我对MVC编程风格很陌生。我有一个管理脚本,我希望能够将用户凭据集成到我的浏览器应用程序中。用户信息,例如用户名,电子邮件,姓名等。此系统的documentation为生成此信息提供了清晰的说明。我已经在下面的脚本中这样做了,但它总是返回“AUTH_NO_SESSION”,因为我无法允许用户登录以获取此信息,这是我的问题:
用户信息(user_cred.php)
include_once("includes.php");
$auth = new TAuthentication();
$accept_roles = array('plugin');
$auth_result = $auth->validateSession($accept_roles);
if ($auth_result->auth_code == AUTH_NO_SESSION) {
header('Access-Control-Allow-Origin: *');
echo "AUTH_NO_SESSION";
// means that no session was found, therefore the page is being accessed anonymously.
} elseif ($auth_result->auth_code == AUTH_OKAY) {
header('Access-Control-Allow-Origin: *');
echo "AUTH_OKAY";
// means that there was a session and the user owns all the required roles to access this content.
} elseif ($auth_result->auth_code == AUTH_INSUFFICIENT_ROLES) {
header('Access-Control-Allow-Origin: *');
echo "AUTH_INSUFFICIENT_ROLES";
// means that a session exists, but the user does not own the required roles to access this content.
} else {
// no code here
}
浏览器应用程序将从上面的user_cred.php文件中检索用户数据。
就这个php文件请求信息而言,一切正常。我面临的问题实际上是获取用户信息,唯一的方法是让用户登录他们的帐户。其他明智的事情都没有给出。
浏览器应用
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function loadXMLDoc()
{
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","user_cred.php",true);
xmlhttp.send();
}
</script>
</head>
<body>
<h2>Using the XMLHttpRequest object</h2>
<div id="myDiv"></div>
<button type="button" onclick="loadXMLDoc()">Change Content</button>
</body>
</html>
在管理系统中,有一个view文件,其中包含以下登录表单。使用户和访问网站。您还拥有包含登录代码的主索引文件。由于我的知识有限,我已经看过这个并相信这两个文件将帮助我使用我的脚本,以便用户可以从浏览器应用程序登录并获取他们的用户凭据。我的想法是将index.php文件中的代码添加到user_cred.php文件中,这样我就可以将这个http://website.com/user_cred.php?username=admin&pass=test&signin=Login的URL添加到javascript httprequest中并获取用户信息
登录视图
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<ul>
<li class="listitem">
<div class="row">
<label>Username:</label>
<input class="textbox" type="text" name="username" value="" maxlength="80"/>
</div>
<div class="row">
<label>Password:</label>
<input class="textbox" type="password" name="password" value="" maxlength="80"/>
</div>
</li>
<li class="listitem">
<div class="row">
<input class="form-button" type="submit" name="signin" value="Signin"/>
<a class="loginoptions indentmore" href="signup.php">Signup</a>
<a class="loginoptions" href="resetpassword.php">Forgot your password?</a>
</div>
</li>
</ul>
</form>
的index.php
include_once("includes.php");
class TSigninController extends TAbstractController {
public function run($allowedRoles = null)
{
$this->allowedRoles = $allowedRoles;
$this->execute();
}
protected function execute()
{
$this->auth_result = parent::validateSession(null);
if ($this->auth_result->auth_code == AUTH_OKAY)
{
$this->goToAfterSignInPage($this->auth_result->roles);
}
else if (!$this->getUserAction())
{
$this->loadview("signin");
}
else
{
$this->signin();
}
}
protected function signin()
{
$input = $this->getUserInput();
$model = $this->loadmodel("Users");
$account = $model->getUser($input["username"], $input["password"]);
if ($account == null || sizeof($account) == 0)
{
$data = array("error" => "Could not sign you in");
$this->loadview("signin", $data);
return;
}
if ($account["disabled"] == 1 || $account["admin_disabled"] == 1)
{
$data = array("error" => ($account["admin_disabled"] == 0) ? "This account is disabled." : "This account is been locked by the admin. Please contact the site admin!");
$this->loadview("signin", $data);
return;
}
$this->createNewSession($account);
$this->goToAfterSignInPage($account["roles"]);
}
protected function createNewSession($account) {
$model = $this->loadmodel("Sessions");
$sessionid = crypt($account["username"] . date('now'));
$_SESSION['SESSIONID'] = $sessionid;
$model->createNewSession($sessionid, $account["id"]);
}
public function goToAfterSignInPage($roles)
{
foreach($roles as $role)
{
if ($this->utils->stringsEqual($role["name"], "admin", false))
{
$this->redirect(SITE_URL . "/admin/dashboard.php");
return;
}
}
$this->redirect(SITE_URL . "/user/userprofile.php");
}
protected function getUserAction()
{
if ($this->post("signin"))
return "signin";
else
return null;
}
protected function getUserInput()
{
return array(
"username" => $this->post("username"),
"password" => $this->post("password")
);
}
}
$controller = new TSigninController();
$controller->run();
总之,我正在寻求帮助,以便我制作一个允许用户从我的浏览器应用程序中访问其凭据的php脚本user_cred.php。所以任何拥有MVC和PHP知识的人都会非常感激。
答案 0 :(得分:0)
SharpUMS提供的MVC描述非常糟糕。获得SharpUMS源所需的努力让我觉得它不是一个开源项目..哦,好吧。
$auth_result->auth_code === AUTH_NO_SESSION为true可能有两个原因:
$_SESSION['SESSIONID']为空在数据库中找不到会话ID:
来自: sharpums / _application / models / Session.php
SELECT
s.userid,
s.id,
s.started_on,
(
DATE_ADD(
s.started_on,
INTERVAL $this->sessionlength SECOND
) < NOW()
) expired
FROM sessions s
WHERE s.id = '$sessionid'
基本上,机器人原因追溯到 index.php 。我猜,这个方法永远不会执行:
protected function createNewSession($account) {
$model = $this->loadmodel("Sessions");
$sessionid = crypt($account["username"] . date('now'));
$_SESSION['SESSIONID'] = $sessionid;
$model->createNewSession($sessionid, $account["id"]);
}
您应该尝试找出signin()方法终止的时间。
免费建议:不要使用SharpUMS 作为您在MVC中应用或研究的基础,原因如下:
TDatabase使用全局状态来保持连接mysql_* API紧密绑定,正在进行弃用TAbstractModel不是真正抽象的,它在构造函数TUtilities课程是一个巨大的倾销场(见2.1 Adopter模式)preg_*和addslashes()函数