Maison > Article > développement back-end > 登录密码比对疑问
数据库保存字段是md5(密码),表单接收处理的密码是md5(密码+后缀),这两个判断返回的逻辑值是true吗?为什么我昨晚试了,返回账户密码不正确,但是ajax返回值是ok,如果全部乱输入,则ajax返回的是null。如果密码不匹配为什么ajax返回ok?如果匹配为什么返回密码不正确?问题出在哪里?
1.IndexController.class.php:
<code><?php namespace Home\Controller; use Think\Controller; class IndexController extends Controller { public function index(){ $this->display(); } public function checkUserName(){ if(!IS_AJAX){ $data=array('errMsg' => '非法访问方式'); } $userName=I('username','','htmlspecialchars'); $userPass=I('userpass','','htmlspecialchars'); $userInfo=D("Stuser")->getUserInfo($userName); if($userInfo['userpass']!=handleMd5Pass($userPass)){ //echo $userInfo['userpass']."<br>"; //echo handleMd5Pass($userPass); echo "用户名或密码不正确"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg); session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data); } } </code>
2.StuserModel.class.php
<code><?php namespace Home\Model; use Think\Model; //用户表模型 class StuserModel extends Model{ private $DB=""; public function __construct(){ //构造函数创建模型 $this->DB=M("Stuser"); } //数据库中检索用户数据,find()检索一条->Index public function getUserInfo($userName){ //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find(); $userInfo=$this->DB->where('username="'.$userName.'"')->find(); echo $this->DB->getLastSql(); return $userInfo; } } ?> </code>
3.Login.js
<code>$('.search_sub').click(function(event){ event.preventDefault(); var userName=$("#username").val(); var userPass=$("#userpass").val(); if(userPass=="" || userName==""){ alert("登陆名称与密码不能为空"); $("#username").focus(); return false; }else{ var url="/stfjzd-13/index.php/Home/Index/checkUserName"; //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}"; $.post(url,{username:userName,userpass:userPass},function(msg){ if(msg.errMsg=="ok"){ window.location.href=msg.callback; }else{ alert(msg.errMsg); } },"JSON") } }) </code>
数据库保存字段是md5(密码),表单接收处理的密码是md5(密码+后缀),这两个判断返回的逻辑值是true吗?为什么我昨晚试了,返回账户密码不正确,但是ajax返回值是ok,如果全部乱输入,则ajax返回的是null。如果密码不匹配为什么ajax返回ok?如果匹配为什么返回密码不正确?问题出在哪里?
1.IndexController.class.php:
<code><?php namespace Home\Controller; use Think\Controller; class IndexController extends Controller { public function index(){ $this->display(); } public function checkUserName(){ if(!IS_AJAX){ $data=array('errMsg' => '非法访问方式'); } $userName=I('username','','htmlspecialchars'); $userPass=I('userpass','','htmlspecialchars'); $userInfo=D("Stuser")->getUserInfo($userName); if($userInfo['userpass']!=handleMd5Pass($userPass)){ //echo $userInfo['userpass']."<br>"; //echo handleMd5Pass($userPass); echo "用户名或密码不正确"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //$userInfo->where(array('id' => $userInfo['id']))->save($errMsg); session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data); } } </code>
2.StuserModel.class.php
<code><?php namespace Home\Model; use Think\Model; //用户表模型 class StuserModel extends Model{ private $DB=""; public function __construct(){ //构造函数创建模型 $this->DB=M("Stuser"); } //数据库中检索用户数据,find()检索一条->Index public function getUserInfo($userName){ //$res=$this->DB->field('username','userpass')->where('username="'.$userName.'"')->find(); $userInfo=$this->DB->where('username="'.$userName.'"')->find(); echo $this->DB->getLastSql(); return $userInfo; } } ?> </code>
3.Login.js
<code>$('.search_sub').click(function(event){ event.preventDefault(); var userName=$("#username").val(); var userPass=$("#userpass").val(); if(userPass=="" || userName==""){ alert("登陆名称与密码不能为空"); $("#username").focus(); return false; }else{ var url="/stfjzd-13/index.php/Home/Index/checkUserName"; //var url="{U('/stfjzd-13/index.php/Home/Index/checkUserName')}"; $.post(url,{username:userName,userpass:userPass},function(msg){ if(msg.errMsg=="ok"){ window.location.href=msg.callback; }else{ alert(msg.errMsg); } },"JSON") } }) </code>
<code> if($userInfo['userpass']!=handleMd5Pass($userPass)){ //此处只echo了错误,但是没有返回到前端。 echo "用户名或密码不正确"; //var_dump(handleMd5Pass($userPass)); } if($userInfo){ //你的代码运行到这里,用户名对,所以查出了userInfo,所以返回了ok。正确应该在密码验证错误的时候就返回给前端,不再往后运行 session('userId',$userInfo['id']); $data=array( 'info' => 'ok', 'callback' => U('/stfjzd-13/index.php/Home/Index/index') ); } $this->ajaxReturn($data);</code>
在注释中
echo "用户名或密码不正确";
这里 return