PageRenderTime 40ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/session/login.php

https://github.com/assassin0905/php
PHP | 180 lines | 104 code | 37 blank | 39 comment | 37 complexity | b4fe60c8e087dbbc6c591c2ef99b1945 MD5 | raw file
  1. <meta charset='utf-8' />
  2. <?php
  3. session_start();
  4. $conf = array(
  5. 'host' => 'localhost',
  6. 'port' => 3306,
  7. 'user' => 'root',
  8. 'pass' => 'root',
  9. 'name' => 'demo'
  10. );
  11. $link = mysql_connect($conf['host'] . ":" . $conf['port'], $conf['user'], $conf['pass']);
  12. mysql_select_db($conf['name'], $link);
  13. mysql_query("set names utf8", $link);
  14. function getUser($username){
  15. $sql = sprintf("select * from user where username = '%s' limit 1", mysql_real_escape_string($username));
  16. $result = mysql_query($sql);
  17. $row = mysql_fetch_assoc($result);
  18. return $row;
  19. }
  20. function redirect($url, $msg = false){
  21. echo "<script>";
  22. if($msg) echo sprintf("alert('%s');", $msg);
  23. echo sprintf("location.href='%s'", $url);
  24. echo "</script>";
  25. }
  26. $act = null;
  27. if(isset($_GET['act'])) $act = $_GET['act'];
  28. if($act == 'nonetoken'){
  29. // session里面不加token
  30. $_POST = array_map('htmlspecialchars', array_map('addslashes', array_map('trim', $_POST)));
  31. $username = isset($_POST['username']) ? $_POST['username'] : '';
  32. $password = isset($_POST['password']) ? $_POST['password'] : '';
  33. if(empty($username)) die('please input your username');
  34. if(empty($password)) die('please input your password');
  35. $row = getUser($username);
  36. if(!$row) die('your username is error');
  37. if($row['password'] != md5($password)) die('your password is error');
  38. // 登录成功, 将uid以及username放入session中, 并且设置1小时过期
  39. $_SESSION['current_user']['uid'] = $row['id'];
  40. $_SESSION['current_user']['username'] = $row['username'];
  41. setcookie('uid', $_SESSION['current_user']['uid'], time() + 3600, '/');
  42. setcookie('username', $_SESSION['current_user']['username'], time() + 3600, '/');
  43. redirect('login.php?act=info', '登录成功');
  44. }elseif($act == 'token'){
  45. /*
  46. * session里面加入token
  47. * cookie根据浏览器而定, 换了浏览器状态都没了
  48. * TOKEN值可以将http_user_agent作为参数, 加密, 放入session中, 然后判断
  49. */
  50. $_POST = array_map('htmlspecialchars', array_map('addslashes', array_map('trim', $_POST)));
  51. $username = isset($_POST['username']) ? $_POST['username'] : '';
  52. $password = isset($_POST['password']) ? $_POST['password'] : '';
  53. if(empty($username)) die('please input your username');
  54. if(empty($password)) die('please input your password');
  55. $row = getUser($username);
  56. if(!$row) die('your username is error');
  57. // 登录成功, 将uid username 放入session中, 并设置过期时间, 将token设置, 做安全设置
  58. $_SESSION['current_user']['uid'] = $row['id'];
  59. $_SESSION['current_user']['username'] = $row['username'];
  60. $token = $_SERVER['HTTP_USER_AGENT'] . md5(session_name()) . md5($_COOKIE[session_name()]);
  61. $_SESSION['current_user']['token'] = md5($token);
  62. redirect('login.php?act=tokeninfo', '登录成功');
  63. }elseif($act == 'tokeninfo'){
  64. // 用session验证用户登录信息
  65. if(empty($_SESSION['current_user']['uid']) || empty($_SESSION['current_user']['username']))
  66. redirect('login.php', '请登录');
  67. $row = getUser($_SESSION['current_user']['username']);
  68. if(empty($row) || $row['id'] != $_SESSION['current_user']['uid'])
  69. redirect('login.php', '用户错误');
  70. $chk_token = $_SERVER['HTTP_USER_AGENT'] . md5(session_name()) . md5($_COOKIE[session_name()]);
  71. if($_SESSION['current_user']['token'] != md5($chk_token))
  72. redirect('login.php', 'token不正确, 请不要当黑客');
  73. echo "欢迎回来, 使用token认证, " . $_SESSION['current_user']['username'];
  74. }elseif($act == 'info'){
  75. // 用cookie做验证
  76. if(empty($_COOKIE['uid']) || empty($_COOKIE['username'])){
  77. redirect('login.php', '请登录');
  78. }
  79. $current_user = getUser($_COOKIE['username']);
  80. /* 如果仅仅验证cookie里面的信息是不安全的, 因为cookie可以伪造.
