The account password is correct, and the backstage login of the website is always wrong.

Hello, great gods. I really didn"t understand it after studying it for a long time, so I sent a post for help! Website backstage login is always wrong password, but the database account and password are admin, password is correct, do not know why can not log on. I looked at the login php file and found that the password seems to have other parameters, please have a look! 

namespace Qwadmin\Controller;
use Common\Controller\BaseController;
use Think\Auth;
class LoginController extends BaseController {
    public function index(){

        
        $flag = false;
        $auth = cookie("auth");
        list($identifier, $token) = explode(",", $auth);
        if (ctype_alnum($identifier) && ctype_alnum($token)) {
            $user = M("member")->field("uid,user,identifier,token,salt")->where(array("identifier"=>$identifier))->find();
            if($user) {
                if($token == $user["token"] && $user["identifier"] == password($user["uid"].md5($user["user"].$user["salt"]))){
                    $flag = true;
                    $this->USER = $user;
                }
            }
        }
        if ($flag) {
           $this -> error(",",U("index/index"));
        }

        $this -> display();
    }
    public function login(){
        $verify = isset($_POST["verify"])?trim($_POST["verify"]):"";
        if (!$this->check_verify($verify,"login")) {
            $this -> error("",U("login/index"));
        }

        $username = isset($_POST["user"])?trim($_POST["user"]):"";
        $password = isset($_POST["password"])?password(trim($_POST["password"])):"";
        $remember = isset($_POST["remember"])?$_POST["remember"]:0;
        if ($username=="") {
            $this -> error("",U("login/index"));
        } elseif ($password=="") {
            $this -> error("",U("login/index"));
        }

        $model = M("Member");
        $user = $model ->field("uid,user")-> where(array("user"=>$username,"password"=>$password)) -> find();
        
        if($user) {
            $token = password(uniqid(rand(), TRUE));
            $salt = random(10);
            $identifier = password($user["uid"].md5($user["user"].$salt));
            $auth = $identifier.",".$token;
            
            M("member")->data(array("identifier"=>$identifier,"token"=>$token,"salt"=>$salt))->where(array("uid"=>$user["uid"]))->save();

            if($remember){
                cookie("auth",$auth,3600*24*365);//
            }else{
                cookie("auth",$auth);
            }
            addlog("",$username);
            $url=U("index/index");
            header("Location: $url");
            exit(0);
        }else{
            addlog("",$username);
            $this -> error("",U("login/index"));
        }
    }
    
    public function verify() {
        $config = array(
        "fontSize" => 14, // 
        "length" => 4, // 
        "useNoise" => false, // 
        "imageW"=>100,
        "imageH"=>30,
        );
        $verify = new \Think\Verify($config);
        $verify -> entry("login");
    }
    
    function check_verify($code, $id = "") {
        $verify = new \Think\Verify();
        return $verify -> check($code, $id);
    }
}

the code to control login is as above, uid=1,user=admin,password=md532 bit encrypted admin
excuse me, how can I set the account password is user password is password, and what content can be deleted? can I log in with any password or login without a password?

Log-in-to php
Feb.28,2021

it seems that there are no extra parameters in your password, but when you remember the password, you encrypt the login information and save it in cookie.

if the login failed, it should be 

$model = M("Member");
$user = $model ->field('uid,user')-> where(array('user'=>$username,'password'=>$password)) -> find();
if($user) {

}

$user this value is empty, indicating that no relevant information has been queried.
the landlord can debug his code at a breakpoint, or print out to debug under the key code.

Brother die, your logic doesn't feel normal. How can you casually check the database with username and password? it's easy to inject
and post the password function before you can see

.

Previous: How does npm update packages installed from github?

Next: Android studio cannot set minimum sdk to 2.3.3 level10, rookie

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu