-1
使用cakePHP,我很想拥有关于这个小源代码的观点,我不确定它是否足够安全。将使用另一个散列脚本删除sha1()
。我发现它可以被优化,但是如何?我的登录功能是否安全?不知道如何改进它
三江源
类UsersController扩展控制器{
function account($Req){
if(isset($Req->post->login)){
$login = addslashes($Req->post->login);
$password = sha1(addslashes($Req->post->password));
$pass_confirm = sha1(addslashes($Req->post->pass_confirm));
$email = addslashes($Req->post->email);
$signature = addslashes($Req->post->signature);
if(empty($login) || empty($email)){
$this->Session->setFlash("You hav to complete each fiedls", "error");
$this->Request->redirect(SITE . "users/account");
}
elseif($pass_confirm != $password) {
$this->Session->setFlash("You gave two differents password", "error");
$Req->redirect(SITE . "users/account");
}
$this->loadModel("Users");
$dispoLogin = $this->Users->findCount(array(
"login" => $login
));
if($dispoLogin === 0){
$this->Session->setFlash("The login is already use by someone else", "error");
$this->Request->redirect(SITE . "users/account");
}
$dispoEmail = $this->Users->findCount(array(
"email" => $email
));
if($dispoEmail === 0){
$this->Session->setFlash("Email adress already use by someone else", "error");
$this->Request->redirect(SITE . "users/account");
}
if(empty($password)){
$q = $this->Users->findFirst(array(
"fields" => "password",
"conditions" => array(
"id" => $this->User->id
)
));
$password = sha1($q->password);
}
$this->Users->save(array(
"id" => $this->User->id,
"login" => $login,
"password" => $password,
"email" => $email,
"signature" => $signature
));
$this->user->setData(array(
"login" => $login,
"password" => $password,
"email" => $email,
"signature" => $signature
));
$this->Session->setFlash("Your profile page is updated");
$this->Request->redirect(SITE);
}
}
这是一个更适合programmers.stackexchange.com,投票移动那里。 – Bojangles
@JamWaffles它也不适合那里。 http://codereview.stackexchange.com – Mob
@Mob Darn it!有两个混合起来。 – Bojangles