0
我一直在試圖讓我的登錄腳本與數據庫管理的會話一起工作。使用數據庫會話登錄?
這是我的數據庫會話類:
class SessionManager {
var $life_time;
function SessionManager() {
// Read the maxlifetime setting from PHP
$this->life_time = 600; //10 minutes
// Register this object as the session handler
session_set_save_handler(array(&$this, "open"),
array(&$this, "close"),
array(&$this, "read"),
array(&$this, "write"),
array(&$this, "destroy"),
array(&$this, "gc")
);
}
function open($save_path, $session_name) {
global $sess_save_path;
$sess_save_path = $save_path;
// Don't need to do anything. Just return TRUE.
return true;
}
function close() {
return true;
}
function read($id) {
// Set empty result
$data = '';
// Fetch session data from the selected database
$time = time();
$newid = mysql_real_escape_string($id);
$sql = "SELECT
`session_data`
FROM
`sessions`
WHERE
`session_id` = '$newid'
AND
`session_expire` > $time";
$rs = mysql_query($sql);
$a = mysql_num_rows($rs);
if($a > 0) {
$row = mysql_fetch_assoc($rs);
$data = $row['session_data'];
}
return $data;
}
function write($id, $data) {
// Build query
$time = time() + $this->life_time;
$newid = mysql_real_escape_string($id);
$newdata = mysql_real_escape_string($data);
$sql = "INSERT INTO `sessions` (`session_id`, `session_data`,
`session_expire`, `session_agent`,
`session_ip`)
VALUES
(\"".$id."\", \"".$data."\",
\"".time()."\",\"".$_SERVER['HTTP_USER_AGENT']."\",
\"".$_SERVER['REMOTE_ADDR']."\")
ON DUPLICATE KEY UPDATE
`session_id` = \"".$id."\",
`session_data` = \"".$data."\",
`session_expire` = \"".time()."\"";
$rs = mysql_query($sql) or die(mysql_error());
return true;
}
function destroy($id) {
// Build query
$id = mysql_real_escape_string($id);
$sql = "DELETE FROM `sessions` WHERE `session_id`='$id'";
mysql_query($sql);
return true;
}
function gc(){
// Garbage Collection
// Build DELETE query. Delete all records who have passed the expiration time
$sql = 'DELETE FROM `sessions` WHERE `session_expire` < UNIX_TIMESTAMP();';
mysql_query($sql);
// Always return TRUE
return true;
}
}
這是我的登錄類的一部分:
function process_login(){
global $mysql_prefix;
$email = mysql_real_escape_string($_POST['email']);
$check = mysql_query("SELECT password,salt,id FROM ".$mysql_prefix."users WHERE email='$email'");
if(mysql_num_rows($check) > 0){
$info = mysql_fetch_assoc($check);
$private_key = $this->get_secret_key();
$password = hash('sha256', $info['salt'] . hash('sha256', $private_key.$_POST['password']));
if($password == $info['password']){
$_SESSION[$this->user_session]['id'] = $info['id'];
return true;
}else{
return false;
}
}else{
return false;
}
}
我已經要求會話班在我global.php文件,稱爲類(或任何它被稱爲),但我怎麼真的去使用這個新的數據庫會話系統與我目前的登錄類?
我試圖用$ManageSessions->write(id, data)這樣的:
function process_login(){
global $mysql_prefix;
$email = mysql_real_escape_string($_POST['email']);
$check = mysql_query("SELECT password,salt,id FROM ".$mysql_prefix."users WHERE email='$email'");
if(mysql_num_rows($check) > 0){
$info = mysql_fetch_assoc($check);
$private_key = $this->get_secret_key();
$password = hash('sha256', $info['salt'] . hash('sha256', $private_key.$_POST['password']));
if($password == $info['password']){
$SessionManager->write(session_id(),$info['id']);
return true;
}else{
return false;
}
}else{
return false;
}
}
但它似乎沒有工作,並且數據被覆蓋的第二頁進行更新。
我必須錯過某些明顯的東西,或者只是編寫錯誤的東西。
(我知道在腳本安全漏洞的,我在重新設計它的過程,所以請不要說關於安全任何東西,或喜歡。謝謝:))
啊,好吧,我的世界變得更小了:)。乾杯! – MrE