0

我有一个 CURL(在 C++ 中)来发送我的用户并传递给 remauth.php 文件,所以我认为我在 remuth.php 上做错了(因为我是 php 基础,我的程序无法运行,因为身份验证未通过。)我通过应用程序使用登录。

我的卷曲:

bool Auth_PerformSessionLogin(const char* username, const char* password)
{
curl_global_init(CURL_GLOBAL_ALL);

CURL* curl = curl_easy_init();

if (curl)
{
    char url[255];
    _snprintf(url, sizeof(url), "http://%s/remauth.php", "SITEADDRESS.com");

    char buf[8192] = {0};
    char postBuf[8192];
    _snprintf(postBuf, sizeof(postBuf), "%s&&%s", username, password);

    curl_easy_setopt(curl, CURLOPT_URL, url);
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AuthDataReceived);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf);
    curl_easy_setopt(curl, CURLOPT_USERAGENT, "IW4M");
    curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
    curl_easy_setopt(curl, CURLOPT_POST, 1);
    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postBuf);
    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, -1);
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);

    CURLcode code = curl_easy_perform(curl);
    curl_easy_cleanup(curl);

    curl_global_cleanup();

    if (code == CURLE_OK)
    {
        return Auth_ParseResultBuffer(buf);

    }
    else
    {
        Auth_Error(va("Could not reach the SITEADDRESS.comt server. Error code from   CURL: %x.", code));

    }

    return false;
  }

curl_global_cleanup();
return false;
}

和我的 remauth.php:

<?php
ob_start();
$host=""; // Host name 
$dbusername=""; // Mysql username 
$dbpassword=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$dbusername", "$dbpassword") or die(mysql_error());
mysql_select_db("$db_name") or die(mysql_error());

// Define $username and $password 
//$username=$username; 
//$password=md5($_POST['password']);
//$password=$password;

$username=$_POST['username']; 
$password=$_POST['password'];
//$post_item[]='action='.$_POST['submit'];


// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$row = mysql_fetch_assoc($result);
if (md5(md5($row['salt']).md5($password)) == $row['password']){
    session_register("username");
    session_register("password"); 
    echo "#";
    return true;
 }
 else {
    echo "o";
    return false;
 }
}
else{
echo "o";
return false;
}
ob_end_flush();
?>

//////////////////////////////

4

2 回答 2

1

你收到卷曲错误吗?php脚本是否完全执行?

您是否添加了 SITEADDRESS 仅仅是为了发布,或者这是编译器应该用您要连接的网站替换的定义?如果是第二个,这将在 "" 内不起作用,因为它会被视为文字而不被替换。

此外,您调用 curl_global_cleanup() 两次,一次在 if 子句内,一次在函数末尾。你应该只调用一次。您的函数是否可能被多次调用?然后你应该把全局初始化和清理移到别处,因为 curl 假设它们在程序中只被调用一次。这不会解决您的实际问题,但这是一种很好的做法。

于 2012-05-23T11:30:33.127 回答
0 
//To get the posted data without the fieldnames use: 

$data = file_get_contents('php://input');

//And then split the data by '&&'

$new_data = explode('&&', $data);

$username = $new_data[0];

$password = $new_data[1];

// more code...
于 2012-05-30T16:37:21.550 回答