1. 식별/인증 한번에 하는 로직
2. 식별/인증 따로 로직
3. 식별/인증 같이 + 해싱처리
4. 식별/인증 따로 + 해싱처리
공통 DB설정파일
dbconfig.php
<?php
$servername = 'localhost';
$dbname = 'login';
$dbuser='root';
$dbpassword = '';
// DB 인스턴스 생성
$db = new PDO("mysql:host={$servername};dbname={$dbname}",$dbuser,$dbpassword);
try{
//DB 환경설정
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
echo $e->getMessage();
}
?>
================================================================
1. 식별/인증 한번에 하는 로직
<?php
include 'dbconfig.php';
$id = $_POST['id'];
$pw = $_POST['pw'];
try{
$sql = "SELECT * FROM login WHERE id=:id AND password=:pw";
$stmt = $db->prepare($sql);
$stmt->bindParam(":id", $id);
$stmt->bindParam(":pw", $pw);
$stmt->execute();
$a = $stmt->fetch(PDO::FETCH_ASSOC);
if($a){
session_start();
$_SESSION['id'] = $id;
echo "<script>self.location.href='./member.php';</script>";
}
else{
echo "<script>
alert('로그인실패');
self.location.href='./login.php';
</script>";
}
}catch(PDOException $e){
echo $e->getMessage();
};
?>
member.php
<?php
session_start();
echo "로그인 성공";
?>
==================================================================
2. 식별/인증 따로 로직
<?php
include 'dbconfig.php';
$id = $_POST['id'];
$pw = $_POST['pw'];
try{
$sql = "SELECT * FROM login WHERE id=:id";
$stmt = $db->prepare($sql);
$stmt->bindParam(":id", $id);
$stmt->execute();
$a = $stmt->fetch(PDO::FETCH_ASSOC);
if($a["password"] == $pw){
session_start();
$_SESSION['id'] = $id;
echo "<script>self.location.href='./member.php';</script>";
}
else{
echo "<script>
alert('로그인실패');
self.location.href='./login.php';
</script>";
}
}catch(PDOException $e){
echo $e->getMessage();
};
?>
==================================================================
3. 식별/인증 같이 로직 + 해싱처리
<?php
include 'dbconfig.php';
$id = $_POST['id'];
$pw = $_POST['pw'];
try{
$sql = "SELECT password FROM login WHERE id=:id";
$stmt = $db->prepare($sql);
$stmt->bindParam(":id", $id);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$a = password_verify($pw, $row["password"]);
if($a){
session_start();
$_SESSION['id'] = $id;
echo "<script>self.location.href='./member.php';</script>";
}else{
echo "<script>
alert('로그인실패');
self.location.href='./aa.php';
</script>";
}
}catch(PDOException $e){
echo $e->getMessage();
};
?>
============================================================
4. 식별/인증 따로 로직 + 해싱
<?php
include 'dbconfig.php';
$id = $_POST['id'];
$pw = $_POST['pw'];
try{
$sql = "SELECT password FROM login WHERE id=:id";
$stmt = $db->prepare($sql);
$stmt->bindParam(":id", $id);
$stmt->execute();
if($stmt->rowCount()){
$row = $stmt->fetch();
if(password_verify($pw, $row['password'])){
session_start();
$_SESSION['id'] = $id;
echo "<script>self.location.href='./member.php';</script>";
}
else{
echo "<script>
alert('로그인실패');
self.location.href='./aa.php';
</script>";
}
}
}catch(PDOException $e){
echo $e->getMessage();
};
?>
=============================================================
'웹 해킹' 카테고리의 다른 글
| CSRF 3번 문제(GET Amin 3) (0) | 2024.07.25 |
|---|---|
| CSRF 2번 문제(GET Amin 2) (0) | 2024.07.25 |
| CSRF 1번 문제(GET Amin 1) (0) | 2024.07.20 |
| 2주차 과제: 회원가입 페이지 만들기 (0) | 2024.05.01 |
| (Normaltic 스터디 6기)1주차 과제 - 간단 로그인 페이지 만들기( HTML, CSS, JS, PHP) (0) | 2024.04.23 |
