cookie base64_decode无法正常工作

Im trying to set a cookie when the user selects the checkbox to remember his data. I´m setting cookie and encoding if checkbox is selected:

if($f['save'])
{
$cookiesave = base64_encode($adminEmail).'&'.base64_encode($f['pass']);
setcookie('admin',$cookiesave,time()+60*60*24*30,'/');         
}

And then I´m decoding

elseif(!empty($_COOKIE['admin']))
            {
                $cookie = $_COOKIE['admin'];
                $cookie = explode('&',$cookie);
                $f['email'] = base64_decode($cookie[0]);
                $f['pass'] = base64_decode($cookie[1]);
                $f['save'] = 1;
            }

But despite being doing the decode, the input appears with encrypted password. I have reviewed all the code and everything seems to be right ... can see anything wrong?

My full code:

 <?php
        if(isset($_POST['sendLogin']))
         {
            $f['email'] = mysql_real_escape_string($_POST['email']);
            $f['pass']  = mysql_real_escape_string($_POST['pass']);
            $f['save']  = mysql_real_escape_string($_POST['remember']);

                $autEmail = $f['email'];
                $autSenha = md5($f['pass']);
                $readAdmin = read('admins',"WHERE email = '$adminEmail'");
                if($readADmin){
                    foreach($readAdmin as $admin);
                    if($adminEmail == $admin['email'] && $adminPass == $admin['pass'])
                    {
                        if($f['save'])
                        {
                            $cookiesave = base64_encode($adminEmail).'&'.base64_encode($f['pass']);
                            setcookie('admin',$cookiesave,time()+60*60*24*30,'/');
                        }
                        else
                        {
                            setcookie('admin','',time()+3600,'/');
                        }
                    }

                    else
                    {
                        echo 'Wrong Password';
                    }
                }
                else
                {
                    echo 'Email dont exist in DB';
                }
            }

        }
        elseif(!empty($_COOKIE['admin']))
        {
            $cookie = $_COOKIE['admin'];
            $cookie = explode('&',$cookie);
            $f['email'] = base64_decode($cookie[0]);
            $f['pass'] = base64_decode($cookie[1]);
            $f['save'] = 1;
        }
            echo '<pre>';
            print_r($cookie);
            echo
               '</pre>';
    ?>

        <?php
        if(!isset($_GET['remember']))
        {
        ?>
        <form name="login" action="" method="post">
            <label>
                <span>Email:</span>
                <input type="text" class="radius" name="email" value="<?php if(isset($f['email'])) echo $f['email']; ?>" />
            </label>
            <label>
                <span>Password:</span>
                <input type="password" class="radius" name="pass" value="<?php if(isset($f['pass'])) echo $f['pass']; ?>" />
            </label>
            <input type="submit" value="Login" name="sendLogin" class="btn" />

            <div class="remember">
                <input type="checkbox" name="remember" value="1" <?php if(isset($f['save'])) echo 'checked="checked"' ?> /> 
                Remember Acess data!
            </div>
        </form>
        <?php
        }

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

duankan8739 2014-03-18 20:43

关注

This is a tested login form (PHP 5.3.18). The comments at the start of the script explains how it works and how to use it.

<?php
/*
 * Q22459571
 *
 * a Login script:
 *
 * There are three actions it will do:
 *
 * 1) Display a login screen and process the results
 *
 * 2) Logout a user who has been 'remembered' or 'saved' see 'admin' cookie.
 *
 * 3) Automatically login a user from the details in the admin' cookie.
 *
 * The script action is controlled by a parameter in the URL called 'action'.
 *
 * The 'action' values and results are as follows:
 *
 * 1) action='login'   : will clear any cookies and force the login screen to be shown
 *
 * 2) action='logout'  : will clear any cookies and exit the script
 *
 * 3) missing 'action' parameter : a) try and login using the 'admin' cookie.
 *                                 b) show the login screen if not
 *                                    able to login.
 *
 * The result of the script will be saved in a '$userAuth' array as follows:
 *
 * 1) 'email'       => user email address as stored on the db.
 * 2) 'passhash'    => MD5 hash as stored on the database
 * 3) 'remember'    => boolean to indicate that the user can be logged in
 *                     via the 'admin' cookie
 * 4) 'loginMethod' => '', 'cookie', 'form'
 * 5) 'loginSuccess'=> true | false
 *
 */