  81. * 由于session.name没有失效, 则通过session.id的值还能够找到服务器端对应的session
  82. * 所以要验证cookie里面的值跟session的值相等, 则客户端与服务器端的值相等, 则证明有效
  83. */
  84. if(($_COOKIE['uid'] != $_SESSION['current_user']['uid']) || ($_COOKIE['username'] != $_SESSION['current_user']['username']))
  85. redirect('login.php', 'session与cookie的uid不相等, cookie可能被伪造');
  86. if(!$current_user) redirect('login.php', '登录的用户不存在');
  87. //print_r($_SESSION['current_user']['username']);
  88. echo "欢迎你, 你好, " . $_COOKIE['username'];
  89. }elseif($act == 'session_info'){
  90. // 用session去验证, 除非设置setcookie(session_name(), session_id(), time() + 3600), 否则在此流程控制里面过期时间有php设置的过期时间控制
  91. /**
  92. * 如果服务器端用session去做验证用户的登录状态
  93. * 如果得到某一个合法用户的session.id的值, 通过http发送cookie, 则能得到该合法用户的状态
  94. * 直接将session.id放入到cookie中无效, 从http头部得到的cookie的session.id去服务器找对应的session
  95. * http://localhost/github/session/login.php?act=session_info&PHPSESSIDSHIRLEY=qjvnqj36rj60u2vtfnivfum7g7
  96. */
  97. /* 无效 */
  98. if($_GET[session_name()]){
  99. $session_id = $_GET[session_name()];
  100. }
  101. $_COOKIE[session_name()] = $session_id;
  102. /* 无效 */
  103. header("Set-Cookie: PHPSESSIDSHIRLEY=qjvnqj36rj60u2vtfnivfum7g7");
  104. if(empty($_SESSION['current_user']['uid']) || empty($_SESSION['current_user']['username']))
  105. redirect('login.php', '请登录');
  106. // 用户浏览器版本不一样, 就算得到用户的session.id 也不能通过验证
  107. /*
  108. $chk_token = $_SERVER['HTTP_USER_AGENT'] . md5(session_name()) . md5($_COOKIE[session_name()]);
  109. if($_SESSION['current_user']['token'] != md5($chk_token))
  110. redirect('login.php', 'token不正确, 请不要当黑客');
  111. */
  112. echo "欢迎你, 你好, " . $_SESSION['current_user']['username'];
  113. }elseif($act == 'statusbysess'){
  114. /*
  115. * 通过得到session.id的值窃取用户状态
  116. * 先自己合法登录, 然后将session.id的值放入url中, 让别的合法用户点击, 保证自己的session.id不过期
  117. * 服务器判断到有此session.id后, php内核不会新建新的session.id
  118. * 接着用户登录, session.id对应的session变成了这个合法用户的session
  119. * 然后刷新页面, 取得合法用户的状态
  120. * http://localhost/github/session/login.php?PHPSESSIDSHIRLEY=qjvnqj36rj60u2vtfnivfum7g7
  121. */
  122. // 经证实, 简单的从url传递session.id. 浏览器会重新生成新的session.id
  123. if(empty($_SESSION['current_user']['uid']) || empty($_SESSION['current_user']['username']))
  124. redirect('login.php', '请登录');
  125. echo "欢迎你, 你好, " . $_SESSION['current_user']['username'];
  126. }elseif($act == 'tokenlogin'){
  127. ?>
  128. <form method='post' action='?act=token'>
  129. username: <input name='username' type='text' /><br /><br />
  130. password: <input name='password' type='password' /><br /><br />
  131. <input name='submit' value='登录' type='submit' />
  132. </form>
  133. <?php
  134. }else{
  135. ?>
  136. <form method='post' action='?act=nonetoken'>
  137. username: <input name='username' type='text' /><br /><br />
  138. password: <input name='password' type='password' /><br /><br />
  139. <input name='submit' value='登录' type='submit' />
  140. </form>
  141. <?php
  142. }
  143. ?>