【发布时间】:2019-02-04 04:25:50
【问题描述】:
所以我有一个 Web 服务器,它会根据用户值发送 HTML。 我有一个小处理程序,可以读取现有文件(包含密码)并允许用户输入。我不工作,但有一定的可能性。即有时它会起作用,有时它不会。
一个每次都能工作的片段:
app.all('/acceptForm',function(req,res){
if (req.method === 'POST') {
let body = '';
var match = 0;
req.on('data', chunk => {
body += chunk.toString();
});
req.on('end', () => {
//get the uid to compare later on in the program
uid = parse(body).uid_text;
//read the UID file.
var lineReader = require('readline').createInterface({
input: require('fs').createReadStream(__dirname+'/uid.txt')
...
// write the other information to a file which would be later on re -opened again to read the things again
which have the file name of the 'uid'
firstname = parse(body).first_name;
lastname = parse(body).last_name;
mothername = parse(body).mother_name;
fathername = parse(body).father_name;
email = parse(body).email;
profession = parse(body).profession_text;
gender = parse(body).gender;
language = parse(body).lang_0;
married = parse(body).married;
birthday = parse(body).dateofbirth;
//write the UID and other things to the text file
console.log(language);
var fileContent = uid +'|' + firstname +'|'+ lastname +'|' + mothername +'|' + fathername +'|' + email+'|' + profession+'|' + gender+'|' + married+'|' +birthday + '|';
var filepath = __dirname+"/users/"+uid + ".txt";
fs.writeFile(filepath, fileContent, (err)
...
lineReader.on('line', function (line) {
if(line == uid) {
// if the uid is found...
res.cookie('name',uid, {signed: true}); //write the uid as a cookie back
res.sendFile(__dirname+'/CE/ENG/Kids.html');
} else{
//some failure message
}
});
});
}
}
问题是,一旦用户发送此文件,它就会更改为另一个文件,并且服务器与客户端失去了联系。为了抵消我添加了带有 cookie 的相同系统。现在还有安全风险还有更多风险。
处理来自kids.html 的响应,该响应存储在另一个文件中...... (成功的概率很低)。
app.all('/return',function(req,res){
if (req.method === 'POST') {
//read the UID file.
var lineReader = require('readline').createInterface({
input: require('fs').createReadStream(__dirname+'/uid.txt')
});
//Handling the information from the client.
lineReader.on('line', function (line) {
if(line == req.signedCookies['name']) {
//uid matches with the database
fs.readdir( __dirname+"/users/", (err, files) => {
files.forEach(file => {
if(file == req.signedCookies['name'] + ".txt"){
let questiondata = '';
req.on('data', chunk => {
questiondata += chunk.toString();
});
req.on('end', () => {
var cleaneddata = questiondata.split('%2C'); //%2C is a spliting term {array}
cleaneddata.splice(0,1);
//add the question data to another file
fs.appendFile( __dirname+"/users/" + req.signedCookies['name'] + ".txt",cleaneddata.toString() + "\r\n", function (err) { //writes inside the temp file for the questions
if (err) throw err;
fs.createReadStream( __dirname+"/users/" + req.signedCookies['name'] + ".txt").pipe(fs.createWriteStream( __dirname+'/users.txt', {flags: 'a'}));
fs.unlink( __dirname+"/users/"+ req.signedCookies['name'] + ".txt",function(err){
if(err) return console.log(err);
res.clearCookie("name");
});
});
});
}
});
})
}
【问题讨论】:
-
您的代码非常混乱,我还没有看到我会说的一行,这是最佳实践。也许你会去阅读一些教程,比如:如何进行正确的身份验证、中间件、cookie 等等。
-
可能是这样。感谢您的回复:D