使用ajax jquery类型json在ajax响应和哈希问题之后的nonce令牌 [英] nonce token after ajax response and hash problems using ajax jquery type json
问题描述
我在php用我自己的代码登录,现在我不太擅长jquery ajax,依此类推, 我使用ajax jquery类型json登录,我将所有val并将其发布到服务器端php,后者检查所有详细信息,并通过同一jquery ajax响应.
i have login with my own code at php, now i dont so good at jquery ajax and so on, my login using ajax jquery type json , i take all vals and post them to server side php which check all details , and response answer via the same jquery ajax .
问题是我在登录表单中添加了在php中制成的现时令牌,并且每次用户尝试登录现时更改后,问题仅在于当我刷新登录页面时,现时已更改为良好的现时,否则会保持相同的现时令牌,并且将与帖子一起发送而不是更新的令牌,因为ajax登录后未刷新页面.
the problem is i added nonce token that maded in php to the login form and every time after user try to login the nonce change , the problem is only when i refresh the login page the nonce changed to the good nonce else its will keep the same nonce token and will send with the post not the updated one because the ajax didnt refresh the page after login .
所以问题是我如何在每次响应后触发ajax刷新现时令牌? 随机数令牌是用php写的.
So the question is how i trigger the ajax to refresh the nonce token after every response ? the nonce token is write in php.
有关哈希随机数令牌的更多信息,它有时会生成哈希字符串:
and more thing about the hash nonce token , its make that hash string sometime:
asdaskjn34kj + sdf/sd =
asdaskjn34kj+sdf/sd=
现在,ajax jQuery自动从哈希字符串中删除"+",因此其在POST中发送错误的令牌, 这是我的哈希函数:
now the ajax jquery auto remove the '+' from the hash string so its send wrong token in the POST, here my hash function :
public static function RandomBytes($count, $printable=FALSE)
{
$bytes = '';
// supress warnings when open_basedir restricts access to /dev/urand
if(@is_readable('/dev/urandom') && ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE)
{
$bytes = fread($hRand, $count);
fclose($hRand);
}
if((strlen($bytes) < $count) && function_exists('mcrypt_create_iv'))
{
// Use MCRYPT_RAND on Windows hosts with PHP < 5.3.7, otherwise use MCRYPT_DEV_URANDOM
// (http://bugs.php.net/55169).
if ((version_compare(PHP_VERSION, '5.3.7', '<') && strncasecmp(PHP_OS, 'WIN', 3) == 0))
$bytes = mcrypt_create_iv($count, MCRYPT_RAND);
else
$bytes = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
}
if((strlen($bytes) < $count) && function_exists('openssl_random_pseudo_bytes')) // OpenSSL slow on Win
{
$bytes = openssl_random_pseudo_bytes($count);
}
if ((strlen($bytes) < $count) && @class_exists('COM'))
{
// Officially deprecated in Windows 7
// http://msdn.microsoft.com/en-us/library/aa388182%28v=vs.85%29.aspx
try
{
$CAPI_Util = new COM('CAPICOM.Utilities.1');
if(is_callable(array($CAPI_Util,'GetRandom')))
{
$bytes = $CAPI_Util->GetRandom(16,0);
$bytes = base64_decode($bytes);
}
}
catch (Exception $ex)
{
}
}
if (strlen($bytes) < $count)
{
// This fallback here based on phpass code
$bytes = '';
$random_state = microtime();
if (function_exists('getmypid'))
$random_state .= getmypid();
for ($i = 0; $i < $count; $i += 16) {
$random_state =
md5(microtime() . $random_state);
$bytes .=
pack('H*', md5($random_state));
}
$bytes = substr($bytes, 0, $count);
}
if ($printable)
return base64_encode($bytes);
else
return $bytes;
}
有人知道如何更改此函数以使哈希表中的字符串没有'+'吗?
any one know how to change this function to make the strings without '+' in the hashesh?
推荐答案
这真的很有用,因为我遇到了相同的问题-我曾考虑过自动刷新登录页面,但这给用户带来了真正的不便-还添加了一个阻止,以便在5次尝试失败后阻止ip和/或用户
This was really useful as I had encountered the same problem - I had considered an auto page refresh for the login but this is a real inconvenience to the user - I also added a block so that the ip and/or user are blocked after 5 failed attempts
这篇关于使用ajax jquery类型json在ajax响应和哈希问题之后的nonce令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
