0

我正在尝试制作一个受密码保护的网站。密码目前只是硬编码,以便我更容易测试。

我遇到的问题是,当我输入实际密码时,cookie 似乎没有设置。如果我第二次重新输入密码,那么 cookie 就会被设置。

我知道问题在于我调用代码的顺序,但我很难确定我应该更改什么以使其在第一个正确的密码输入时正确运行。任何帮助,将不胜感激。

     case 'Maintenance':

$salt = "test";
$adminpass = "adminpass";
$RealPassword = crypt($adminpass, $salt);

function LoginScreen($SaltCode){
?>

    <html>
<head>
  <title>Please enter password to access this page</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
  <style>
    input { border: 1px solid black; }
  </style>
  <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
  <form method="post">
    <h3>Please enter password to access this page</h3>
    <font color="red"><?php echo $error_msg; ?></font><br />
    <input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
  </form>
  <br />
  </div>
</body>
</html> 






<?php
global $PasswordEntered;
$PasswordEntered = crypt($_POST['access_password'],$SaltCode);

}









if (!isset($_COOKIE["Cookie"]))
{ 

LoginScreen($salt);

if ($PasswordEntered == $RealPassword)
    {
        setcookie("Cookie", $PasswordEntered, time()+600);
    } 

}



if (isset($_COOKIE["Cookie"]))
{

?>  

<B><fontsize=16>Are you sure you want to Format the data disk?</b></font><br><br>


<form method = "post">

<INPUT TYPE = 'Submit' name = 'FormatSubmit' value = 'Submit'>


<br><br><br>
Please check the box to verify you want to Format the data disk.

<Input type = "Checkbox" Name ="FormatCheck" value ="checked">


</form>

<?php
if (($_POST['FormatSubmit'] == "Submit") & ($_POST['FormatCheck'] == "checked"))
    {
    html_exec_cmd('echo -e "o\nn\np\n1\n\n\nw\n" | fdisk /dev/sda;sleep 1;mkfs.ext3 /dev/sda1;mount /dev/sda1 /data/');
     }

}

     break;
4

3 回答 3

0

cookie 仅作为请求的一部分发送:

setcookie("Cookie", $PasswordEntered, time()+600);

if (isset($_COOKIE["Cookie"])) {
}

如果它在同一个请求中,这将失败。

但是,您可以执行以下操作:

setcookie("Cookie", $PasswordEntered, time()+600);
// might be consudered bad practice though to directly edit the superglobal, so be wary of WTF's
$_COOKIE["Cookie"] = $PasswordEntered;

if (isset($_COOKIE["Cookie"])) {
}

顺便说一句,这是什么:global $PasswordEntered;??

于 2012-08-06T21:14:44.907 回答
0

也许与另一个变量,像这样:

<?php

global $PasswordEntered;
if (isset($_POST['access_password'])){
    $PasswordEntered = crypt($_POST['access_password'],$SaltCode);
} else {
    $PasswordEntered='';
}
}
$pass=false;
if (!isset($_COOKIE["Cookie"]))
{ 
    LoginScreen($salt);

if ($PasswordEntered == $RealPassword)
{
    setcookie("Cookie", $PasswordEntered, time()+600);
    $pass=true;
} 
}

if (isset($_COOKIE["Cookie"]) || $pass)
{
   .
   .
   .
于 2012-08-06T21:28:24.073 回答
0

我最终完全放弃了 setcookie 参数,因为我想不出解决它的方法。我决定使用 $_SESSION 参数来让它工作。一个额外的好处是会话是在服务器端控制的,因此安全性会更高。

case 'Login':

      $salt = "test";
      $adminpass = "adminpass";
      $RealPassword = crypt($adminpass, $salt);

      if (isset($_SESSION['loggedin'])){
        echo "You are already logged in.";
      }
      else if ($_POST['access_password']){
        $PasswordEntered = crypt($_POST['access_password'],$salt);
        if ($PasswordEntered == $RealPassword){
            $_SESSION['loggedin']=1;
            LogData('Logged in',$logdir);
            echo "You are now logged in!";
        }
        else{
            echo LoginScreen();
            LogData('Failed login attempt',$logdir);
        }
      }
      else{ 
        echo LoginScreen();
      }
    break;
于 2012-08-13T14:22:59.407 回答