我是PHP新兴的类开发人员,但我仍然很困惑会议的概念。PHP用户级安全协助?
问题1:客户端操作会改变会话吗?如果没有,我可以设置静态会话并使用它们而无需验证?
问题2:我应该如何管理我的用户帐户?
我确实使用了SALT,但是在注册过程中会生成一个代码,并将其插入到用于登录参考的DB中。任何纠正与解释将不胜感激,以及任何有关会议正在修改的客户端。
class user {
private $username = '';
private $password = '';
private $salt = '';
public $prefix = 'rhs_';
function __construct() {
$this->username = '';
$this->password = '';
$this->salt = '';
session_start();
}
public function login ($username, $password) {
$mysql_conn = Database::obtain();
$username = $mysql_conn->escape($username);
$sql = 'SELECT `password`, `salt`, `first_name`, `last_name`, `permission` FROM `accounts` WHERE `username`="'.$username.'"';
$row = $mysql_conn->query_first($sql);
if(!empty($row['password'])) {
$encrypted = md5(md5($mysql_conn->escape($password)).$row['salt']);
if ($encrypted == $row['password']) {
$_SESSION[$this->prefix.'username'] = $username;
$_SESSION[$this->prefix.'password'] = $password;
$_SESSION[$this->prefix.'name'] = $row['first_name'].' '.$row['last_name'];
$_SESSION[$this->prefix.'permission'] = $row['permission'];
header('location: ?page=cpanel');
} else {
return false;
}
} else {
return false;
}
}
会话与类无关。请参阅http://www.php.net/manual/en/book.session.php – DeveloperChris 2011-02-07 01:56:47