在我的应用程序中,我有一个记录锁定机制,可以防止两个人同时处于记录的编辑视图中。下面是锁定时,它在编辑观点被称为了记录功能:卸载活动页面时重置数据库字段值
public function lockRecord($id = null) {
$this->loadModel('User');
$this->Model->id = $id;
$current = $this->Model->read(null, $id);
//Get the current logged-in user's ID
$userid = $current['Model']['requester_id'];
//Get the current lock expiry time
$lock_time = $this->Model->find('first', array(
'fields'=>array('Model.lock_expiry_time'),
'conditions'=>array('Model.id'=>$id)
)
);
//Get the ID of the user who has the record lock (if any)
$logged_user = $this->Model->find('first', array(
'fields'=>array('Model.lock_key'),
'conditions'=>array('Model.id'=>$id)
)
);
//Get that same user's full name
$full_name = $this->User->find('first', array(
'joins' => array(
array(
'table' => 'recordtable',
'alias' => 'Model',
'type' => 'INNER',
'conditions' => array('Model.lock_key = User.id')
)
)
)
);
$this->set('lock_time', $lock_time);
$this->set(compact($current));
$this->set(compact($logged_user));
$this->set(compact($full_name));
if(AuthComponent::user('id') != $logged_user['Msr']['lock_key'] && date("Y-m-d H:i:s") < $lock_time['Msr']['lock_expiry_time']) {
$this->Session->setFlash(__('This MSR is locked for editing by ' . $full_name['User']['full_name'] . '. Please try again in a few minutes or wait for this user to close the document.<br/>
(Lock expires at '. $lock_time['Msr']['lock_expiry_time'] . ')'));
$this->redirect(array('action' => 'view', $id));
} else {
//Set a new lock key and expiry time if the record is free for editing
$locksession = $this->Msr->query("UPDATE msrs SET lock_key = {$userid}, lock_expiry_time = ADDTIME(NOW(), '00:05:00') WHERE id = {$id}");
$this->set('locksession', $locksession);
}
}
当用户保存他们的变化,unlockRecord函数被调用,以释放键,复位lock_expiry_time,并将用户重定向到“查看”视图:
public function unlockRecord($id = null) {
//Get a list of security groups
$groups = $this->Session->read('groups');
$this->Msr->id = $id;
//Reset the lock_key and the lock_expiry_time
$locksession = $this->Msr->query("UPDATE msrs SET lock_key = '', lock_expiry_time = '' WHERE id = {$id} ");
//If the module admin manually releases the lock, display a message
if(in_array('msr_module_admin', $groups)) {
$this->Session->setFlash(__('The MSR has been unlocked and is available for editing.'));
}
$this->redirect(array('action'=>'view', $id));
}
存在该锁可以释放其他三个条件:
--An管理员手动解除通过单击链接锁。
- 用户完全退出系统。
- 锁定设置后五分钟过期。
我需要锁释放随时编辑视图中的记录不再有效。例如,如果用户点击另一个网站或点击我自己网站中的不同链接;任何会将它们从“编辑”视图中打开的记录中带走的内容。应将lock_key设置为'',并将lock_expiry_time设置为''。我该如何做到这一点?
'“...... WHERE id = {$ id}”'Aaaand这是一个SQL注入漏洞!请确保在创建原始SQL语句时使用绑定,** _永远不会_ **直接将可能的用户数据插入到查询中! – ndm