfo['userpass']."
"; //echo handleMd5Pass($userPass); echo "使用者名稱或密碼不正確"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg); session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data); }}
2.StuserModel.class.php
DB=M("Stuser"); } //資料庫中檢索使用者資料,find()檢索一條->Index public function getUserInfo($userName){ //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find(); $userInfo=$this->DB->where('username="'.$userName.'"')->find(); echo $this->DB->getLastSql(); return $userInfo; } }?>
3.Login.js
$('.search_sub').click(function(event){ event.preventDefault(); var userName=$("#username").val(); var userPass=$("#userpass").val(); if(userPass=="" || userName==""){ alert("登陸名稱與密碼不可為空"); $("#username").focus(); return false; }else{ var url="/stfjzd-13/index.php/Home/Index/checkUserName"; //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}"; $.post(url,{username:userName,userpass:userPass},function(msg){ if(msg.errMsg=="ok"){ window.location.href=msg.callback; }else{ alert(msg.errMsg); } },"JSON") }})
if($userInfo['userpass']!=handleMd5Pass($userPass)){ //此處只echo了錯誤,但是沒有返回到前端。 echo "使用者名稱或密碼不正確"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //你的代碼運行到這裡,使用者名稱對,所以查出了userInfo,所以返回了ok。正確應該在密碼驗證錯誤的時候就返回給前端,不再往後運行 session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data);
在注釋中
echo "使用者名稱或密碼不正確";
這裡 return