2,203
社区成员
发帖
与我相关
我的任务
分享关于客户端程序安全验证的问题探讨...
针对问题
http://www.csdn.net/Expert/TopicView1.asp?id=818404
提出以下解决方案:
<form action=$thisprog method=post>
<input type=hidden name=action value=login>
用户名:<input type=text name=userid size=16 maxlength=16><br>
密 码:<input type=password name=password size=16 maxlength=16><br>
<input type=reset value="重新填写"> <input type=submit value="登陆系统">
</form>
$session_timeout = 15*60; #15min
$webroot = "D:/mydomain.net";
$session_path = "$webroot/ftp/Session"; #无 /
$Tuser = "";
$errMsg = "";
登陆验证函数::
#------------------------------------------------
sub chklogin
{
if ((length($userid)<3)||(length($password)<3)) {
¬ify("用户名或密码错误!");
}
if (($userid ne $myName)||($password ne $myPwd)) {
¬ify("用户名或密码错误!");
}
my $stime = time();
my $sid = crypt("$userid$userip","AR").crypt("$userid$stime","EN");
#随便弄了个乱的看不懂的串,没有意义,蒙蔽用户.可以考虑用md5
$sid =~ s/([^0-9a-z])/unpack("H2",$1)/eg;
open (TXTFILE,">$session_path/sess_$sid");
print TXTFILE "$stime\n";
print TXTFILE "$userid\n";
close(TXTFILE);
print "Location: webdir.cgi?sid=$sid&job=login\n\n";
}
每个页面的验证函数,每个页面在取得 $sid后,验证..
#------------------------------------------------
sub chksession
{
if (! -f "$session_path/sess_$sid") {
¬ify("你还没有登陆,请重新登陆! <a href=login.cgi?action=logout&sid=$sid>[重新登陆]-></a>");
}
my @sessiondata = &readtxtfile("$session_path/sess_$sid");
chop(@sessiondata);
my $lasttime = $sessiondata[0];
if (($lasttime+$session_timeout)<time()) {
unlink "$session_path/sess_$sid";
¬ify("操作超时,请重新登陆! <a href=login.cgi?action=logout&sid=$sid>[重新登陆]-></a>");
}
$Tuser = $sessiondata[1];
my $stime = time();
&writetxtfile("$session_path/sess_$sid","$stime\n$Tuser\n",1);
}
登出函数
if ($action eq "login") {
&chklogin();
}elsif($action eq "logout") {
#unlink "$session_path/sess_$sid";
opendir (DIR, "$session_path");
my @dirdata = readdir(DIR);
closedir (DIR);
foreach my $f (@dirdata) {
if (-f "$session_path/$f") {
unlink "$session_path/$f";
}
}
&loginform();
}
http://www.csdn.net/Expert/TopicView1.asp?id=818404
提出以下解决方案:
<form action=$thisprog method=post>
<input type=hidden name=action value=login>
用户名:<input type=text name=userid size=16 maxlength=16><br>
密 码:<input type=password name=password size=16 maxlength=16><br>
<input type=reset value="重新填写"> <input type=submit value="登陆系统">
</form>
$session_timeout = 15*60; #15min
$webroot = "D:/mydomain.net";
$session_path = "$webroot/ftp/Session"; #无 /
$Tuser = "";
$errMsg = "";
登陆验证函数::
#------------------------------------------------
sub chklogin
{
if ((length($userid)<3)||(length($password)<3)) {
¬ify("用户名或密码错误!");
}
if (($userid ne $myName)||($password ne $myPwd)) {
¬ify("用户名或密码错误!");
}
my $stime = time();
my $sid = crypt("$userid$userip","AR").crypt("$userid$stime","EN");
#随便弄了个乱的看不懂的串,没有意义,蒙蔽用户.可以考虑用md5
$sid =~ s/([^0-9a-z])/unpack("H2",$1)/eg;
open (TXTFILE,">$session_path/sess_$sid");
print TXTFILE "$stime\n";
print TXTFILE "$userid\n";
close(TXTFILE);
print "Location: webdir.cgi?sid=$sid&job=login\n\n";
}
每个页面的验证函数,每个页面在取得 $sid后,验证..
#------------------------------------------------
sub chksession
{
if (! -f "$session_path/sess_$sid") {
¬ify("你还没有登陆,请重新登陆! <a href=login.cgi?action=logout&sid=$sid>[重新登陆]-></a>");
}
my @sessiondata = &readtxtfile("$session_path/sess_$sid");
chop(@sessiondata);
my $lasttime = $sessiondata[0];
if (($lasttime+$session_timeout)<time()) {
unlink "$session_path/sess_$sid";
¬ify("操作超时,请重新登陆! <a href=login.cgi?action=logout&sid=$sid>[重新登陆]-></a>");
}
$Tuser = $sessiondata[1];
my $stime = time();
&writetxtfile("$session_path/sess_$sid","$stime\n$Tuser\n",1);
}
登出函数
if ($action eq "login") {
&chklogin();
}elsif($action eq "logout") {
#unlink "$session_path/sess_$sid";
opendir (DIR, "$session_path");
my @dirdata = readdir(DIR);
closedir (DIR);
foreach my $f (@dirdata) {
if (-f "$session_path/$f") {
unlink "$session_path/$f";
}
}
&loginform();
}
...全文
请发表友善的回复…
发表回复