/*
 * We will use 'mysqli' functions, prepared queries and 'bind' variables/values
 */

/*
 * User table:
 *
 * store password as a 'salted' hash
 *
 * Columns: 1) email    -- unique id for an admin
 *          2) passhash -- password as a MD5 hash
 *          3) salt     -- random string that we will use as a prefix to the plaintext password
 *                         before we take the md5 hash.
 */

// database connection...
$mysqlDb = mysqli_connect('localhost', 'test', 'test', 'testmysql');

// User Authorization details will always be in here...
$userAuth = array( 'email' => '', 'passhash' => '', 'remember' => false,
                   'loginMethod' => '', 'loginSuccess' => false);

// set the login action so we can use it later
$loginAction = isset($_GET['action']) ? $_GET['action'] : '';

/*
 * see what the URL action is
 */
if ($loginAction == 'logout')
{
  setcookie('admin', '' , 0, '/'); // delete cookie
  echo 'user logged out';          // do what you wish here
  exit;                            // leave the script
}


if ($loginAction == 'login')
{
  if (!empty($_COOKIE['admin'])) // clear the cookie to force login
  {
    setcookie('admin', '' , time() + 3600, '/'); // will be empty next time
  }
}
elseif (!empty($_COOKIE['admin'])) // The cookie should be encrypted -- not in this version.
{
   $cookie = $_COOKIE['admin'];
   $emailLen = substr($cookie, 0, 3); // get the length

   $b64 = substr($cookie, 3); // get b64 encoded string
   $b64decoded = base64_decode($b64); // convert back to original string

    // split it up...
   $userAuth['email'] = substr($b64decoded, 0, $emailLen);
   $userAuth['passhash']  = substr($b64decoded, $emailLen);
   $userAuth['remember' ]  = 1;


   // ensure user is in the database and the details match...
   $sql = 'SELECT email, salt from admins WHERE email = ? and passhash = ? limit 1';
   $query = mysqli_prepare($mysqlDb, $sql);
   $allOk = mysqli_stmt_bind_param($query, 'ss', $userAuth['email'], $userAuth['passhash']);
   $allOk = mysqli_execute($query);
   $queryResult = mysqli_stmt_get_result($query);
   $admin = mysqli_fetch_array($queryResult);

   $userAuth['loginMethod'] = 'cookie';
   $userAuth['loginSuccess'] =    !empty($admin['email'])
                               && $admin['email'] === $userAuth['email'];


   if ($userAuth['loginSuccess'])
   {
      echo 'user: ', $userAuth['email'], ' was logged in via the cookie...';
      exit;
   }
   else
   {
      echo 'user: ', $userAuth['email'], ' cookie details are wrong!!';
      exit;
   }
}


/*
 * We may have a login request that we need to check...
 */
 if (isset($_POST['sendLogin'])) // new login attempt
 {
   $userAuth['loginMethod'] = 'form';
   $userAuth['loginSuccess'] = false;

   $userAuth['email']     = mysqli_real_escape_string($mysqlDb, $_POST['email']);
   $userPass              = mysqli_real_escape_string($mysqlDb, $_POST['pass']);
   $userAuth['remember']  = mysqli_real_escape_string($mysqlDb, $_POST['remember']);



    // will use prepared queries and bind parameters as required
    $sql = 'SELECT email, passhash, salt from admins WHERE email = ? limit 1';
    $query = mysqli_prepare($mysqlDb, $sql);
    $allOk = mysqli_stmt_bind_param($query, 's', $userAuth['email']);
    $allOk = mysqli_execute($query);

    $queryResult = mysqli_stmt_get_result($query);
    $admin = mysqli_fetch_array($queryResult); // admin details

    if (   !empty($userAuth['email']) && $userAuth['email'] == $admin['email']
        && !empty($userPass))
    {
      // calculate the MD5 hash and assume it is ok
      $userAuth['passhash'] = md5($admin['salt'] . $userPass);
    }


    if (!empty($userAuth['passhash']) && $userAuth['passhash'] === $admin['passhash']) // passwords must have matched
    {
        $userAuth['loginSuccess'] = true;
        if ($userAuth['remember' ])
        {
           $emailLen = sprintf('%03u', strlen($userAuth['email']));
           $cookiesave = $emailLen . base64_encode($userAuth['email'] . $userAuth['passhash']);
           setcookie('admin', $cookiesave, time() + 60 * 60 * 24 * 30, '/');
        }
        else
        {
           setcookie('admin', '' , 0, '/'); // delete cookie
        }
    }
    else
    {
        setcookie('admin', '' , 0, '/'); // delete cookie if unsuccessful login
        echo 'Wrong Email / Password or both';
    }
 } // end of form login

// if successful login
if ($userAuth['loginSuccess'])
{
  echo 'user: ', $userAuth['email'], ' is  logged in via: ', $userAuth['loginMethod'];
  exit;
}

?>

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Enter Login Details</title>
  </head>

  <body>
  <form name="login" action="/testmysql/Q22459571_cookie_base64.php
        " method="post">
      <label>
          <span>Email:</span>
          <input type="text" class="radius" name="email" value="<?php echo $userAuth['email']; ?>" />
      </label>
      <label>
          <span>Password:</span>
          <input type="password" class="radius" name="pass" value="" />
      </label>

      <div class="remember">
          <input type="checkbox" id="remember" name="remember" value="1" <?php echo 'checked="checked"' ?> />
          <label  for="remember">Remember Me!</label>
      </div>

    <input type="submit" value="Login"  name="sendLogin" class="btn" />
  </form>
  </body>
</html>

本回答被题主选为最佳回答 , 对您是否有帮助呢?

报告相同问题？

关注问题

cookie base64_decode无法正常工作 php
2014-03-17 16:14

回答 1 已采纳 This is a tested login form (PHP 5.3.18). The comments at the start of the script explains how it
使用base64_decode解码XML在PHPUnit中工作正常但在浏览器中返回UTF-16编码数据 php
2010-07-20 13:51

回答 1 已采纳 Aha! It turns out that, when run in the browser, the cookie values were automatically URL decoded
PHP：将base64数据存储在cookie中 php
2011-02-24 15:12

回答 1 已采纳 Try calling urlencode() on your string before sending it to the cookie -- I seem to recall that PH
php中base64_encode base64_decode加密解密函数
2016-07-30 10:57

sole_cc的博客 base64_encode算法原理 Base64编码，是我们程序开发中经常使用到的编码方法。它是一种基于用64个可打印字符来表示二进制数据的表示方法。它通常用作存储、传输一些二进制数据编码方法！也是MIME（多用途互联网...
我的cookie已设置但php无法读取它 php
2013-02-24 13:48

回答 2 已采纳 My problem was I was trying to save a serialized object, $_SESSION['user'], in the cookie, it has
解码或识别此代码[关闭] php
2016-01-09 19:27

回答 1 已采纳 It looks like you have to reverse the string and then decode as Base64: This part: NjcwODI4Mj
为什么传递给PHP的cookie或数据字符串中缺少“+”字符，如何更正此问题 php
2019-07-02 23:15

回答 1 已采纳 setcookie() exists since PHP/4 and produces URL-encoded values: setcookie('a', '9xu3EhM5+6duW4feC
Cookie Base64编码注入
2021-03-07 12:59

