-4

每当给出正确的用户名时,都会显示密码,但问题是如果密码是解密格式,那么当我显示密码时,加密密码就会显示......意味着密码是否为“通过”且其加密格式为“ 1a1dc91c907325c69271ddf0c944bc72" 然后第二次将加密格式粘贴到密码框中..然后密码出错..我该如何解决?意味着如何在javascript中解密密码..

//Index.php页面从这里开始

  <form name="login" method="post" action="upload_file_enter.php">
   Username: <input type="text" id="name"name="username" onBlur="check()"><br>
   <?php if(!$_COOKIE['password']){?>
   Password: <input type="password" name="password"><br>
    <?php };?>
       <?php if(isset($_COOKIE['password'])){?>
   Password: <input type="password" id="pass" name="password" value=""><br>
    <?php };?>
   Remember Me: <input type="checkbox" name="rememberme" value="1"><br>
   <input type="submit" name="submit" value="Login!">
  </form>

<script type="text/javascript">

//这个函数检查用户名是否正确

function check()
{
  var username=getCookie("username"); alert(username);
  var name=document.getElementById("name").value;alert(name);
  if(username==name)
  {
    document.getElementById("pass").value=getCookie("password"); //here pasting the 
// enter code here`password in the password field if the username is correct 
  }
}

//从document.cookie中获取cookie值

function getCookie(c_name)
{
var c_value = document.cookie;
var c_start = c_value.indexOf(" " + c_name + "=");
if (c_start == -1)
  {
  c_start = c_value.indexOf(c_name + "=");
  }
if (c_start == -1)
  {
  c_value = null;
  }
else
  {
  c_start = c_value.indexOf("=", c_start) + 1;
  var c_end = c_value.indexOf(";", c_start);
  if (c_end == -1)
  {
c_end = c_value.length;
}
c_value = unescape(c_value.substring(c_start,c_end));
}
return c_value;
}
</script>

//Index.php页面到此结束

//upload_file_enter.php //在此处设置 cookie ..使用 $_POST 从 index.php 获取值并在此处使用

<?php
/* These are our valid username and passwords */
$user = 'king1';
$pass = 'pass';

if(isset($_POST['username']) && isset($_POST['password'])) {

    if (($_POST['username'] == $user) && ($_POST['password'] == $pass)) {    

        if (isset($_POST['rememberme'])) {//echo"asda";exit;
            /* Set cookie to last 1 year */
            setcookie('username', $_POST['username'], time()+60*60*24*365, '/');
            setcookie('password', md5($_POST['password'])/*here encoded*/, time()+60*60*24*365, '/');

        } else {
            /* Cookie expires when browser closes */
            setcookie('username', $_POST['username'], false, '/');
            setcookie('password', md5($_POST['password'])/*here encoded*/, false, '/');
        }

        echo $p='showing some another page here';

    } else {
        echo 'Username/Password Invalid';
    }

} else {
    echo 'You must supply a username and password.';
}
?>
4

2 回答 2

0

如果您坚持使用 MD5...

MD5 应该是un-decryptable,所以通过 JS 进行检查的唯一方法是加密输入并根据 cookie 进行检查,但是您需要找到为 JS 截取的 MD5。

试试这个http://phpjs.org/functions/md5/

我不会粘贴它,因为它太长了;)

例如

function md5(string){

    //make string to md5

}

function check(){
    var username=getCookie("username"); alert(username);
    var name=document.getElementById("name").value; alert(name);
    if(username==md5(name))
    {
        document.getElementById("pass").value=getCookie("password"); 
    }
}

但是,我会推荐一种更安全的算法来存储具有密钥/盐的密码。

于 2013-04-26T14:07:15.617 回答
0

我不知道如何解密密码,但有一个选项我们可以将密码与登录密码进行比较,因此无需使用以下代码解密密码

Router.post('/signin', async (req, res) => {
    const { email, password } = req.body
    const userLogin = await Info.findOne({ email: email })
    const isMatching = await bycrpt.compare(password, userLogin.password)
     if (!userLogin.email || !isMatching) {
        res.json({ ok: "USER NOT SIGNED" })
        console.log("Invalid Credential !!")
    } else {
        res.json({ ok: "USER SIGNED" })
        console.log("wellcome user signed")
}
于 2021-09-02T19:46:57.053 回答