极客观点
项目管理
HarmonyOS
大神们好,实在是研究了好久真是搞不懂,才发帖求助!网站后台登陆总是密码错误,但是数据库的账号和密码都是admin,密码是对的,不知道为什么登不上。我看了下登陆的php文件,发现密码好像还有其他的参数,请大佬们看看!
namespace Qwadmin\Controller;
use Common\Controller\BaseController;
use Think\Auth;
class LoginController extends BaseController {
public function index(){
$flag = false;
$auth = cookie('auth');
list($identifier, $token) = explode(',', $auth);
if (ctype_alnum($identifier) && ctype_alnum($token)) {
$user = M('member')->field('uid,user,identifier,token,salt')->where(array('identifier'=>$identifier))->find();
if($user) {
if($token == $user['token'] && $user['identifier'] == password($user['uid'].md5($user['user'].$user['salt']))){
$flag = true;
$this->USER = $user;
}
}
}
if ($flag) {
$this -> error('您已经登录,正在跳转到主页',U("index/index"));
}
$this -> display();
}
public function login(){
$verify = isset($_POST['verify'])?trim($_POST['verify']):'';
if (!$this->check_verify($verify,'login')) {
$this -> error('验证码错误!',U("login/index"));
}
$username = isset($_POST['user'])?trim($_POST['user']):'';
$password = isset($_POST['password'])?password(trim($_POST['password'])):'';
$remember = isset($_POST['remember'])?$_POST['remember']:0;
if ($username=='') {
$this -> error('用户名不能为空!',U("login/index"));
} elseif ($password=='') {
$this -> error('密码必须!',U("login/index"));
}
$model = M("Member");
$user = $model ->field('uid,user')-> where(array('user'=>$username,'password'=>$password)) -> find();
if($user) {
$token = password(uniqid(rand(), TRUE));
$salt = random(10);
$identifier = password($user['uid'].md5($user['user'].$salt));
$auth = $identifier.','.$token;
M('member')->data(array('identifier'=>$identifier,'token'=>$token,'salt'=>$salt))->where(array('uid'=>$user['uid']))->save();
if($remember){
cookie('auth',$auth,3600*24*365);//记住我
}else{
cookie('auth',$auth);
}
addlog('登录成功。',$username);
$url=U('index/index');
header("Location: $url");
exit(0);
}else{
addlog('登录失败。',$username);
$this -> error('登录失败,请重试!',U("login/index"));
}
}
public function verify() {
$config = array(
'fontSize' => 14, // 验证码字体大小
'length' => 4, // 验证码位数
'useNoise' => false, // 关闭验证码杂点
'imageW'=>100,
'imageH'=>30,
);
$verify = new \Think\Verify($config);
$verify -> entry('login');
}
function check_verify($code, $id = '') {
$verify = new \Think\Verify();
return $verify -> check($code, $id);
}
}控制登陆的代码如上,uid=1,user=admin,password=md532位加密的admin
请问,怎么样才能设置账号是user 密码是password,另外删除什么内容可以任意密码登录或者免密码登陆吗?
你这密码中好像没有加多余的参数,只是记住密码的时候,把登陆信息加密保存在cookie中了;
如果提示登陆失败的话,应该是
$user这个值为空,说明没有查询到相关信息;楼主可以断点调试一下自己的代码,或者在关键的代码下面,打印输出进行调试;