脚本宝典收集整理的这篇文章主要介绍了php – 使用会话的高级用户身份验证,脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。
-those who are registered and are subscribed for current month -those that are registered,but are not subscribed for current month -users that are not registered (you cant be subscribed if you are not regITered)
我已经创建了识别这3种用户的代码并且行为恰当.我的问题是,这是要走的路吗?我以前从未做过类似的事情.或者我应该重新编程我的方法?
//connect to database and see if a user and password combination exists. Store $exists=0 if not,and $exists=1 if it exists. session_start(); $conn = new MysqLi($hn,$un,$pw,$db); if ($conn->connect_error){ die($conn->connect_error); } $query = "SELECT COUNT(1) as 'exists',expiration_date From table WHERE email = ? AND password = ?;"; $stmt = $conn->PRepare($query); $stmt->bind_param("ss",$email,$password); $email = $_POST["email"]; $password = hash("hashingalgorithm","salt".$_POST["password"]."salthere"); $stmt->execute(); /* Get the result */ $result = $stmt->get_result(); $num_of_rows = $result->num_rows; $row = $result->fetch_assoc(); $exists = $row["exists"]; $expiration_date = $row["expiration_date"]; /* free results */ $stmt->free_result(); /* close statement */ $stmt->close(); $conn->close(); date_default_timezone_set('EuroPE/Berlin'); if ($exists==0){ echo "Wrong email or password"; $_SESSION['LOGinerror'] = 2; header('Location: https://www.homepage.COM/login'); }else if ($exists){ if (strtotime($expiration_date) < (strtotime("Now"))){//logged in,but not subscribed session_destroy(); session_start(); $_SESSION["authenticated"] = true; header('Location: https://www.homepage.com'); }else{//logged in and ready to go $_SESSION["authenticated"] = true; $_SESSION["email"] = $email; header('Location: https://www.homepage.com'); } }else{ echo "An error with has occured."; }
然后在我网站的每一页上我都使用这段代码,看看有哪些用户访问过我
session_start(); if(isset($_SESSION["authenticated"]) && isset($_SESSION["email"])){ $email = $_SESSION["email"]; //connect to database and fetch expiration_date for a user with $email. Store it in $expiration_date $conn = new MysqLi($hn,$db); if ($conn->connect_error){ die($conn->connect_error); } $query = "SELECT expiration_date From table WHERE email = ?;"; $stmt = $conn->prepare($query); $stmt->bind_param("s",$email); $email = $_SESSION["email"]; $stmt->execute(); /* Get the result */ $result = $stmt->get_result(); $num_of_rows = $result->num_rows; $row = $result->fetch_assoc(); $expiration_date = $row["expiration_date"]; /* free results */ $stmt->free_result(); /* close statement */ $stmt->close(); $conn->close(); date_default_timezone_set('Europe/Berlin'); if (strtotime($expiration_date) < (strtotime("Now"))){//logged in,but not subscribed session_destroy(); session_start(); $_SESSION["authenticated"] = true; header('Location: https://www.homepage.com'); }else{ //htML for subsribed and registered user echo <<<_END //html here _END; } }else if(isset($_SESSION["authenticated"]) && !isset($_SESSION["email"])){ // user is logged in,but not subscribed; echo <<<_END //htmlhere _END; }else{// user is not registered nor is subscribed echo <<<_END //htmlhere _END; }
代码有效,但我担心一旦用户注册并订阅,就会在每个页面上访问数据库.我实际上是在惩罚用户注册和订阅.
是否有更好的,性能明智的方式来处理这类问题?
在我看来,你需要改变你使用会话的方式,
$_session['email'] // email address of user $_session['auth_type'] // holds authentication type $_session['auth_till'] // subscription expire date
然后让我们创建函数来检查订阅.此函数可以放在单独的文件中,例如:init.PHP.在这里,我们可以设置会话启动机制,以便在任何情况下都可以使用会话.
if(!isset($_SESSION))
session_start(); // start session if not already started
// lets define global VARs to hold authentication type of visitor
define("SUBSCRIBED",1);
define("UN_SUBSCRIBED",2);
define("REGISTERED",3);
function checkSubscription():bool{
$return = false;
if(($_session['auth_type']==SUBSCRIBED)&&(strtotime($_session['auth_till']) < strtotime("Now")))
$return= true;
return $return
}
并且在login.PHP上使用相同的技术,同时设置会话身份验证类型.
例如:
<?PHP // file: product.PHP include_once("init.PHP"); if(!checkSubscription()){ // subscription finished. do what you need to do. otherwise continue. }
您的代码可以进行许多改进.但我认为这将满足您的需求.如果您需要任何其他助手,请告诉我.请访问Scape,如果有任何有用的编码,请告诉我.
以上是脚本宝典为你收集整理的php – 使用会话的高级用户身份验证全部内容,希望文章能够帮你解决php – 使用会话的高级用户身份验证所遇到的问题。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。