我一直在最近构建一个登录脚本,我需要一些关于安全性的建议。谢谢。关于此脚本的安全性
<?php
session_start();
include 'inc/conn.php';
include 'inc/config.php';
include 'inc/session.php'; //Prevent session hijack
if (isset($_SESSION['banned'])) {
header("Location: banned.php");
exit;
}
if (isset($_POST['submit'])) {
if (isset($_SESSION['token'])
&& $_POST['token'] == $_SESSION['token']) {
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = sha1($salt1 . $_POST['password'] . $salt2);
$user_query = "SELECT id, userlevel FROM users WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "'";
$user_result = mysql_query($user_query);
if (mysql_num_rows($user_result) == 0) {
$error = 'Fel användarnamn eller lösenord';
} else {
$row = mysql_fetch_assoc($user_result);
$banned_query = "SELECT * FROM bans WHERE user_id = " . $row['id'] . "";
$banned_result = mysql_query($banned_query);
session_regenerate_id();
if (mysql_num_rows($banned_result) == 0) {
$_SESSION['logged_in'] = TRUE;
$_SESSION['user_id'] = $row['id'];
$_SESSION['userlevel'] = $row['userlevel'];
header("Location: index.php");
exit;
} else {
$ban_row = mysql_fetch_assoc($banned_result);
$_SESSION['banned'] = TRUE;
$_SESSION['user_id'] = $ban_row['user_id'];
header("Location: banned.php");
exit;
}
}
}
}
$token = md5(uniqid(rand(), true));
$_SESSION['token'] = $token;
?>
<?php
if (!isset($_SESSION['logged_in'])) {
?>
<?php if (isset($error)) echo $error ?>
<form method="post" action="index.php">
<input type="hidden" name="token" value="<?php echo $token; ?>" />
Användarnamn<br />
<input type="text" name="username" value="" /><br />
Lösenord<br />
<input type="password" name="password" value="" /><br />
<input type="submit" name="submit" value="Logga in" />
</form>
<?php } else { echo var_dump($_SESSION); } ?>
config.php和conn只是两个文件,一个是数据库连接,另一个是两个静态变量。
session.php文件
<?php
$string = $_SERVER['HTTP_USER_AGENT'];
$string .= 'SHIFLETT';
$fingerprint = md5($string);
if (isset($_SESSION['HTTP_USER_AGENT']) &&
$_SESSION['HTTP_USER_AGENT'] != $fingerprint) {
session_unset();
session_destroy();
header("Location: index.php");
exit;
exit;
} else {
$_SESSION['HTTP_USER_AGENT'] = $fingerprint;
}
?>
有什么建议?
其中$ salt1和$ salt2定义? –
在config.php文件中 – John123
对于所有用户而言,每个用户帐户的盐需求不同。所以这是一个失败。 SHA1也被破坏,而不是使用sha2。最后,它们不需要两次赋值。一开始就有盐!是你所需要的全部。 – Johan