【发布时间】:2022-01-29 00:56:58
【问题描述】:
我有一个小型应用程序,现在是时候在一切之上添加一个登录游戏了。刚刚在现实世界中启动并运行 (:P)
这是我在登录页面上的代码(login.php):
<!DOCTYPE html>
<html>
<head>
<title>
Login
</title>
<meta charset="UTF-8">
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<?php include_once("analyticstracking.php") ?>
<form action="login.php" method="POST">
<?php
if (isset($_POST['user']) && isset($_POST['password']))
{
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
{
$secret = '';
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
if($responseData->success)
{
$user = $_POST['user'];
$password = $_POST['password'];
$salt = "d5f332312e3e390c81f6ef9f242c21bf9e472d6296ddd4bebddd0f54eb576f14";
$hpassword = hash('sha256', $salt . $password);
$_COOKIE['user'] = $user;
$_COOKIE['pass'] = $hpassword;
$auth = 1;
$_COOKIE['authorized'] = $auth;
setrawcookie("user", $user, time() + 28800, "/",'domaindig.eu');
setrawcookie("hpass", $hpassword, time() + 28800, "/",'domaindig.eu');
setrawcookie("authorized", $auth, time() + 28800, "/",'domaindig.eu');
print_r($_COOKIE);
header( 'Location: check.php');
}
}
}
?>
username: <input name="user" type="user"><br>
password: <input name="password" type="password"><br>
<div class="g-recaptcha" data-sitekey=""></div>
<input type="submit" value="Submit" /><br><br>
</form>
</body>
</html>
如您所见,我使用 google recaptcha 是为了防止暴力登录。到那时(当我插入 repcatcha 时),我的 $_SESSION 变量都不再起作用了。所以,我决定使用 cookie(新体验,因为总是使用会话)。
到目前为止,一切都很好。
当我完成这个 php 页面的编码后,我继续完成 php 文件 check.php。在这个文件中,我检查凭据,如果所有内容都检查完毕,我会重定向到主页和菜单(没有任何图表,是的,只有纯 php)。
我的问题是:
在第二个文件中,我看不到任何 cookie。我使用 print_r($_COOKIE);我只看到来自recaptcha 的cookies。在登录页面上,我看到了我正在尝试设置的 3 个 cookie,但在其他文件上,我似乎无法读取它们。我检查了多个浏览器和多台计算机,但运气相同。我已经验证,浏览器可以接受 cookie,但似乎我犯了一个错误。
如果我的描述有问题,请告诉我,我会澄清。
这是我的 check.php 代码(使用 cookie 检查凭据):
<!DOCTYPE html>
<html>
<head>
<title>
check
</title>
<meta charset="UTF-8">
</head>
<body>
<?php include_once("analyticstracking.php") ?>
<form action="check.php" method="POST">
<?php
if ($_COOKIE['authorized'] == 1)
{
if (isset($_COOKIE['user']) || isset($_COOKIE['hpass']))
{
require('ConnectToDB.php');
$username = $_COOKIE['user'];
$password = $_COOKIE['hpass'];
$result="SELECT `password` FROM `users` WHERE username = '$username'";
$tbl=mysqli_query ($conn, $result);
$table = $tbl->fetch_assoc();
$pass = $table['password'];
if ($pass)
{
if ($password == $pass)
{
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");
$result = "INSERT INTO `logins` ( `username`, `date`, `ip`) VALUES ('$username', '$date', '$ip')";
$tbl = mysqli_query($conn, $result);
$_COOKIE['authorized'] = 1;
echo "Login successfull! Redirecting.";
require 'ConnectToDB.php';
$alphanumeric[0] = "0";
$alphanumeric[1] = "1";
$alphanumeric[2] = "2";
$alphanumeric[3] = "3";
$alphanumeric[4] = "4";
$alphanumeric[5] = "5";
$alphanumeric[6] = "6";
$alphanumeric[7] = "7";
$alphanumeric[8] = "8";
$alphanumeric[9] = "9";
$alphanumeric[10] = "a";
$alphanumeric[11] = "b";
$alphanumeric[12] = "c";
$alphanumeric[13] = "d";
$alphanumeric[14] = "e";
$alphanumeric[15] = "f";
$alphanumeric[16] = "g";
$alphanumeric[16] = "h";
$alphanumeric[17] = "i";
$alphanumeric[18] = "j";
$alphanumeric[19] = "k";
$alphanumeric[20] = "l";
$alphanumeric[21] = "m";
$alphanumeric[22] = "n";
$alphanumeric[23] = "o";
$alphanumeric[24] = "p";
$alphanumeric[25] = "q";
$alphanumeric[26] = "r";
$alphanumeric[27] = "s";
$alphanumeric[28] = "t";
$alphanumeric[29] = "u";
$alphanumeric[30] = "v";
$alphanumeric[31] = "w";
$alphanumeric[32] = "x";
$alphanumeric[33] = "y";
$alphanumeric[34] = "z";
$alphanumeric[35] = "A";
$alphanumeric[36] = "B";
$alphanumeric[37] = "C";
$alphanumeric[38] = "D";
$alphanumeric[39] = "E";
$alphanumeric[40] = "F";
$alphanumeric[41] = "G";
$alphanumeric[42] = "H";
$alphanumeric[43] = "I";
$alphanumeric[44] = "J";
$alphanumeric[45] = "K";
$alphanumeric[46] = "L";
$alphanumeric[47] = "M";
$alphanumeric[48] = "N";
$alphanumeric[49] = "O";
$alphanumeric[50] = "P";
$alphanumeric[51] = "Q";
$alphanumeric[52] = "R";
$alphanumeric[53] = "S";
$alphanumeric[54] = "T";
$alphanumeric[55] = "U";
$alphanumeric[56] = "V";
$alphanumeric[57] = "W";
$alphanumeric[58] = "X";
$alphanumeric[59] = "Y";
$alphanumeric[60] = "Z";
global $session;
$session = "";
for ($i=0;$i<20;$i++)
{
$rnd = rand(0, 60);
$session .= $alphanumeric[$rnd];
}
$date = date("Y-m-d");
$ip = $_SERVER['REMOTE_ADDR'];
$result = "INSERT INTO `sessions` ( `user`, `date`, `session_id`, `ip`, `login`) VALUES ('$username', '$date', '$session', '$ip', '1')";
$tbl = mysqli_query($conn, $result);
echo "All done";
echo '<script> window.location = "https://domaindig.eu/index.php" </script>';
}
else
{
echo "User found but password provided was wrong. Try again!";
// echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
}
else
{
echo "Failure. Couldn't fetch password!!! Try again.";
//echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
}
else
{
echo "Something went wrong. Try login again!";
//echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
}
else
{
echo "Unauthorized access!!";
//echo '<script> window.location = "https://domaindig.eu/login.php" </script>';
}
?>
</form>
</body>
</html>
这也是我在登录页面上显示 cookie 时的图片:
提前感谢大家。
【问题讨论】: