【发布时间】:2018-09-15 08:17:16
【问题描述】:
我有这个页面 Fundstransfer.php 我在表单中输入数据,然后使用
将数据发送到process.php
<form action="<?php echo WEB_ROOT; ?>view/process.php?action=transfer" method="post" >
然后process.php 收集数据,处理它们并重定向到OTP.php,在那里我输入process.php 生成的代码以完成请求的事务,一切正常。
但我想要的是一种在显示内容之前使用四个不同的密码为OTP.php 页面设置密码的方法。
OTP.php 代码是:
<?php
$errorMessage = (isset($_GET['msg']) && $_GET['msg'] != '') ? $_GET['msg'] : ' ';
$msgMessage = (isset($_GET['success']) && $_GET['success'] != '') ? $_GET['success'] : ' ';
?>
<h2>Transaction Authorization Code</h2>
<p>Funds transfer is a process of transfering funds from your account to other account in same Bank.<br/>Please make sure that you have enough funds available in your account to transfer. Also don't forgot to validate receiver's account number.</p>
<link href="<?php echo WEB_ROOT; ?>library/spry/textfieldvalidation/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<script src="<?php echo WEB_ROOT; ?>library/spry/textfieldvalidation/SpryValidationTextField.js" type="text/javascript"></script>
<span id="errorCls" style="color:#FF0000 !important;"><?php echo $errorMessage; ?></span>
<span style="color:#99FF00 !important;font-size:14px;"><?php echo $msgMessage; ?></span>
<p>The token code has been sent to your email : <span style="color:#0066CC;font-weight:bold;"><?php echo $_SESSION['hlbank_user']['email']; ?></span></p>
<p>You have <span id="defaultCountdown"></span> minutes remaining to insert valid OTP. System will automatically redirect to 'Fund Transfer' page to initiate fund transfer again.</p>
<form action="<?php echo WEB_ROOT; ?>view/process.php?action=token" method="post">
<table width="550" border="0" cellpadding="5" cellspacing="1" class="entryTable">
<tr id="listTableHeader">
<th colspan="2">Transfer Funds</th>
</tr>
<tr>
<td width="260" height="30" class="label"><strong>Transaction Authorization Code</strong></td>
<td height="30" class="content">
<span id="sprytf_token">
<input name="token" id="token" type="text" class="frmInputs" size="15" maxlength="15" />
<br/>
<span class="textfieldRequiredMsg">Transaction Authorization Code is required.</span>
<span class="textfieldInvalidFormatMsg">Transaction Authorization Code must be Integer.</span>
<span class="textfieldMinCharsMsg">Transaction Authorization Code must specify at least 6 characters.</span>
<span class="textfieldMaxCharsMsg">Transaction Authorization Code must specify at max 8 characters.</span>
</span>
</td>
</tr>
<tr>
<td height="30" colspan="2">
<div align="center">
<input name="submitButton" type="submit" class="frmButton" id="submitButton" value="Validate TAC" />
</div></td>
</tr>
</table>
</form>
<script type="text/javascript">
<!--
var sprytf_token = new Spry.Widget.ValidationTextField("sprytf_token", 'integer', {minChars: 6, maxChars: 8, validateOn: ["blur", "change"]});
//-->
</script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.min.js"></script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.plugin.min.js"></script>
<script src="<?php echo WEB_ROOT; ?>library/jquery.countdown.min.js"></script>
<script>
$(document).ready(function () {
function timerdone() {
var webRoot = '<?php echo WEB_ROOT; ?>' + 'view/?v=Transfer';
window.location.href = webRoot;
}
$('#defaultCountdown').countdown({
until: +60,
compact: true,
onExpiry: timerdone,
format: 'MS'
});
})
</script>
<style>
#defaultCountdown {font-family:Verdana;font-size:18px;padding:0 5px ;color:#990000;border:1px solid #993300;background-color:#FFFFCC;}
</style>
我有下面的代码
<?php
session_start();
$error = false;
if (!isset($_SESSION['login'])) {
$stage = (isset($_SESSION['stage'])) ? $_SESSION['stage'] : 0;
$stage_labels = array(
'First',
'Second',
'Third',
'Final'
);
$passwords = array(
'111',
'222',
'333',
'444'
);
if (isset($_POST['password']) && $_POST['password'] == $passwords[$stage]) {
if ($stage == 3) {
// if the final password matches, create a session variable for login
$_SESSION['login'] = 'loggedin';
header('location: ' . $_SERVER['PHP_SELF']);
exit();
} else {
// if password matches the respective stage, increase the value of stage by 1 to move on to next stage
$_SESSION['stage'] = $stage + 1;
header('location: ' . $_SERVER['PHP_SELF']);
exit();
}
} elseif (isset($_POST['password'])) {
$error = true;
// if form submitted with mismatch password, stage will restart from 0 again
print '<p align="center"><font color="red"><b>Incorrect Code entered</b><br>Please enter the correct code or contact Administrator</font></p>';
$_SESSION['stage'] = 0;
}
if (!$error) {
print '<p>Please enter your ' . $stage_labels[$stage] . ' password</p>';
}
print '<form method="post"><p align="center"><h2>Please enter code to intiate transfer</h2><br>';
print '<input name="password" type="password" maxlength="10"><input value="Authenticate" type="submit"></p></form>';
} else {
echo 'You have logged in';
}
?>
但找不到方法将其合并到OTP.php
任何正确方向的帮助或指示将不胜感激。
【问题讨论】:
-
这看起来不安全。为什么不使用数据库以及安全的散列方法,例如
password_hash();有什么特殊原因吗? -
无特殊原因,只是一个小项目,正在学习中。那么有什么想法可以在显示内容之前用四个密码保护页面吗?感谢您的及时回复。
-
@TopKlassdigitalstudios 我会在问题的顶部放一个重要说明,即这是一个用于学习的项目,因为我承认当我看到你是在其他各种安全问题中使用明文密码。
-
@RoryMcCrossan 我实际上是 PHP 的新手,我没有得到密码的安全性,因为它与明文有关,将不胜感激,但现在,我需要一种密码方法页面有四个不同的密码。
-
仍然希望得到救主。
标签: php jquery session passwords