我是PHP新手,並且完全用OOP和MVC全新,所以請耐心等待。
我基於一些教程構建了一個簡單的登錄系統,結果令人滿意;我可以訪問我的 controllers->行動只有當我登錄,如果我不是我總是重定向到登錄視圖等。PHP MVC OOP在未登錄時保護瀏覽的內容
問題是:每例如,如果我把在URL localhost/project/views/home.php我得到顯示的視圖。那麼,如果用戶沒有登錄,如何保護我的觀點?
代碼:我的 home.php和幾乎任何其他視圖不包含任何有趣的PHP代碼。只是從 index.php取小部分。
我的index.php:
<?php
require_once('connection.php');
define("APP_NAME", "Edarati");
session_start();
if(!isset($_SESSION['name'])) {
require_once('controllers/login_controller.php');
require_once('models/user.php');
$login = new LoginController();
$login->login();
if (isset($_GET['action']) && $_GET['action'] == 'register') {
$login->register();
}
} else {
// logging out
if(isset($_GET['action'])) {
if ($_GET['action'] == 'logout') {
require_once('controllers/login_controller.php');
require_once('models/user.php');
$login = new LoginController();
$login->logout();
header('Location:index.php');
}
}
if (isset($_GET['controller']) && isset($_GET['action'])) {
$controller = $_GET['controller'];
$action = $_GET['action'];
} else {
$controller = 'pages';
$action = 'home';
}
require_once('views/layout.php');
?>
}
If you need to see any other file or bit of code let me know!
<b>login_controller.php</b>
<?php
class LoginController {
public function login() {
require_once('views/login/login.php');
if(isset($_POST['login'])) {
$usr = new User;
$usr->storeFormValues($_POST);
if($usr->userLogin()) {
$_SESSION['name'] = $usr->username;
header('Location:index.php');
} else {
// TODO error page
echo "error syntaxe page teet teet"; // didnt work idk why
}
}
}
public function register() {
require_once('views/login/register.php');
if(isset($_POST['register'])) {
$usr = new User;
$usr->storeFormValues($_POST);
if($_POST['password'] == $_POST['conpassword']) {
echo $usr->register($_POST);
} else {
echo "Password and Confirm password not match";
}
}
}
public function logout() {
session_start();
session_unset();
session_destroy();
}
}
user.php的
<?php
class User {
public $username = null;
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
public $first_name = null;
public $last_name = null;
public function __construct($data = array()) {
if(isset($data['username'])) $this->username = stripslashes(strip_tags($data['username']));
if(isset($data['password'])) $this->password = stripslashes(strip_tags($data['password']));
}
public function storeFormValues($params) {
//store the parameters
$this->__construct($params);
}
public function userLogin() {
$success = false;
try{
$con = Db::getInstance();
$sql = "SELECT * FROM perso WHERE login = :username AND passe = :password LIMIT 1";
$stmt = $con->prepare($sql);
$stmt->bindValue("username", $this->username, PDO::PARAM_STR);
$stmt->bindValue("password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR);
$stmt->execute();
$valid = $stmt->fetchColumn();
if($valid) {
$success = true;
}
$con = null;
return $success;
}catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
public function register() {
$correct = false;
try {
$con = Db::getInstance();
$sql = "INSERT INTO perso(login, passe) VALUES(:username, :password)";
$stmt = $con->prepare($sql);
$stmt->bindValue("username", $this->username, PDO::PARAM_STR);
$stmt->bindValue("password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR);
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}catch(PDOException $e) {
return $e->getMessage();
}
}
public static function getUser($username) {
$db = Db::getInstance();
$curUser = new self();
$req = $db->query("SELECT * FROM perso WHERE login = '$username'");
$user = $req->fetch();
$curUser->username = $user['login'];
$curUser->first_name = $user['prenom'];
$curUser->last_name = $user['nom'];
return $curUser;
}
}
?>
請發表您的'LoginController'實現。 –
那裏你去Henrique – Anas
從來沒有聽說過laravel身份驗證?它提供了一切開箱即用 – dynamic