Home Explore Help
Register Sign In
wangyong
/
card
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
card
/
make
/
controller
/
logincheck.php

logincheck.php 1.3 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. <?php
    2. 

  2. session_start();
    3. 

  3. include_once("../../untils/conn.php");
    4. 

  4. mysqli_query($con, "set names utf8");
    5. 

  5. $name = $_POST['username'];
    6. 

  6. $pwd = $_POST['password'];
    7. 

  7. $token = $_POST['token'];
    8. 

  8. 

  9. // 验证账号、密码和令牌是否为空
    10. 

  10. if (empty($name) || empty($pwd) || empty($token)) {
    11. 

  11.     echo "<script>alert('账号、密码和令牌不能为空');history.go(-1);</script>";
    12. 

  12.     exit;
    13. 

  13. }
    14. 

  14. 

  15. // 从数据库获取盐值和安全令牌
    16. 

  16. $sql = "SELECT salt, token FROM admin WHERE user='$name';";
    17. 

  17. $result = mysqli_query($con, $sql);
    18. 

  18. $row = mysqli_fetch_assoc($result);
    19. 

  19. $salt = $row['salt'];
    20. 

  20. $dbToken = $row['token'];
    21. 

  21. 

  22. // 在查询中使用明文密码进行验证
    23. 

  23. $sql = "SELECT user, password FROM admin WHERE user='$name' AND password='$pwd';";
    24. 

  24. $result = mysqli_query($con, $sql);
    25. 

  25. $row = mysqli_num_rows($result);
    26. 

  26. $_SESSION["username"] = $name;
    27. 

  27. 

  28. if ($row) {
    29. 

  29.     // 验证通过
    30. 

  30.     $hashedToken = md5($token . $salt); // 使用盐值对用户输入的令牌进行加密处理
    31. 

  31.     if ($hashedToken === $dbToken) {
    32. 

  32.         echo "<script>alert('登录成功');location.href='../index.php';</script>";
    33. 

  33.     } else {
    34. 

  34.         echo "<script>alert('安全令牌错误');history.go(-1);</script>";
    35. 

  35.     }
    36. 

  36. } else {
    37. 

  37.     // 验证失败
    38. 

  38.     echo "<script>alert('用户名或密码错误,请重新输入');history.go(-1);</script>";
    39. 

  39. }
    40. 

  40. ?>
    41.