shurix Posted March 26, 2008 Report Posted March 26, 2008 Aatrs jautaajums. Taatad man ir shads kods: $sql2 = "SELECT username FROM members WHERE username = '$_POST[user]'"; $q2 = mysql_query($sql2); $user_parbaude = mysql_num_rows($q2); if ($user_parbaude==0) { met atpakal uz login } else { ielogojas } ar kuru es parbaudu vai lietotajs ir registreets vai nav. Itkaa viss strada bet ir viena problemina. Ja piemeram lietotajvards ir andris tad ari piemeram ar andrissagjkgdsad ir iespejams ielogoties. Kapec taa ja vaicajumaa lietotaajvardam jabut tieshi tadam pasham?
Klez Posted March 26, 2008 Report Posted March 26, 2008 labaak iekopee visu kodu, vai dalju kas atbild par ielogoshanos, ja kods ir garsh tad lieto paste.php.lv peec shitaa iskaa NEvajadzeetu vareet ielogoties ar andrissagjkgdsad, ja vien taads db neeksistee...
777 Posted March 26, 2008 Report Posted March 26, 2008 vispirms $username = $_POST['user']; $username = htmlspecialchars($username); $result = ("SELECT `username` FROM `members` WHERE username='".$username."'") list($user_name, $user_id) = mysql_num_rows(mysql_query($result)); if($user_name != $username) { print "Nepareizs username, pamegini velreiz"; } else { setcookie(...); Header("Location: /"); }
shurix Posted March 26, 2008 Author Report Posted March 26, 2008 vispirms$username = $_POST['user']; $username = htmlspecialchars($username); $result = ("SELECT `username` FROM `members` WHERE username='".$username."'") list($user_name, $user_id) = mysql_num_rows(mysql_query($result)); if($user_name != $username) { print "Nepareizs username, pamegini velreiz"; } else { setcookie(...); Header("Location: /"); } Ar to list viss kartibaa? Kaut kaa nestrada. Skripts nav iisti ielogoshanas. Vienkarshi parbauda ja tads lietotajvards ir tad tiek talak ja nav tad netiek.
777 Posted March 26, 2008 Report Posted March 26, 2008 shis dara to pashu vnk salidzini vel paroles ...
shurix Posted March 26, 2008 Author Report Posted March 26, 2008 (edited) Ne ar paroli te galigi nekada sakara nav. Vienkarshi username salidzinaat. Iiisti neizprotu to list funkciju. Edited March 26, 2008 by shurix
xPtv45z Posted March 26, 2008 Report Posted March 26, 2008 $result = ("SELECT `username` FROM `members` WHERE username='".$username."'") list($user_name, $user_id) = mysql_num_rows(mysql_query($result)); if($user_name != $username) Šis ir smieklīgi. :D 777, tu pats zini ko tu raksti/dari? :) Es tev esmu gatavs dot latu par katru, šādā veidā iegūto $user_id. :D Un kur tev tur salīdzina paroles? Ja tu vaicājumā atlasi to pašu pēc kā meklē un pēc tam vēl salīdzini vai bija vienādi. :D
777 Posted March 26, 2008 Report Posted March 26, 2008 tad tu mums atradies tads baigais koderis ... doma es nezinu kam es otro reizi parbaudu vienu un to pashu ? tas ir pret XSS gudrinieks ...
xPtv45z Posted March 26, 2008 Report Posted March 26, 2008 XSS pie ielogošanās? Tas tiešām man ir kas jauns. Negribi pastāstīt tuvāk?
777 Posted March 26, 2008 Report Posted March 26, 2008 mmm, a tad tu doma ka caur POST formu nevar XSS uztaisit ? :))))
xPtv45z Posted March 26, 2008 Report Posted March 26, 2008 Un kā tu ielogošanās formu ar saviem xss datiem pasniegsi citam lietotājam?
777 Posted March 26, 2008 Report Posted March 26, 2008 (edited) davaj tu labak liksi manu kodu miera ? ja gribi palidzet puisim tad palidzi ... es rakstu jau pailgi, un tici man, man viss ir ok ar kodu ... un ko es parbaudu divas reizes un kam , ta jau ir mana darishana, zini ir tads izteiciens ... 7 reizes nomeri , vienu reizi nogriez .... ta ari es parbaudu lai butu droshs un pec tam jau talak viss aiziet .... Edited March 26, 2008 by 777
Grey_Wolf Posted March 26, 2008 Report Posted March 26, 2008 zini ir tads izteiciens ... 7 reizes nomeri , vienu reizi nogriez Starp citu tavs kods nebuut nav ideals .... jo ja juseris no kautkurienes kopees to username (parole ) // teksim kads vinjam atsutiis emailu .... tad 20% gadijumu iekopees arii atstarpes (tuksumu ) .. Respektiivi trukst triviala trim() apstrades .....
777 Posted March 26, 2008 Report Posted March 26, 2008 (edited) Grey_Wolf , es te paradiju tikai htmlspecialchars :) bet man ir funkcija secure kura ir gan htmlspecialchars, gan trim , gan stripslashes, gan real_escape_string viss ir ok, un es nesaku ka mans kods ir perfekts un visiem pie taa japieturas ... $username = $_POST['user_name']; $username = secure($username); $password = $_POST['user_pass']; $password = secure($password); Edited March 26, 2008 by 777
Recommended Posts