Php 检查会话信息以防止cookies设置混乱
我一直在尝试使用一些代码,但为了达到我的目的,我会更多地使用它。isset的原始代码如下所示,但它太令人困惑了Php 检查会话信息以防止cookies设置混乱,php,session,cookies,login,Php,Session,Cookies,Login,我一直在尝试使用一些代码,但为了达到我的目的,我会更多地使用它。isset的原始代码如下所示,但它太令人困惑了 // Check if we're already logged in, and check session information against cookies // credentials to protect against session hijacking if (isset ($_COOKIE['project-name']['userID']) &&
// Check if we're already logged in, and check session information against cookies
// credentials to protect against session hijacking
if (isset ($_COOKIE['project-name']['userID']) &&
crypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'],
$_COOKIE['project-name']['secondDigest']) ==
$_COOKIE['project-name']['secondDigest'] &&
(!isset ($_COOKIE['project-name']['username']) ||
(isset ($_COOKIE['project-name']['username']) &&
Users::checkCredentials($_COOKIE['project-name']['username'],
$_COOKIE['project-name']['digest']))))
我当前的代码:
function encrypt($input)
{
$hash = password_hash($input, PASSWORD_DEFAULT);
return $hash;
}
function checkUserCreds($username, $password)
{
//do code at some point
return $username;
return $password;
}
function checkLoggedIn($page)
{
session_start();
//Check if already logged in and check session information against cookies
if (isset($_COOKIE['sukd']['id']) && encrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2'] && (!isset ($_COOKIE['sukd']['login']) || (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash']))))
{
//Some code here.. eventually
}
}
虽然我已经修复了语法错误,但我真的被我试图复制的东西弄糊涂了
function encrypt($input)
{
$hash = password_hash($input, PASSWORD_DEFAULT);
return $hash;
}
使用强单向散列算法创建新密码散列。
调用encrypt($input)将返回哈希密码
function checkUserCreds($username, $password)
{
//do code at some point
return $username;
return $password;
}
调用checkUserCreds($username,$password)只会返回您提交的内容
除非你有一些代码
//在某一点上编写代码 函数checkLoggedIn($page) { 会话_start() }
我试图分解checkLoggedIn函数
编辑
此外,您正在比较
$_COOKIE['sukd']['hashv2']
(如果)等于encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2'])
那已经
$_COOKIE['sukd']['hashv2']
我相信这将是错误的
另外,注意数字3
如果
$_COOKIE['sukd']['login'] is not set
或
另外,请确保在调用checkLoggedIn()之前设置了cookie
希望这有帮助我不明白你的问题是什么。。你有任何错误吗?我已经修复了语法错误,但我老实说,没有得到我试图复制的代码。嗨,非常感谢,但我真正想确保的是原始代码是正确的,与我在下面的代码中所写的相同。上述代码为“原始”代码。仍然+1的努力
$_COOKIE['sukd']['hashv2']
$_COOKIE['sukd']['login'] is not set
$_COOKIE['sukd']['login'] is set and $_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash']
will just return the param(not empty)