Fatal编程技术网
  • php/
  • Php 检查会话信息以防止cookies设置混乱

Php 检查会话信息以防止cookies设置混乱

php session cookies login

Php 检查会话信息以防止cookies设置混乱,php,session,cookies,login,Php,Session,Cookies,Login,我一直在尝试使用一些代码,但为了达到我的目的,我会更多地使用它。isset的原始代码如下所示,但它太令人困惑了 // Check if we're already logged in, and check session information against cookies // credentials to protect against session hijacking if (isset ($_COOKIE['project-name']['userID']) &&

我一直在尝试使用一些代码,但为了达到我的目的,我会更多地使用它。isset的原始代码如下所示,但它太令人困惑了

// Check if we're already logged in, and check session information against cookies
// credentials to protect against session hijacking
if (isset ($_COOKIE['project-name']['userID']) &&
   crypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'],
         $_COOKIE['project-name']['secondDigest']) ==
   $_COOKIE['project-name']['secondDigest'] &&
   (!isset ($_COOKIE['project-name']['username']) ||
    (isset ($_COOKIE['project-name']['username']) &&
     Users::checkCredentials($_COOKIE['project-name']['username'],
                             $_COOKIE['project-name']['digest']))))
我当前的代码:

function encrypt($input)
{
    $hash = password_hash($input, PASSWORD_DEFAULT);
    return $hash;
}

function checkUserCreds($username, $password)
{
    //do code at some point
    return $username;
    return $password;
}

function checkLoggedIn($page)
{
    session_start();

    //Check if already logged in and check session information against cookies
    if (isset($_COOKIE['sukd']['id']) && encrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2'] && (!isset ($_COOKIE['sukd']['login']) || (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash']))))
     {
      //Some code here.. eventually
     }  
 }
虽然我已经修复了语法错误,但我真的被我试图复制的东西弄糊涂了

function encrypt($input)
{
$hash = password_hash($input, PASSWORD_DEFAULT);
return $hash;
}

使用强单向散列算法创建新密码散列。
调用encrypt($input)将返回哈希密码

function checkUserCreds($username, $password)
{
//do code at some point
return $username;
return $password;
}

调用checkUserCreds($username,$password)只会返回您提交的内容
除非你有一些代码
//在某一点上编写代码

函数checkLoggedIn($page) { 会话_start()

}

我试图分解checkLoggedIn函数


编辑
此外,您正在比较

$_COOKIE['sukd']['hashv2']
(如果)等于

encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2'])
那已经

$_COOKIE['sukd']['hashv2']
我相信这将是错误的

另外,注意数字3
如果

$_COOKIE['sukd']['login'] is not set


另外,请确保在调用checkLoggedIn()之前设置了cookie
希望这有帮助

我不明白你的问题是什么。。你有任何错误吗?我已经修复了语法错误,但我老实说,没有得到我试图复制的代码。嗨,非常感谢,但我真正想确保的是原始代码是正确的,与我在下面的代码中所写的相同。上述代码为“原始”代码。仍然+1的努力 
$_COOKIE['sukd']['hashv2']

$_COOKIE['sukd']['login'] is not set

$_COOKIE['sukd']['login'] is set and $_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash'] 
will  just return the param(not empty)