1. 首页
  2. 问答
  3. PHP&MySQLi OOP - 为什么我的登录变量没有被设置为true?

PHP&MySQLi OOP - 为什么我的登录变量没有被设置为true?

2016-02-12 57 views
2

正确验证用户身份后,数据库类方法正常工作。会话正在设置为正确的用户ID,但登录变量没有被设置? Var转储返回false,但在运行登录方法后应该将其设置为true。PHP&MySQLi OOP - 为什么我的登录变量没有被设置为true?

的login.php

<?php 

//session is started in the initialize file and all required files are included 
require_once('includes/init.php'); 

// set initial values so that input values using username and password variables do not return undefined as well as the error variable 
$username = ""; 
$password = ""; 
$error = ""; 

if($session->isLoggedIn()) { 
    redirect('index.php'); 
} 

if (isset($_POST['submit'])) { 
    $username = trim($_POST['username']); 
    $password = trim($_POST['password']); 

    $foundUser = User::verify($username, $password); 
    if ($foundUser) { 
     $session->login($foundUser); 
     redirect('index.php'); 
    } else { 
     $error = "Combination incorrect"; 
    } 
} 

?>

session.php文件

<?php 

// Session class allows to store session cookies so that data can be looked up without having to go back to the database 
// Database objects not stored because they could get updated in the database so the cookies could become outdated 

class Session { 
    public $loggedIn = false; 
    public $userId; 

    function __contruct() { 
     $this->checkLogin(); 
    } 

    public function isLoggedIn() { 
     return $this->loggedIn; 
    } 

    private function checkLogin() { 
     if(isset($_SESSION['userId'])) { 
      $this->userId = $_SESSION['userId']; 
      $this->loggedIn = true; 
     } else { 
      unset($this->userId); 
      $this->loggedIn = false; 
     } 
    } 

    public function login($user) { 
     if($user) { 
      $this->userId = $_SESSION['userId'] = $user->userId; 
      $this->loggedIn = true; 
     } 
    } 

    public function logout() { 
     unset($_SESSION['userId']); 
     unset($this->userId); 
     $this->loggedIn = false; 
    } 
} 

$session = new Session(); 

?>

user.php的

<?php 

class User { 

    public $userId; 
    public $username; 
    public $password; 
    public $email; 
    public $firstname; 
    public $lastname; 
    public $access; 
    public $active; 

    public static function getUsers() { 
     return self::getBySQL("SELECT * FROM users"); 
    } 

    public static function getUserId($id=0) { 
     global $db; 
     $resultArray = self::getBySQL("SELECT * FROM users WHERE userId={$id}"); 
     return !empty($resultArray) ? array_shift($resultArray) : false; 
    } 

    public static function getBySQL($sql) { 
     global $db; 
     $result = $db->query($sql); 
     $objArray = array(); 
     while ($row = $db->fetchArray($result)) { 
      $objArray[] = self::instantiate($row); 
     } 
     return $objArray; 
    } 

    public function getName() { 
     if (isset($this->firstname) && isset($this->lastname)) { 
      return $this->firstname . " " . $this->lastname; 
     } else { 
      return ""; 
     } 
    } 

    private static function instantiate($record) { 
     $object = new self; 

     foreach($record as $attr=>$value){ 
      if($object->hasAttr($attr)) { 
       $object->$attr = $value; 
      } 
     } 
     return $object; 
    } 

    private function hasAttr($attr) { 
     $objectVars = get_object_vars($this); 
     return array_key_exists($attr, $objectVars); 
    } 

    public static function verify($username, $password) { 
     global $db; 
     $username = $db->prepare($username); 
     $password = $db->prepare($password); 

     $sql = "SELECT * FROM users WHERE username = '{$username}' AND userpass = '{$password}'"; 
     $resultArray = self::getBySQL($sql); 
     return !empty($resultArray) ? array_shift($resultArray) : false; 
    } 
} 

?>

database.php中

<?php 
include 'config.php'; 

class Database { 
    private $connection; 

    function __construct() { 
     $this->connect(); 
    } 

    public function connect() { 
     $this->connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME); 
     if(mysqli_connect_errno()) { 
      die("Database connection failed: " . 
       mysqli_connect_error() . 
       " (" . mysqli_connect_errno() . ")" 
      ); 
     } 
    } 

    public function disconnect() { 
     if(isset($this->connection)) { 
      mysqli_close($this->connection); 
      unset($this->connection); 
     } 
    } 

    public function query($sql) { 
     $result = mysqli_query($this->connection, $sql); 
     if (!$result) { 
      die("Database query failed."); 
     } 
     return $result; 
    } 

    public function prepare($data) { 
     $escString = mysqli_real_escape_string($this->connection, $data); 
     return $escString; 
    } 

    public function fetchArray($results) { 
     return mysqli_fetch_assoc($results); 
    } 
} 

$db = new Database(); 

?>

来源

2016-02-12 Sam Lane

+0

请使用PHP的[内置函数](http://jayblanchard.net/proper_password_hashing_with_PHP.html)来处理密码安全性。如果您使用的PHP版本低于5.5,则可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。 –

+0

@JayBlanchard是的,别担心我对安全很重要,所以我最终会加入保护,但是atm只是为了让所有的东西都能正常工作 –

+2

我讨厌人们说*“我不是那么远......”*或*“本网站不会公开......”或*“仅限于学校,所以安全无关紧要......”*。如果教师和教授从一开始就没有谈论安全问题,他们就错了。挑战他们。他们正在教导草率和危险的编码习惯,学生们稍后将不得不忘记。当人们说,“我会在以后增加安全性......”时,我也讨厌它。如果您第一次没有时间做对,那么您什么时候能找到时间来添加它? ¯\\ _(ツ)_ /¯ –

回答

1

PHP不能在请求之间保持变量值。这意味着每次调用脚本时,$ bool变量都将被设置为false。如果要保持请求之间的值,则必须使用会话,或者如果希望会话之间共享变量,可使用某些缓存机制,如APC或Memcache。

来源

2016-02-12 14:51:38 Matheno

相关问题

 相关问题