-2
我有一個名爲proxyCreate.php的php webservice,它將兩個值,用戶名和密碼傳遞給驗證用戶憑據的API。如何將標記中的用戶名變量傳遞給php代碼?
這工作正常。
但是,API返回僅返回認證的用戶名,密碼和認證日期。
我們還想抓取用戶的deptID,但不幸的是,API無法做到這一點,我們無法控制API返回的內容。
因此,我試圖查詢數據庫表以返回與經過身份驗證的用戶關聯的DeptID。
到目前爲止,我得到的是說,「一個無效參數傳遞給SQL_Srv查詢」
反正是有解決這個錯誤?
這是我到目前爲止。
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
session_start();
// Connect to SQL Server database
include("../../connections/Connect.php");
$upass = $_GET['upass'];
// Construct query
$tsql =
"
SELECT
ISNULL([ORGANIZATION],'')
FROM
[EMPLOYEE]
WHERE Lower([LOGINNAME]) = lower('$upass')
";
$stmt = sqlsrv_query($conn, $tsql);
if($stmt === false)
{
echo "Error in executing query.</br>";
die(print_r(sqlsrv_errors(), true));
}
$results = array();
// Retrieve and display the results of the query
//$lastFeatType = "";
while($row = sqlsrv_fetch_array($stmt,SQLSRV_FETCH_ASSOC)) {
array_push($results,$row);
}
echo json_encode($results);
// Free statement and connection resources
sqlsrv_free_stmt($stmt);
sqlsrv_close($conn);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
</head>
<body>
<h1>
FTS Service Requests
</h1>
<div class="action-container" style="display:none;"></div>
<div id="tabs">
<ul>
<div id="dialog" title="Basic dialog">
<p style="font-size:14pt;">User Log In</p>
</div>
</ul>
<p>
</p>
<br clear="all" />
<div>
<br /> <br />
<br />
<?php
//Start session
session_start();
header("Cache-Control: no-store, must-revalidate, max-age=0");
header("Pragma: no-cache");
header("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
if(!empty($_GET['status'])){
echo '<div align=center><font color=firebrick>You have been logged out!</font><br><br>Log in again or close browser.</div>';
}
?>
<br />
<br />
<br />
<form id="FormToValidate">
<table>
<tr>
<td nowrap>
<div class="input text">
<label><strong>UserName:</strong></label>
<input maxlength="40" class="required" name="user" id="user" size="20" placeholder="Enter username!" type="text" title="Please enter a username." tabindex="2" value="" style="width:400px;color:#000;font-size:10pt;height:20px;" />
</div>
</td>
</tr>
<tr>
<td nowrap>
<div class="input text">
<label><strong>Password:</strong></label>
<input maxlength="40" class="required" name="pass" id="pass" size="20" placeholder="Enter password!" type="password" tabindex="3" title="Please enter a password." value="" style="width:400px;color:#000;font-size:10pt;height:20px;" />
</div>
</td>
</tr>
<tr>
<td></td>
<td>
<div class="buttonSubmit">
<input type="button" id="btnValidate" style="width:80px; margin-left:-152px;background-color:#fff;" value="Log In" />
</div><br clear="all"/>
</td>
</tr>
</table>
</form>
</div>
<script type="text/javascript">
$("#btnValidate").click(function() {
// Creating variables to hold data from textboxes
var uname = $("#user").val();
var upass = $("#pass").val();
$.post("proxyCreate.php",
{ data: JSON.stringify({ LoginName: uname,Password: upass }) })
.done(function(data) {
var result = JSON.parse(data);
switch(result.Status) {
case 0:
//login successful
tokenVal = result.Value.Token;
location.href = "http://Accounts/accounts.php?token="+tokenVal+ "&user=" + uname;
break;
case 2:
//invalid login
alert(result.Message);
break;
}
})
.fail(function() {
alert("The AJAX request failed!");
});
});
</body>
</html>
等待...所以在這個系統中的密碼是:1)存儲在一個名爲'LOGINNAME'的字段中,2)存儲在*純文本*中,3)*不區分大小寫? *和*代碼是可注入SQL的。我懷疑得到'DeptID'是這裏最擔心的問題...... – David 2014-12-03 17:47:34
@David,NO。顧名思義,這是登錄名或用戶名,而不是密碼。如前所述,它們被傳遞給一個API,你看不到它。一切都通過proxyCreate.php。我不知道你是如何得出你的結論的。 – 2014-12-03 17:57:43
SQL查詢建議否則...'WHERE Lower([LOGINNAME])= lower('$ upass')' – David 2014-12-03 17:58:29