Home >Backend Development >PHP Tutorial > 用cookie检察用户是否登录,是否安全
用cookie检察用户是否登录,是否安全
- WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
- 2016-06-13 12:57:08915browse
用cookie检查用户是否登录,是否安全?
用cookie检查用户是否登录,是否安全?
$cookies = $_COOKIE["wordpress_logged_in_".md5("http://localhost/wp")];<br />
$userinfo = explode('|',$cookies);<br />
$db = mysql_connect("localhost","root","root");<br />
mysql_select_db("wp",$db);<br />
mysql_query("SET NAMES utf8");<br />
$result = @mysql_query("SELECT user_login FROM wp_users where user_login ='".mysql_real_escape_string($userinfo[0])."' limit 1");<br />
$total = mysql_num_rows($result);<br />
mysql_close($db);<br />
if($total>0){<br />
echo 'hello: '.$userinfo[0]);<br />
}else{<br />
echo '<a href="http://localhost/wp/login.php"'>Login</a>';//如果没有登录,一个登录超链。<br />
}
------解决方案--------------------
安全与否,是看你写的代码,和cookie没有关系,关键是看你怎么应用cookie
------解决方案--------------------
+1
把密码写进cookie的话,那啥都不用问了
------解决方案--------------------
最好加个检验用的cookie用于检验cookies是否被修改(欺骗);
简单步骤如下:
1.用户id或用户名写入cookie,名A
2.将用户id或用户名使用如下方法加密后写入cookie,名B
3.在需要判断登录的地方,解密下B,判断是否同A即可
分享代码:
<br>
/**<br>
* 安全代码<br>
* @param string $string 要处理的文本<br>
* @param string $operation 处理方式(DECODE:解码,ENCODE:编码)<br>
* @param string $key 密匙<br>
* @param int $expiry 过期时间<br>
* @return string<br>
*/<br>
function oauthCode($string, $operation = 'DECODE', $key = '', $expiry = 0)<br>
{<br>
$ckey_length = 4;<br>
$key = md5($key != '' ? $key : '31415926');//默认密钥<br>
$keya = md5(substr($key, 0, 16));<br>
$keyb = md5(substr($key, 16, 16));<br>
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';<br>
$cryptkey = $keya.md5($keya.$keyc);<br>
$key_length = strlen($cryptkey);<br>
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;<br>
$string_length = strlen($string);<br>
$result = '';<br>
$box = range(0, 255);<br>
$rndkey = array();<br>
for($i = 0; $i
{<br>
$rndkey[$i] = ord($cryptkey[$i % $key_length]);<br>
}<br>
for($j = $i = 0; $i
{<br>
$j = ($j + $box[$i] + $rndkey[$i]) % 256;<br>
$tmp = $box[$i];<br>
$box[$i] = $box[$j];<br>
$box[$j] = $tmp;<br>
}<br>
for($a = $j = $i = 0; $i
{<br>
$a = ($a + 1) % 256;<br>
$j = ($j + $box[$a]) % 256;<br>
$tmp = $box[$a];<br>
$box[$a] = $box[$j];<br>
$box[$j] = $tmp;<br>
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256])); <div class="clear">
</div>
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article: 可逆短网址算法 Next article: 做什么样的网站好勒?关键是可以躲懒的网站