1. 首頁
  2. 問答
  3. session_start()和$ _SESSION數組,並匹配登錄到數組中的對象

session_start()和$ _SESSION數組,並匹配登錄到數組中的對象

2011-10-29 21 views
0

我想讓登錄處理器與用戶輸入的內容匹配,包含名字,姓氏和硬編碼對象數組密碼。我不知道如何在登錄和對象數組之間進行檢查。我有3頁,student.class.php,login.php和processor.php。

我還需要使用session_start()和$ _SESSION數組,但我不知道如何將其實現到我的項目中。我會製作一個單獨的會話文件,還是將其包含到我的處理器中?

Student.class.php

<?php 

class Student 
{ 

    private $f_name; 
    private $l_name; 
    private $full_name; 
    private $password; 

    //Constructor method 
    public function __construct($f_name,$l_name,$password) { 
     $this->f_name = $f_name; 
     $this->l_name = $l_name; 
     $this->password = $password; 
    } 



    function get_name(){ 
     $full_name = $this->f_name.' '.$this->l_name; 
     return $full_name; 
    } 

    function get_level(){ 
     return $this->level; 
    } 

    function get_gender(){ 
     return $this->gender; 
    } 

    function get_password(){ 
     return $this->password; 
    } 
} 
?>

的login.php

<!DOCTYPE html> 
<html> 
    <head> 
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
     <title></title> 
    </head> 

    <body> 
    <?php 

    require_once 'student.class.php'; 

    $students = array(); 

    $students[0] = new Student('Trey', 'Smith', 'senior', 'male', 'sailor1234'); 
    $students[1] = new Student('Kyle', 'McAulay', 'junior', 'male', 'abc123'); 
    $students[2] = new Student('Stacey', 'Keibler','senior','female', 'hotdawg23'); 
    $students[3] = new Student('Lindsey', 'Mullins', 'junior','female','gonoles69'); 
    $students[4] = new Student('Kenneth', 'Jaggers','senior', 'male', 'peterpanpan'); 
    $students[5] = new Student('Chad', 'Endris', 'sophomore', 'male','back2thefuture'); 

    ?> 

    <h1>Sign up for our site!</h1> 
    <form method="post" action="processor.php">  
     <fieldset>   
      <label>First Name</label> 
      <input type="text" name="first_name"/> 

      <label>Last Name</label> 
      <input type="text" name="last_name"/> 

      <label>Password</label> 
      <input type="text" name="password"/>      
     </fieldset> 

     <br><input type="submit" value="Submit"></input></br> 
    </body> 
</html>

processor.php

<!DOCTYPE html> 
<html> 
    <head> 
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
     <title></title> 
    </head> 

    <body> 

    <?php 

    require_once 'student.class.php'; 
    require_once 'login.php'; 

    function check_submit($field_to_check) 
    { 
     if (isset($_POST[$field_to_check]) && $_POST[$field_to_check] != '') 
     { 
      return TRUE; 
     } 
     else 
     { 
      return "Please fill in the $field_to_check category!"; 
     } 
    } 


    $errors = array(); 

    $_POST['first_name'] = strip_tags(trim($_POST['first_name'])); 
    $_POST['last_name'] = strip_tags(trim($_POST['last_name'])); 
    $_POST['password'] = strip_tags(trim($_POST['password'])); 


    if (check_submit('first_name') !== TRUE) 
    { 
     $errors[] = check_submit('first_name'); 
    } 

    if (check_submit('last_name') !== TRUE) 
    { 
     $errors[] = check_submit('last_name');  
    } 

    if (check_submit('password') !== TRUE) 
    { 
     $errors[] = check_submit('password');  
    } 

    if (count($errors)> 0){ 
     echo "<ul>"; 
     foreach($errors as $message){ 
     echo "<li>$message</li>"; 
    } 

    echo "</ul>"; 

    die(); 
    } 

    ?> 

    <h1>Thank you for registering <?php echo $_POST['first_name']." 
    ".$_POST['last_name']?>!</h1> 
    <h2>Your password was correct!</h2> 

    </body> 
</html>

來源

2011-10-29 webminer07

回答

1

看跌的session_start()在你需要設置任何頁面的頂部/檢索會話數據

登錄提交後,循環訪問您的學生數組,每個對您的$ _POST輸入進行測試。如果你得到的比賽,該對象保存到一個會話變量,如$ _SESSION [「學生」]

foreach ($students as $student) { 

    if ($student->f_name == $_POST['f_name'] && 
     $student->l_lame == $_POST['l_lame'] && 
     $student->password == $_POST['password']) { 

     $_SESSION['student'] = $student; 
     break; 

