dougao2830 2015-09-14 10:53
浏览 23

将txt文件中的php密码作为数据库[重复]

This question already has an answer here:

I've got this login code (I'm conscious it is really unsafe).

How could I store multiple passwords in a .txt file?

   <?php 

$passwords = file('pass.txt');


# Check for session timeout, else initiliaze time
session_start();
if (isset($_SESSION['timeout'])) {
    if ($_SESSION['timeout'] + 10 < time()) {
        session_destroy(); } }
else {
    $_SESSION['pass']="" ;  $_SESSION['timeout']=time(); }

# Store POST data in session variables
if (isset($_POST["pass"])) {
    $_SESSION['pass']=hash('sha256',$_POST['pass']) ; }

# Check Login Data. Password is hashed (SHA256). In this case it is 'admin'.
$flag = 0;
foreach ($passwords as $pass) {
    if ($pass == $_SESSION['pass']) {
      $flag = 1;
    }
}

if ($flag == 1) {
echo 'session';}
else {
    echo'<form method="POST" action=""><input type="password" name="pass"></form>';}

?>

This is pass.txt, from which I want to read the passwords

65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918

</div>
  • 写回答

3条回答 默认 最新

  • douxun2023 2015-09-14 11:01
    关注

    I will start with, yes - you are very correct that it's unsafe. Especially if the passwords are stored in a txt file accessible to the web.

    I am guessing that the password doesn't have to match with a username, so you could simply store the passwords either in a plain txt file, or (for slightly more security) store them as an array in an included PHP file (which wouldn't be displayed as plain text if it's location is compromised).

    For plain text, read the file into an array

    $passwords = file('path/to/file.txt');

    Or include the PHP file with the array (which for the sake of this example is stored in an array called $passwords.

    Then set a flag and run through the array checking and replace the final condition with one that tests the flag.

    $flag = 0;
foreach ($passwords as $pass) {
    if ($pass == $_SESSION['pass']) {
      $flag = 1;
    }
}

if ($flag == 1) {
echo 'session';}
else {
    echo'<form method="POST" action=""><input type="password" name="pass"></form>';}
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度