安全登录验证
1.db security;table user
use security;
create table user(username varchar(25) primary key,
password varchar(32) not null,
identifier varchar(32) ,
token varchar(32) ,timeout int);
create table user(username varchar(25) primary key,
password varchar(32) not null,
identifier varchar(32) ,
token varchar(32) ,timeout int);
2.登录页面
<form method="post" action="dologin.php">
<input type="text" name="username" />
<input type="text" name="password" />
<input type="submit" />
</form>
<input type="text" name="username" />
<input type="text" name="password" />
<input type="submit" />
</form>
3.处理登录页面
dologin.php
<?php
$username=$_POST['username'];
$password=$_POST['password'];
$salt='SHIFLEFT';
$username=$_POST['username'];
$identifier=md5($salt.md5($username.$salt));
$token=md5(uniqid(rand(),TRUE));
$timeout=time()+60*60*24*7;
$v="$identifier:$token";
echo $v."<br/>";
echo $timeout;
setcookie('auth',"$identifier:$token",$timeout);
?>
$username=$_POST['username'];
$password=$_POST['password'];
$salt='SHIFLEFT';
$username=$_POST['username'];
$identifier=md5($salt.md5($username.$salt));
$token=md5(uniqid(rand(),TRUE));
$timeout=time()+60*60*24*7;
$v="$identifier:$token";
echo $v."<br/>";
echo $timeout;
setcookie('auth',"$identifier:$token",$timeout);
?>
4.
关键信息页面进行cookie认证,包含时间限制
keyinfol.php
<?php
$clean=array();
$mysql=array();
$now=time();
$salt='SHIFLEFT';
list($identifier,$token)=explode(':', $_COOKIE['auth']);
if(ctype_alnum($identifier)&& ctype_alnum($token))
{
$clean['identifier']=$identifier;
$clean['token']=$token;
}else{
}
$mysql['identifier']=mysql_real_escape_string($clean['identifier']);
$link=mysql_connect('localhost','root','');
mysql_select_db('security',$link);
echo $mysql['identifier'];
$sql="select username,token,timeout from user where identifier='{$mysql['identifier']}'";
if($result=mysql_query($sql)){
if(mysql_num_rows($result)){
$record=mysql_fetch_assoc($result);
if($clean['token']!=$record['token']){
echo "token not equal<br/>";
}elseif($now>$record['timeout'])
{
echo "time out<br/>";
}elseif($clean['identifier']!=md5($salt.md5($record['username'].$salt)))
{
echo "identifier error<br/>";
}else{
echo "successful";
}
}
}else{
echo "no this identifier<br/>";
}
$clean=array();
$mysql=array();
$now=time();
$salt='SHIFLEFT';
list($identifier,$token)=explode(':', $_COOKIE['auth']);
if(ctype_alnum($identifier)&& ctype_alnum($token))
{
$clean['identifier']=$identifier;
$clean['token']=$token;
}else{
}
$mysql['identifier']=mysql_real_escape_string($clean['identifier']);
$link=mysql_connect('localhost','root','');
mysql_select_db('security',$link);
echo $mysql['identifier'];
$sql="select username,token,timeout from user where identifier='{$mysql['identifier']}'";
if($result=mysql_query($sql)){
if(mysql_num_rows($result)){
$record=mysql_fetch_assoc($result);
if($clean['token']!=$record['token']){
echo "token not equal<br/>";
}elseif($now>$record['timeout'])
{
echo "time out<br/>";
}elseif($clean['identifier']!=md5($salt.md5($record['username'].$salt)))
{
echo "identifier error<br/>";
}else{
echo "successful";
}
}
}else{
echo "no this identifier<br/>";
}
浙公网安备 33010602011771号