0
我一直在试图让我的登录脚本与数据库管理的会话一起工作。使用数据库会话登录?
这是我的数据库会话类:
class SessionManager {
var $life_time;
function SessionManager() {
// Read the maxlifetime setting from PHP
$this->life_time = 600; //10 minutes
// Register this object as the session handler
session_set_save_handler(array(&$this, "open"),
array(&$this, "close"),
array(&$this, "read"),
array(&$this, "write"),
array(&$this, "destroy"),
array(&$this, "gc")
);
}
function open($save_path, $session_name) {
global $sess_save_path;
$sess_save_path = $save_path;
// Don't need to do anything. Just return TRUE.
return true;
}
function close() {
return true;
}
function read($id) {
// Set empty result
$data = '';
// Fetch session data from the selected database
$time = time();
$newid = mysql_real_escape_string($id);
$sql = "SELECT
`session_data`
FROM
`sessions`
WHERE
`session_id` = '$newid'
AND
`session_expire` > $time";
$rs = mysql_query($sql);
$a = mysql_num_rows($rs);
if($a > 0) {
$row = mysql_fetch_assoc($rs);
$data = $row['session_data'];
}
return $data;
}
function write($id, $data) {
// Build query
$time = time() + $this->life_time;
$newid = mysql_real_escape_string($id);
$newdata = mysql_real_escape_string($data);
$sql = "INSERT INTO `sessions` (`session_id`, `session_data`,
`session_expire`, `session_agent`,
`session_ip`)
VALUES
(\"".$id."\", \"".$data."\",
\"".time()."\",\"".$_SERVER['HTTP_USER_AGENT']."\",
\"".$_SERVER['REMOTE_ADDR']."\")
ON DUPLICATE KEY UPDATE
`session_id` = \"".$id."\",
`session_data` = \"".$data."\",
`session_expire` = \"".time()."\"";
$rs = mysql_query($sql) or die(mysql_error());
return true;
}
function destroy($id) {
// Build query
$id = mysql_real_escape_string($id);
$sql = "DELETE FROM `sessions` WHERE `session_id`='$id'";
mysql_query($sql);
return true;
}
function gc(){
// Garbage Collection
// Build DELETE query. Delete all records who have passed the expiration time
$sql = 'DELETE FROM `sessions` WHERE `session_expire` < UNIX_TIMESTAMP();';
mysql_query($sql);
// Always return TRUE
return true;
}
}
这是我的登录类的一部分:
function process_login(){
global $mysql_prefix;
$email = mysql_real_escape_string($_POST['email']);
$check = mysql_query("SELECT password,salt,id FROM ".$mysql_prefix."users WHERE email='$email'");
if(mysql_num_rows($check) > 0){
$info = mysql_fetch_assoc($check);
$private_key = $this->get_secret_key();
$password = hash('sha256', $info['salt'] . hash('sha256', $private_key.$_POST['password']));
if($password == $info['password']){
$_SESSION[$this->user_session]['id'] = $info['id'];
return true;
}else{
return false;
}
}else{
return false;
}
}
我已经要求会话班在我global.php文件,称为类(或任何它被称为),但我怎么真的去使用这个新的数据库会话系统与我目前的登录类?
我试图用$ManageSessions->write(id, data)
这样的:
function process_login(){
global $mysql_prefix;
$email = mysql_real_escape_string($_POST['email']);
$check = mysql_query("SELECT password,salt,id FROM ".$mysql_prefix."users WHERE email='$email'");
if(mysql_num_rows($check) > 0){
$info = mysql_fetch_assoc($check);
$private_key = $this->get_secret_key();
$password = hash('sha256', $info['salt'] . hash('sha256', $private_key.$_POST['password']));
if($password == $info['password']){
$SessionManager->write(session_id(),$info['id']);
return true;
}else{
return false;
}
}else{
return false;
}
}
但它似乎没有工作,并且数据被覆盖的第二页进行更新。
我必须错过某些明显的东西,或者只是编写错误的东西。
(我知道在脚本安全漏洞的,我在重新设计它的过程,所以请不要说关于安全任何东西,或喜欢。谢谢:))
啊,好吧,我的世界变得更小了:)。干杯! – MrE