1. 首頁
  2. 問答
  3. 在一個PHP文件中將PHP註冊和登錄組合到一個類中具有多個功能

在一個PHP文件中將PHP註冊和登錄組合到一個類中具有多個功能

2016-07-28 51 views
-1

我正在嘗試將php網站的註冊,激活和登錄腳本合併到後端腳本中,前端開發人員可以將不同形式的變量至。 我的問題是這是否是適當的方法來做到這一點。我不想爲我正在開發的應用程序的所有不同部分提供大量的php文件。到目前爲止,我已經寫了下面的兩個功能登錄,註冊並激活其前端開發者可以調用用戶:在一個PHP文件中將PHP註冊和登錄組合到一個類中具有多個功能

<?php 
/** 
* Created by PhpStorm. 
* User: Karl 
* Date: 26/07/2016 
* Time: 02:25 
*/ 

class users 
{ 
    function register_user($email, $password, $user_name) 
    { 
     $server_name = "localhost"; 
     $u_name = "root"; 
     $db_password = "root"; 
     $db_name = "betamath_graspe"; 

     //Email Notification variable 
     $from_address="[email protected]"; 

     //Registration form 
     $msg_reg_user='Username taken. Please choose a different username'; 
     $msg_reg_email='Email Already registered'; 
     $msg_reg_active='Activation code has been successfully sent to your Email Address'; 

     //domain configuration 
     $url = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http"); 
     $url .= "://".$_SERVER['HTTP_HOST']; 
     $url .= str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']); 

     // Create connection 
     $conn = new mysqli($server_name, $u_name, $db_password, $db_name); 
     // Check connection 
     if ($conn->connect_error) { 
      die("Connection failed: " . $conn->connect_error); 
     } 
     //prevent sql injection 
     $user_name=mysqli_real_escape_string($conn,$_POST["user_name"]); 
     $password=mysqli_real_escape_string($conn,$_POST["password"]); 
     $email=mysqli_real_escape_string($conn,$_POST["email"]); 

     //check if user exist already 
     $query="select * from users where user_name='$user_name'"; 
     $result=mysqli_query($conn,$query) or die('error'); 
     if (mysqli_num_rows($result)) 
     { 
      die($msg_reg_user); 
     } 
     //check if user exist already 
     $query="select * from users where email='$email'"; 
     $result=mysqli_query($conn,$query) or die('error'); 
     if (mysqli_num_rows($result)) 
     { 
      die($msg_reg_email); 

     } 

     $active_key = sha1(mt_rand(10000,99999).time().$email); 

     if(phpversion() >= 5.5) 
     { 
      $hashed_password=password_hash($password,PASSWORD_DEFAULT); 
     } 
     else 
     { 
      $hashed_password = crypt($password,'987654321'); //Hash used to suppress PHP notice 
     } 

     $query="insert into users(username,password,email,active_key) values ('$user_name','$hashed_password','$email','$active_key')"; 

     if (!mysqli_query($conn,$query)) 
     { 
      die('Error: ' . mysqli_error($conn)); 

     } 

     //send email for the user with password 

     $to=$email; 
     $subject="Welcome To Graspe"; 
     $body="Hi ".$user_name. 
      "<br /><br /> Thanks for your registration.<br />". 
      "Click the below link to activate your account<br /><br />". 
      "<a href=\"$url/activate_user_account.php?k=$active_key\"> Activate Account </a><br /><br /> Thanks<br />"; 


     $headers = 'MIME-Version: 1.0' . "\r\n"; 
     $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; 
     $headers .="From:".$from_address . "\r\n";; 

     mail($to,$subject,$body,$headers); 
     echo $msg_reg_active; 

    } 

    function login_user($username, $password) 
    { 
     $server_name = "localhost"; 
     $user_name = "root"; 
     $db_password = "root"; 
     $db_name = "betamath_graspe"; 