    } 

}

這不是一個偉大的方式來做到這一點..最好你就不會被實例化一個新的反對每個學生,除非你以後要使用它們。

此外,在processor.php,你正在尋找$ _ POST [「FIRST_NAME」],但輸入字段的名稱是「f_name」

來源

2011-10-29 21:26:22

+0

我剛纔注意到f_name,l_name等都是私有的。這是必要的嗎?如果是這樣,您必須將它們從對象中傳遞出來,或者將登錄檢查器作爲類中的一種方法。 –

0

首先,硬編碼的陣列應該在processor.php你實際檢查用戶憑證,而不是login.php,它只是呈現登錄表單。然後,您應該以某種方式遍歷學生陣列,並檢查用戶輸入的內容是否有效。但首先讓我們給Student.php添加一個方便的小函數

class Student { 
    function checkCredentials($firstname, $lastname, $password) { 
     $firstname = strip_tags(trim($firstname)); 
     $lastname = strip_tags(trim($lastname)); 
     $password = strip_tags(trim($password)); 

     if(
      $this->f_name == $firstname 
      && $this->l_name == $lastname 
      && $this->password == $password 
     ) { 
      return true; 
     } 

     return false;  
    } 
}

請注意,我已將輸入消毒功能移入類中。而我們現在可以改變processor.php一點:

<!DOCTYPE html> 
<html> 
    <head> 
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 
     <title></title> 
    </head> 

    <body> 

    <?php 

    function check_submit($field_to_check) 
    { 
     if (isset($_POST[$field_to_check]) && $_POST[$field_to_check] != '') 
     { 
      return TRUE; 
     } 
     else 
     { 
      return "Please fill in the $field_to_check category!"; 
     } 
    } 

    if (check_submit('first_name') !== TRUE) 
    { 
     $errors[] = check_submit('first_name'); 
    } 

    if (check_submit('last_name') !== TRUE) 
    { 
     $errors[] = check_submit('last_name');  
    } 

    if (check_submit('password') !== TRUE) 
    { 
     $errors[] = check_submit('password');  
    } 


    if (count($errors)> 0){ 
     echo "<ul>"; 
     foreach($errors as $message){ 
      echo "<li>$message</li>"; 
     } 
     echo "</ul>";  
     die(); 
    }    

    // so far we've only checked if the post values exist 

    require_once "student.class.php"; 

    $students = array(); 

    $students[0] = new Student('Trey', 'Smith', 'senior', 'male', 'sailor1234'); 
    $students[1] = new Student('Kyle', 'McAulay', 'junior', 'male', 'abc123'); 
    $students[2] = new Student('Stacey', 'Keibler','senior','female', 'hotdawg23'); 
    $students[3] = new Student('Lindsey', 'Mullins', 'junior','female','gonoles69'); 
    $students[4] = new Student('Kenneth', 'Jaggers','senior', 'male', 'peterpanpan'); 
    $students[5] = new Student('Chad', 'Endris', 'sophomore', 'male','back2thefuture'); 

    $user = false; // Will store the logged in user, if login succeeds 

    // Here we traverse the array and checkCredentials for each stored Student object 
    foreach($students as $student) { 

     if($student->checkCredentials($_POST["first_name"], $_POST["last_name"], $_POST["password"]) {      
      $user = $student; 
      break; // Since there can be only one logged in user, there is no point to let foreach continue 
     } 
    } 

    if($user == false) { 
     echo "No such user exits"; 
     die(); 
    }       

    ?> 

    <h1>Thank you for registering <?php echo $user->get_name; ?> !</h1> 
    <h2>Your password was correct!</h2> 

    </body> 
</html>

用於登錄成功,最常見的方法是存儲一些種類識別用戶的信息(更常見的是用戶ID)到一個會話變量,並重定向到受保護頁。由於這對你的硬編碼數組是不可能的,所以我只把整個對象放在會話中。這是非常粗糙和不安全的,你應該真的考慮添加一個數據庫的混合。

讓我們稱之爲頁面admin.php的和processor.php年底變爲:

if($user == false) { 
     echo "No such user exits"; 
     die(); 
    }       

    $_SESSION["user"] = $user; 

    header("Location: admin.php"); 
    die();

admin.php的應該是這個樣子:

<?php 

session_start(); 

require_once "student.class.php"; 

if(
    !isset($_SESSION["user"]) 
    || !($_SESSION["user"] instanceof Student) 
) { 
    header("Location: login.php"); 
    die(); 
} 

$user = $_SESSION["user"]; 

?> 

<h1>Thank you for registering <?php echo $user->get_name; ?> !</h1> 
<h2>Your password was correct!</h2>

所以這裏所發生的是:

  • session_start()告訴php你想使用會話,並且它應該在每個使用它們的腳本中,在你輸出任何內容之前到屏幕(即在腳本的最頂端,在任何html之前)。你也應該把它放在processor.php
  • 允許用戶在做什麼admin.php的我們檢查,如果$ _SESSION [「用戶」]變量被初始化之前,如果它擁有一個Student對象
  • 如果不是我們發回用戶登錄。
  • 如果是,我們將Student對象放入一個不錯的變量中以供玩耍。

來源

2011-10-29 21:57:31 yannis

+0

一切都令人驚訝,但我無法得到admin.php頭重定向到admin.php頁面。它只是重新加載login.php頁面,沒有發生任何事情。 – webminer07

+0

processor.php是否在其頂部有session_start()? –

相關問題

 相關問題