推 timo0968:您真認真 不過CODE寫得好 要飯要到老XD 再來是效能問題 07/17 01:33
#1HcX_YNQ)
<?php
function new_salt() {
$chars = "abcdefghijklmnopqrstuvwxyz" . // 太長占版面所以分成兩行
"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$salt = "";
for ($i = 0; $i < 16; ++$i) {
$salt .= $chars[mt_rand(0, strlen($chars) - 1)];
}
return $salt;
}
function string_to_hashed($str, $salt = NULL) {
if ($salt == NULL) $salt = new_salt();
$hashed = hash("sha256", $str.$salt);
return $salt.$hashed;
}
function hashed_compare($str, $hashed) {
$salt = substr($hashed, 0, 16);
$str_hashed = string_to_hashed($str, $salt);
return ($str_hashed == $hashed);
}
$db = new PDO("mysql:host=localhost;dbname=web", "dbuser", "dbpass");
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$login = $db->prepare(
"SELECT `id`, `password` FROM `users` " .
"WHERE `username` = :username LIMIT 1"
);
$login->bindParam(":username", $username);
$login->execute();
$user = $login->fetch();
if ($user && hashed_compare($user['password'], $password)) {
$_SESSION['login'] = true;
$_SESSION['uid'] = $user['id'];
header("location: /");
} else {
header("location: /login.php");
}
} else {
$html = '<!DOCTYPE html>
<form action="login.php" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="登入" />
</form>';
header("Content-Type: text/html;charset=utf-8");
header("Content-Length: " . strlen($html));
echo($html);
}
?>
--
★∥ ○ ◢ 〞` ◣ ◥◣◢◣◢◣ ◢▏。 ○ ο ∣★
★| ° ◢ ╮ ██◤ █◤◥◤█ ∥ o ° ∥★
★∥ 。 ● ● ◤ ◥ █ █ ∥ ◢╱﹋◣ 。 ∣★
★∣ ◥ˍ ◤◤ ◢◤ ◢◢◤██◤ ◣ ◢╱ ● ︶ ( ∥★
★∥ ( ◢◤ ◤ing ∥say ◢███ ╰ ◤ ζ ) ∣★
★│ ) mt.rmstudio.tw ︾ [email protected] ◤ ◥◢ ◤◤ wnqui ∥★
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 118.167.40.219
※ 編輯: a60301 來自: 118.167.40.219 (07/16 04:35)
不想看到明碼,那我就把之前的鹽巴拿來撒囉~
(傳送門: