不想看到明碼，那我就把之前的鹽巴拿來撒囉～ （傳送門：#1HcX_YNQ） <?php function new_salt() { $chars = "abcdefghijklmnopqrstuvwxyz" . // 太長占版面所以分成兩行 "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $salt = ""; for ($i = 0; $i < 16; ++$i) { $salt .= $chars[mt_rand(0, strlen($chars) - 1)]; } return $salt; } function string_to_hashed($str, $salt = NULL) { if ($salt == NULL) $salt = new_salt(); $hashed = hash("sha256", $str.$salt); return $salt.$hashed; } function hashed_compare($str, $hashed) { $salt = substr($hashed, 0, 16); $str_hashed = string_to_hashed($str, $salt); return ($str_hashed == $hashed); } $db = new PDO("mysql:host=localhost;dbname=web", "dbuser", "dbpass"); if (isset($_POST['username']) && isset($_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; $login = $db->prepare( "SELECT `id`, `password` FROM `users` " . "WHERE `username` = :username LIMIT 1" ); $login->bindParam(":username", $username); $login->execute(); $user = $login->fetch(); if ($user && hashed_compare($user['password'], $password)) { $_SESSION['login'] = true; $_SESSION['uid'] = $user['id']; header("location: /"); } else { header("location: /login.php"); } } else { $html = '<!DOCTYPE html> <form action="login.php" method="post"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="登入" /> </form>'; header("Content-Type: text/html;charset=utf-8"); header("Content-Length: " . strlen($html)); echo($html); } ?> -- ★∥ ○ ◢ 〞` ◣ ◥◣◢◣◢◣ ◢▏。 ○ ο ∣★ ★｜ ° ◢ ╮ ██◤ █◤◥◤█ ∥ o ° ∥★ ★∥ 。 ● ● ◤ ◥ █ █ ∥ ◢╱﹋◣ 。 ∣★ ★∣ ◥ˍ ◤◤ ◢◤ ◢◢◤██◤ ◣ ◢╱ ● ︶ （ ∥★ ★∥ （ ◢◤ ◤ing ∥say ◢███ ╰ ◤ ζ ） ∣★ ★│ ） mt.rmstudio.tw ︾ [email protected] ◤ ◥◢ ◤◤ wnqui ∥★ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 118.167.40.219 ※ 編輯: a60301 來自: 118.167.40.219 (07/16 04:35)