一米八多的瑞兹的博客 Cookie Base64编码注入 1. Base64介绍 Base64编码是从二进制到字符的过程，可用于在HTTP环境下传递较长的标识信息。Base64是网络上最常见的用于传输8Bit字节码的编码方式之一，Base64就是一种基于64个可打印字符来...
混淆（如果有的话）$ _SESSION和$ _COOKIE变量？ mysql php
2011-07-27 07:16

回答 1 已采纳 You don't need to obfuscate anything stored in the _SESSION variable. It is not sent to the client
IE11停止接受跨域Cookie策略 javascript php
2015-11-06 20:58

回答 1 已采纳 The answer is simple -- this no longer works in IE, starting with IE11. One will have to pass para
PHP CURL脚本在第一次请求后获得502/503服务器错误 php
2019-01-15 04:03

回答 1 已采纳 There is a mess of cookies in your snippet. The callback function just appends cookies to the arra
php cookie 加密解密,php 使用base64加密、解密cookie的示例
2021-04-08 12:19

weixin_39914863的博客这篇文章主要为大家详细介绍了php 使用base64加密、解密cookie的示例，具有一定的参考价值，可以用来参考一下。感兴趣的小伙伴，下面一起跟随512笔记的小编罗X来看看吧。经测试代码如下：class Cookie{/*** 解密已经...
我的网站感染了混淆的PHP恶意软件 - 它在做什么+如何摆脱它？ php
2017-04-04 15:42

回答 6 已采纳 You can't trust anything on the server at this point. Reinstall the OS Reinstall known good copi
python实现base64解码_base64编码与python
2020-11-25 23:26

weixin_39777875的博客一、base64编码工作原理base64模块是用来作base64编码解码的。这种编码方式在电子邮件中是很常见的。它可以把不能作为文本显示的二进制数据编码为可显示的文本信息。...这里以base64_encode(’PH...
SQL注入1-5_cookie基于base64的注入
2019-12-07 17:00

Mamba start的博客 SQL注入1-5_cookie基于base64的注入 1.提交参数 2，代理抓包点击forward，看看有没有cooike 还是没有，继续fowrword 出来了，可以看见他是基于base64加密的数据重发攻击点击go可以看到返回正常我们把提交的...
php文件加密网站源码（基于base64和混淆加密）
2023-06-25 09:45

哈都婆的博客保护源代码：PHP 是一种脚本语言，源代码是以明文形式存储在服务器上的。通过对 PHP 代码进行加密，可以增加源代码的保密性，使其更难以被未经授权的人员获取和理解。这对于一些商业应用程序或具有商业价值的软件来...
【SQL注入-11】base64注入案例—以Sqli-labs-less22为例（借助BurpSuite工具）
2022-05-06 14:31

像风一样9的博客目录1 base64注入概述1.1 base64编码基础1.2 base64编码与URL编码1.3 base64注入2 base64注入案例2.1 实验平台2.2 实验过程2.2.1 注入前准备2.2.2 判断注入点及注入类型2.2.3 尝试使用union查询2.2.4 获取库名表名字...
cookie注入&& base64注入原理详解
2020-03-10 16:23

YoungBoy啊啊啊的博客什么是cookie注入？ cookie注入：和一般的注入都一样，只是传参方式不一样。而cookie注入是以cookie方式进行修改注入。 GET注入就是在url网址后面加上需要进行的注入语句 POST注入就是在表单处进行的注入 ...
没有解决我的问题, 去提问

悬赏问题

¥50 有数据，怎么建立模型求影响全要素生产率的因素
¥50 有数据，怎么用matlab求全要素生产率
¥15 TI的insta-spin例程
¥15 完成下列问题完成下列问题
¥15 C#算法问题, 不知道怎么处理这个数据的转换
¥15 YoloV5 第三方库的版本对照问题
¥15 请完成下列相关问题！
¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像，如何解决？
¥15 求daily translation（DT）偏差订正方法的代码
¥15 js调用html页面需要隐藏某个按钮

码龄粉丝数原力等级 --

cookie base64_decode无法正常工作

1条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

cookie base64_decode无法正常工作

1条回答 默认 最新

悬赏问题

1条回答默认最新