使用Ajax将密码发送到PHP

我正在尝试实现身份验证。

当前版本有效。 但是,虽然我正在使用POST,但是发送未加密的密码是不好的做法?</ p>

JavaScript:</ strong> </ p>

$ .ajax({
type:“POST”,
url:“script.php”,
data:{
q:“login”,
user:$(“#user” ).val(),
pass:$(“#pass”)。val()
},
success:function(data){
if(data){
alert(“VALID”)\ n} else {
alert(“INVALID”)
}
}
});
</ code> </ pre>

PHP:</ strong> < / p>

  if($ _POST [“q”] ==“login”){
$ user = $ _POST [“user”];
$ pass = $ _POST [ “pass”];

$ sql =“SELECT用户,传递FROM users WHERE user ='”。 $ user。 “'”;

$ stmt = sqlsrv_query($ conn,$ sql);
if($ stmt === false){
die(print_r(sqlsrv_errors(),true));
} \ n
$ arr = array();
$ row = sqlsrv_fetch_array($ stmt);
$ hash = $ row [“pass”];

if(password_verify($ pass,$ hash)){

die(true);
exit();
} else {
die(false);
exit();
}

sqlsrv_free_stmt($ stmt);
sqlsrv_close($ conn );

exit();
}
</ code> </ pre>

是否有从JS(Ajax)向PHP发送密码的最佳做法?</ p>

</ div>

展开原文

原文

I'm trying to implement an authentication from.
My current version works. However, is it consider a bad practice to send the password unencrypted, though I'm using POST?

JavaScript:

$.ajax({
    type : "POST",
    url : "script.php",
    data : {
        q : "login",
        user: $("#user").val(),
        pass: $("#pass").val()
    },
    success : function(data) {
        if(data){
            alert("VALID")
        }else{
            alert("INVALID")
        }
    }
});

PHP:

if ($_POST ["q"] == "login") {
    $user = $_POST ["user"];
    $pass = $_POST ["pass"];

    $sql = "SELECT user, pass FROM users WHERE user='" . $user . "'";

    $stmt = sqlsrv_query ( $conn, $sql );
    if ($stmt === false) {
        die ( print_r ( sqlsrv_errors (), true ) );
    }

    $arr = array ();
    $row = sqlsrv_fetch_array ( $stmt );
    $hash = $row ["pass"];

    if (password_verify ( $pass, $hash )) {
        die ( true );
        exit ();
    } else {
        die ( false );
        exit ();
    }

    sqlsrv_free_stmt ( $stmt );
    sqlsrv_close ( $conn );

    exit ();
}

Is there a best practice for sending password from JS (Ajax) to PHP?

duankuai6586
duankuai6586 使用https而不是http,然后它将被加密
4 年多之前 回复
dousi5358
dousi5358 请注意,您没有受到SQL注入的保护。
4 年多之前 回复

1个回答




认为发送密码未加密是不好的做法</ p>
</ blockquote>

是的,非常糟糕。</ p>


是否有从JS(Ajax)向PHP发送密码的最佳做法?</ p>
</ blockquote>

请求是通过标准页面加载还是Ajax请求进行无关紧要。 请求是针对PHP还是其他系统是无关紧要的。 无论您使用GET还是POST都无关紧要。 如果您要发送密码,请始终使用HTTPS。 如果SSL证书的费用阻止了您,您可以通过 letsencrypt.org 获取免费证书</ p>
</ DIV>

展开原文

原文

is it consider a bad practice to send the password unencrypted

Yes, very bad.

Is there a best practice for sending password from JS (Ajax) to PHP?

Whether the request is made via a standard page load or an Ajax request is irrelevant. Whether the request is made to PHP or another system is irrelevant. Whether you're using GET or POST is irrelevant. If you're sending passwords, use HTTPS, always. If the cost of an SSL certificate is stopping you, you can get free ones at letsencrypt.org

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问