1
我有以下檢查用戶登錄的功能。在當前狀態下,它會檢查用戶名或電子郵件以及密碼(散列),如果結果與db中的結果相匹配,它會返回一些值(如果不能,請抽取其他變量或函數,看到他們):如果從數據庫中選擇的值爲1,如何阻止用戶?
// Start Checking The Login Credentials
public function checkUserLogin($username, $password) {
$password = hash_hmac('sha512', $password, $this->salt($password));
if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $username)){
$identifier = 'user_email';
} else {
$identifier = 'user_username';
}
$sql = 'SELECT user_username,user_level FROM users WHERE '.$identifier.' = ? AND user_password = ?';
// Check Login Attempts
if (isset($_SESSION['attempts']) && $_SESSION['attempts'] >= NUMBER_OF_ATTEMPTS) {
$lockdown = true;
$message['lockdown'] = true;
$message['message'] = SYSTEM_LOCKDOWN_MESSAGE;
return json_encode($message);
} else {
if ($stmt = $this->connect->prepare($sql)) {
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $level);
if ($stmt->fetch()) {
$stmt->close();
$_SESSION['member_logged_in'] = true;
$_SESSION['username'] = $username;
$_SESSION['level'] = $level;
$_SESSION['attempts'] = 0;
$ip = $this->getIP();
$sql = "UPDATE users SET user_last_login_date = NOW(), user_last_login_ip = '$ip' WHERE user_username = '$username'";
if ($stmt = $this->connect->prepare($sql)) {
$stmt->execute();
$stmt->close();
} else {
$error = true;
$message['error'] = true;
$message['message'] = CANNOT_PREPARE_DATABASE_CONNECTION_MESSAGE;
return json_encode($message);
}
$message['level'] = $level;
if($level = 0) {
$_SESSION['standard'] = true;
} elseif($level = 1) {
$_SESSION['special'] = true;
} elseif($level = 2) {
$_SESSION['admin'] = true;
}
$error = false;
$message['error'] = false;
$message['message'] = SUCCESFUL_LOGIN_MESSAGE;
return json_encode($message);
} else {
@$_SESSION['attempts'] = $_SESSION['attempts'] + 1;
$error = true;
$message['error'] = true;
$message['message'] = FAILED_LOGIN_MESSAGE;
return json_encode($message);
}
}
}
}
現在,我想要做的是,如果憑據的數據庫,並找到匹配返回值之前,請檢查在db另一個值稱爲user_disabled它可以是0或1,如果找到1值,則返回另一條消息,如,如果找到0,則繼續執行代碼中的其餘代碼(成功登錄)。
我有下面的代碼,做約我需要什麼,但是當我嘗試這個公共函數內將它不起作用:
$sql = "SELECT user_disabled FROM users WHERE user_username = '$username'";
if ($stmt = $this->connect->prepare($sql)) {
$stmt->execute();
$stmt->bind_result($disabled);
$stmt->fetch();
$stmt->close();
if($disabled = 0){
/* Here is what should happen if the user is not blocked | The code after "$stmt->fetch()" */
} else {
@$_SESSION['attempts'] = $_SESSION['attempts'] + 1;
$error = true;
$message['error'] = true;
$message['message'] = 'ceva';
return json_encode($message);
}
} else {
$error = true;
$message['error'] = true;
$message['message'] = CANNOT_PREPARE_DATABASE_CONNECTION_MESSAGE;
return json_encode($message);
}
有人能幫助我,是因爲我想不通出了怎麼做對不對?
'如果($禁用== 0)'?你可能需要一個額外的等號 – 2012-01-27 07:08:17
難道是這樣嗎? – Roland 2012-01-27 07:09:06
很難說你的問題是什麼,因爲在這個例子中有很多事情要做。也許如果你可以創建一個簡短的,自包含的例子來顯示問題,那麼診斷起來會更容易。 – 2012-01-27 07:11:34