ck防止黑客修改其他用戶數據(密碼,暱稱等)
1:每次登陸時,生成CK並保存在服務器端(以後每次登陸都能生成新的CK)
$userinfo['ck'] = $this->__genenal_ck($user['userid'], $user['nickname'], $user['email'], $user['stat'], $userinfo['ssourl'], $code);
2:如果黑客修改了登錄接口 用戶名,密碼,暱稱,ip進行模仿用戶登錄時,CK一定驗證不過!
$info['ip'] = $this->ip;
$info['logintime'] = time();
$info['uid'] = $userid;
$info['nickname'] = $nickname;
$info['email'] = $email;
$info['stat'] = $stat;
$info['ssourl'] = $ssourl;
$info['auth_key'] = $this->auth_key;
$info['ck'] = md5(ICIBA_PRIVATE_KEY . serialize($info) . rand(1000000, 9999999));
//默認30天內到期
$this->memcache_ck_init();
$result = $this->memcacheck->set("sso_ck_" . $info['ck'], serialize($info), 86400 * CK_EXPIRE_DATE);
1:每次登陸時,生成CK並保存在服務器端(以後每次登陸都能生成新的CK)
$userinfo['ck'] = $this->__genenal_ck($user['userid'], $user['nickname'], $user['email'], $user['stat'], $userinfo['ssourl'], $code);
2:如果黑客修改了登錄接口 用戶名,密碼,暱稱,ip進行模仿用戶登錄時,CK一定驗證不過!
$info['ip'] = $this->ip;
$info['logintime'] = time();
$info['uid'] = $userid;
$info['nickname'] = $nickname;
$info['email'] = $email;
$info['stat'] = $stat;
$info['ssourl'] = $ssourl;
$info['auth_key'] = $this->auth_key;
$info['ck'] = md5(ICIBA_PRIVATE_KEY . serialize($info) . rand(1000000, 9999999));
//默認30天內到期
$this->memcache_ck_init();
$result = $this->memcacheck->set("sso_ck_" . $info['ck'], serialize($info), 86400 * CK_EXPIRE_DATE);
