大家好我想了解您下面创建的函数是否是无故障登录功能 . 我使用salt和bcrypt作为安全性 .
首先,我会使用用户名来获取盐 . 然后使用带有变量密码(来自表单输入)和salt的crypt来分配密码 .
接下来使用用户名和密码,检查成员是否存在 . 然后将成员的id存储为会话值以供将来使用 .
如果此功能有任何问题我想知道什么 .
function login(){
$username = trim($_GET['username']);
$password = trim($_GET['password']);
if($username == '' || $password == ''){
return 0;
}
if(strlen($username) > 30 || strlen($password) > 30){
return 0;
}
$username = strtolower($username);
$q = "SELECT * FROM member WHERE username = '$username'";
$value = $this->run_get_query($q);
$salt = $value[0]['salt'];
$password = crypt($password, $salt);
$q = "SELECT * FROM member WHERE username = '$username' AND password = '$password'";
$member_details = $this->run_get_query($q);
$num_rows = count($member_details);
if($num_rows == 1){
$_SESSION['member'] = $member_details[0]['id'];
}
return $num_rows;
}