0

I have been trying to use some code but to use it a bit more to my purposes. The original code went as follows for the isset but it is SO confusing.

// Check if we're already logged in, and check session information against cookies
// credentials to protect against session hijacking
if (isset ($_COOKIE['project-name']['userID']) &&
   crypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'],
         $_COOKIE['project-name']['secondDigest']) ==
   $_COOKIE['project-name']['secondDigest'] &&
   (!isset ($_COOKIE['project-name']['username']) ||
    (isset ($_COOKIE['project-name']['username']) &&
     Users::checkCredentials($_COOKIE['project-name']['username'],
                             $_COOKIE['project-name']['digest']))))

My current code:

function encrypt($input)
{
    $hash = password_hash($input, PASSWORD_DEFAULT);
    return $hash;
}

function checkUserCreds($username, $password)
{
    //do code at some point
    return $username;
    return $password;
}

function checkLoggedIn($page)
{
    session_start();

    //Check if already logged in and check session information against cookies
    if (isset($_COOKIE['sukd']['id']) && encrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2'] && (!isset ($_COOKIE['sukd']['login']) || (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash']))))
     {
      //Some code here.. eventually
     }  
 }

Whilst I have fixed the syntax error, I am genuinely confused by the thing I am trying to copy off.

4

1 回答 1

1 
function encrypt($input)
{
$hash = password_hash($input, PASSWORD_DEFAULT);
return $hash;

}

password_hash()使用强大的单向散列算法创建一个新的密码散列。
调用 encrypt($input) 将返回散列密码

function checkUserCreds($username, $password)
{
//do code at some point
return $username;
return $password;
}


调用 checkUserCreds($username, $password) 只会返回您提交的内容
,除非您在
//do code at some point有一些代码

函数 checkLoggedIn($page) { session_start();

//Check if already logged in and check session information against cookies
if (isset($_COOKIE['sukd']['id']) && encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2'] && (!isset ($_COOKIE['sukd']['login']) || (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash'])))
 {
  //Some code here.. eventually
 }



我试图分解 checkLoggedIn 函数 

(1) if (isset($_COOKIE['sukd']['id']) 
(2) && encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2'] 
(3) && (!isset ($_COOKIE['sukd']['login']) 
|| (isset ($_COOKIE['sukd']['login']) && checkUserCreds($_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash'])))
 {
  //Some code here.. eventually
 } 


 $_SERVER['REMOTE_ADDR'] = visitors IP 
 $_SERVER['HTTP_USER_AGENT'] = visitors browser
 $_COOKIE['sukd']['hashv2'] = your defined cookie( i GUESS to your password )
 $_COOKIE['sukd']['login'] = user defined cookie( i GUESS to check if login )

 (1). you check if $_COOKIE['sukd']['id'] isset and 

 (2). create a password hash by calling encrypt function and compare it to the cookie $_COOKIE['sukd']['hashv2']
 encrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2']) == $_COOKIE['sukd']['hashv2']  
 encrypt is a user defined function where you pass the combination of $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2'] to retrieve password hash

 (3). you check if $_COOKIE['sukd']['login'] exist or
 cookie is set and calls the function that returns 
 $_COOKIE['sukd']['login'](username), $_COOKIE['sukd']['hash'](password)
if any of the 3 fails, it will not proceed


编辑
也,你正在比较

$_COOKIE['sukd']['hashv2']

(如果) 等于

encrypt($_SERVER['REMOTE_ADDR' . $_SERVER['HTTP_USER_AGENT'] . $_COOKIE['sukd']['hashv2'])

具有

$_COOKIE['sukd']['hashv2']

我相信这也会返回 false

,请注意数字 3
,如果它会返回 true

$_COOKIE['sukd']['login'] is not set

或者

$_COOKIE['sukd']['login'] is set and $_COOKIE['sukd']['login'], $_COOKIE['sukd']['hash'] 
will  just return the param(not empty)


另外,请确保在调用 checkLoggedIn() 之前设置 cookie
希望这会有所帮助

于 2013-09-20T21:39:44.737 回答