     // Create connection 
     $conn = new mysqli($server_name, $user_name, $db_password, $db_name); 
     // Check connection 
     if ($conn->connect_error) { 
      die("Connection failed: " . $conn->connect_error); 
     } 
     //Message strings 
     $msg_pwd_error='Password incorrect'; 
     $msg_un_error='Username Doesn\'t exist'; 
     $msg_email_1='User Account not yet activated.'; 
     $msg_email_2='Click here to resend activation email'; 

     //domain configuration 
     $url = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http"); 
     $url .= "://".$_SERVER['HTTP_HOST']; 
     $url .= str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']); 


     //check if user exist already 
     $query="select * from users where username='$username'"; 
     $result=mysqli_query($conn,$query) or die('error'); 
     if (mysqli_num_rows($result)) //if exist then check for password 
     { 
      //Pickup password to compare with encrypted password 
      $query="select password,email from users where username='$username'"; 
      $result=mysqli_query($conn,$query) or die('error'); 
      $db_field = mysqli_fetch_assoc($result); 
      //3.3 $hashed_password=crypt($password,$db_field['password']); 

      if(phpversion() >= 5.5) 
      { 
       if(password_verify($password, $db_field['password'])) 
       { 
        //once password is verified migrate to password_hash from crypt 
        if(strlen($db_field['password']) < 60) 
        { 
         $hashed_password=password_hash($password,PASSWORD_DEFAULT); 
         $query = "update users set password='$hashed_password' where username='$username' and email='$db_field[email]'"; 
         //echo $query; 
         $result = mysqli_query($conn,$query) or die('error updating password hash'); 
        } 

        $query="select * from users where username='$username"; 
        $result=mysqli_query($conn,$query) or die('error'); 
        if(mysqli_num_rows($result)) 
        { 
         $_SESSION['login'] = true; 
         $_SESSION['username']=$username; 
         echo json_encode(array('result'=>1)); 
        } 
        else 
        { 
         echo json_encode(array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_activation_key.php?user=".$username."\">$msg_email_2</a>.")); 
         // echo "User Account not yet activated.Check your mail for activation details."; 
        } 

       } 
       else 
       { 
        echo json_encode(array('result'=>$msg_pwd_error)); 
       } 

      } 
      else 
      { 
       $hashed_password=crypt($password,$db_field['password']); 
       $query="select * from users where username='$username' and password='$hashed_password'"; 
       $result=mysqli_query($conn,$query) or die('error'); 
       if (mysqli_num_rows($result)) //if passwords match then check activation status 
       { 
        $query="select * from users where username='$username' and password='$hashed_password' and active_status in(1)"; 
        $result=mysqli_query($conn,$query) or die('error'); 
        if(mysqli_num_rows($result)) 
        { 
         $_SESSION['login'] = true; 
         $_SESSION['username']=$username; 
         echo json_encode(array('result'=>1)); 
        } 
        else 
        { 
         echo json_encode(array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_activation_key.php?user=".$username."\">$msg_email_2</a>.")); 
         // echo "User Account not yet activated.Check your mail for activation details."; 
        } 

       } 
       else 
       { 
        echo json_encode(array('result'=>$msg_pwd_error)); 
        // echo trim("password incorrect"); 
       } 
      } 
     } 

     else 
     { 
      echo json_encode(array('result'=>$msg_un_error)); 
      // die("Username Doesn't exist"); 
      die(); 
     } 
    } 
}

來源

2016-07-28 KPM

+0

那麼,實際的問題是什麼? – Epodax

回答

1

它可以比這更好的實際,首先我不知道如果你正在使用MVC框架,但如果你不需要遷移到一個,以舊的方式創建網站不再是一個好的做法,但如果你沒有時間這樣做,有更好的方法去做這個。

這裏有幾點:

  1. 有一個配置類,所以你不需要寫配置中的每個函數
  2. 你與邏輯混合數據庫查詢,你需要和你分開的需要創建映射器,模型和服務類,這裏是這個http://www.slideshare.net/aaronsaray/enterprise-php-mappers-models-and-services
  3. 一個可以考慮象學說的ORM框架,這將節省大量的時間更多的事情一個很好的例子

來源

2016-07-28 08:53:55 Diab

相關問題

 相關問題