大家看看我的cookie登录验证
$ticket=$CI->encrypt->encode($obj->account.$obj->pwd);set_cookie('conid',$obj->consumerid,time()+1800);
set_cookie('ticket',$ticket,time()+1800);
设置了两个cookie,然后在验证页面先用id取用户信息,然后这样判断
$obj=$query->row();
if(count($obj)==0||$decode_ticket!=$obj->account.$obj->pwd)
{
redirect('/sysmanage/login?msg='.urlencode('登录超时'));
}
大家说这样安全吗?你们都怎么验证的
看不懂!!! 为什么要这样写? public function getLogin(){
$username = get_cookie('user_name');
file_put_contents('username.txt', var_export($username,true));
$user_name=strtolower(trim($this->input->post('user_name')));
$password = md5(trim($this->input->post('password')));
if(!empty($user_name) && !empty($password)){
$query = $this->user->userLogin($user_name,$password);
foreach($query as $user){};
file_put_contents('val.txt', var_export($user,true));
if($user){
$this->session->set_userdata($user);
if($this->input->post('c0') == 'true'){
//set_cookie($user['user_name'],$user['user_passwd'], time()+86400);
//$this->_cookie($user, time()+86400);
}
echo true;
}else{
echo '用户名或密码错误!'; //失败跳回产首页
}
}else{
echo '用户名密码不能为空'; //用户名密码不能为空
}
}
public function userLogin($user_name,$password){
$this->db->where('user_name',$user_name);
$this->db->where('user_passwd',$password);
$query = $this->db->get(self::TABLE_USER);
if($query->result_array() != ''){
return $query->result_array();
}
}
你看我这个 为什么不行呢?
页:
[1]