2
正确验证用户身份后,数据库类方法正常工作。会话正在设置为正确的用户ID,但登录变量没有被设置? Var转储返回false,但在运行登录方法后应该将其设置为true。PHP&MySQLi OOP - 为什么我的登录变量没有被设置为true?
的login.php
<?php
//session is started in the initialize file and all required files are included
require_once('includes/init.php');
// set initial values so that input values using username and password variables do not return undefined as well as the error variable
$username = "";
$password = "";
$error = "";
if($session->isLoggedIn()) {
redirect('index.php');
}
if (isset($_POST['submit'])) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$foundUser = User::verify($username, $password);
if ($foundUser) {
$session->login($foundUser);
redirect('index.php');
} else {
$error = "Combination incorrect";
}
}
?>
session.php文件
<?php
// Session class allows to store session cookies so that data can be looked up without having to go back to the database
// Database objects not stored because they could get updated in the database so the cookies could become outdated
class Session {
public $loggedIn = false;
public $userId;
function __contruct() {
$this->checkLogin();
}
public function isLoggedIn() {
return $this->loggedIn;
}
private function checkLogin() {
if(isset($_SESSION['userId'])) {
$this->userId = $_SESSION['userId'];
$this->loggedIn = true;
} else {
unset($this->userId);
$this->loggedIn = false;
}
}
public function login($user) {
if($user) {
$this->userId = $_SESSION['userId'] = $user->userId;
$this->loggedIn = true;
}
}
public function logout() {
unset($_SESSION['userId']);
unset($this->userId);
$this->loggedIn = false;
}
}
$session = new Session();
?>
user.php的
<?php
class User {
public $userId;
public $username;
public $password;
public $email;
public $firstname;
public $lastname;
public $access;
public $active;
public static function getUsers() {
return self::getBySQL("SELECT * FROM users");
}
public static function getUserId($id=0) {
global $db;
$resultArray = self::getBySQL("SELECT * FROM users WHERE userId={$id}");
return !empty($resultArray) ? array_shift($resultArray) : false;
}
public static function getBySQL($sql) {
global $db;
$result = $db->query($sql);
$objArray = array();
while ($row = $db->fetchArray($result)) {
$objArray[] = self::instantiate($row);
}
return $objArray;
}
public function getName() {
if (isset($this->firstname) && isset($this->lastname)) {
return $this->firstname . " " . $this->lastname;
} else {
return "";
}
}
private static function instantiate($record) {
$object = new self;
foreach($record as $attr=>$value){
if($object->hasAttr($attr)) {
$object->$attr = $value;
}
}
return $object;
}
private function hasAttr($attr) {
$objectVars = get_object_vars($this);
return array_key_exists($attr, $objectVars);
}
public static function verify($username, $password) {
global $db;
$username = $db->prepare($username);
$password = $db->prepare($password);
$sql = "SELECT * FROM users WHERE username = '{$username}' AND userpass = '{$password}'";
$resultArray = self::getBySQL($sql);
return !empty($resultArray) ? array_shift($resultArray) : false;
}
}
?>
database.php中
<?php
include 'config.php';
class Database {
private $connection;
function __construct() {
$this->connect();
}
public function connect() {
$this->connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
if(mysqli_connect_errno()) {
die("Database connection failed: " .
mysqli_connect_error() .
" (" . mysqli_connect_errno() . ")"
);
}
}
public function disconnect() {
if(isset($this->connection)) {
mysqli_close($this->connection);
unset($this->connection);
}
}
public function query($sql) {
$result = mysqli_query($this->connection, $sql);
if (!$result) {
die("Database query failed.");
}
return $result;
}
public function prepare($data) {
$escString = mysqli_real_escape_string($this->connection, $data);
return $escString;
}
public function fetchArray($results) {
return mysqli_fetch_assoc($results);
}
}
$db = new Database();
?>
请使用PHP的[内置函数](http://jayblanchard.net/proper_password_hashing_with_PHP.html)来处理密码安全性。如果您使用的PHP版本低于5.5,则可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。 –
@JayBlanchard是的,别担心我对安全很重要,所以我最终会加入保护,但是atm只是为了让所有的东西都能正常工作 –
我讨厌人们说*“我不是那么远......”*或*“本网站不会公开......”或*“仅限于学校,所以安全无关紧要......”*。如果教师和教授从一开始就没有谈论安全问题,他们就错了。挑战他们。他们正在教导草率和危险的编码习惯,学生们稍后将不得不忘记。当人们说,“我会在以后增加安全性......”时,我也讨厌它。如果您第一次没有时间做对,那么您什么时候能找到时间来添加它? ¯\\ _(ツ)_ /¯ –