请帮我解决我的许可系统的错误！ [英] Please help me solve a bug with my licencing system!

问题描述

大家好，



我正在创建一个简单的许可系统，以帮助许可我自己的程序，并通过github帮助其他人。我遇到了一个我不太了解的错误，并且正在寻求一些建议。



我很快就会添加客户端代码。我也希望增加更多高级功能。



基本上，



1.我有一台服务器监听端口并托管登录和注册处理程序。



2.客户端将发送用户名和密码（localhost：8080 / login / username-password）登录处理程序。



3.服务器将对密码进行散列并将其与本地文件进行核对，并在我的计算机上本地存储所有哈希值。



4.如果成功或失败，服务器将报告。



当我输入用户名和密码时，似乎好像它没有检查密码。我可以输入任何密码，只要我拥有正确的用户名就会说成功。



我很感激所有的建议，即使他们没有解决这个问题。



谢谢！



代码：https：//gist.github.com/seriousnerve/1830e77d3e2891b0a5b158c9fb02b37f < br $> b $ b

我尝试了什么：



我试过修改if if then语句，但似乎只是完全跳过密码if语句。

Hello all,

I am creating a simple licencing system to help licence my own programs and also to help others via github. I have come across a bug that I don't really understand and am asking for some advice.

I will add the client code soon. I also hope to add more advanced features.

Basically,

1. I have a server that listens on a port and hosts a login and register handler.

2. The client will send the username and password (localhost:8080/login/username-password) to the login handler.

3. The server will hash the password and check it against a local file with all the hashes stored locally on my computer.

4. The server will report back if it succeeded or failed.

When I enter the username and password, it seems as though it doesn't check the password. I can put any password and it will say success as long as I have the username right.

I appreciate all suggestions, even if they don't fix the bug.

Thanks!

Code: https://gist.github.com/seriousnerve/1830e77d3e2891b0a5b158c9fb02b37f

What I have tried:

I have tried modifying the if then statements but it seems to just completely skip over the password if statement.

推荐答案

你正在使用.contains。这是一个可怕的想法，如果你想要安全，检查平等。我的第一个猜测，基于你没有告诉我们你试图调试这段代码的任何事情，是

You're using .contains. This is a terrible idea, if you want to be secure, check for equality. My first guess, based on you not telling us anything about your attempts to debug this code, is that

HashDecoded

是空的还是单个字符，因此

is empty or a single character, and thus

HashInfo

总是包含它。

这篇关于请帮我解决我的许可系统的错误！的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！