douzhang5984 2019-07-24 20:53
浏览 86
已采纳

当我知道它是正确的时,PHP脚本会说“无效密码”

I'm building an intentionally flawed application for presentation purposes for work. It's left vulnerable to demonstrate improper practices and possibly encourage those who would exploit it to do so. There is ample logging on the server so we're able to see when people poke around. I just need a simple login page that uses a PHP script to connect to the SQL database. I can verify connectivity through the SQL server logs, however, the script returns and says "invalid password" when I know the password and username I'm inputting are correct.

I have tried swapping bits of code from other resources / what I know and I get internal error 500

// POST variables
$user=$_POST['user'];
$pass=$_POST['pass'];

// MD5 hash
//$pass=md5($pass);



$sql = "SELECT * FROM login WHERE user = '$user' AND pass = '$pass'";

// Query Login 
$stmt = sqlsrv_query($conn, $sql);
if( $stmt === false ) {
     die( print_r( sqlsrv_errors(), true));
}

// Login validation
if(sqlsrv_has_rows($stmt)) {
header('Location: landing.html');
}
else {
echo "Wrong username or password!";
}

I expect the connection to work, instead, it just throws up my "Wrong username or password!" statement

  • 写回答

1条回答 默认 最新

  • dongxun1978 2019-07-24 22:47
    关注

    The way that your scripts is written is incorrect. To check for a correct username and password, I wouldn't check if there are rows. I understand this isn't real and it's meant to show bad scripting/coding/etc however, this is really bad. The reason why it keeps giving you "Wrong username or password!" is because there are no rows being returned. Try rewriting your script like this:

    <?php

// Connect to Database Server
$server = "serverName\sqlexpress";
$connectionInfo = array("Database" => "dbName", "UID" => "username", "PWD" => "password");
$conn = sqlsrv_connect($server, $connectionInfo);

// POST variables
$user = $_POST['user'];
$pass = $_POST['pass'];

$query = 'SELECT * FROM login WHERE `user` = "' . $user . '" AND `pass` = "' . $pass . '"';

// Query Login
$statement = sqlsrv_query($conn, $query);

if ($statement) {
    $rows = sqlsrv_has_rows($statement);
    if ($rows === true && $rows >= 1) {
        header('Location: landing.html');
    } else {
        echo "Wrong username or password!";
    }
} else {
    die(print_r(sqlsrv_errors(), true));
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 想问一下树莓派接上显示屏后出现如图所示画面,是什么问题导致的
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号