使用这篇文章: PHP user class (login/logout/signup)
我创建了一个用于登录用户访问我网站的课程。
当我第一次创建它时,我在verifyUser函数中包含了一个db.php文件。这包含与数据库的连接。然而,当我尝试使用数据库处理程序时,它从未奏效。如果我将db.php中的代码粘贴到verifyUser函数中,则可以正常工作。不应该没有区别吗?任何人都可以向我解释为什么会这样吗?
该脚本似乎没有任何问题地访问pbkdf2.php validate_password函数。
如果我传入处理程序并将其存储在类中,如上面的帖子所述,它可以正常工作。我想明白为什么我不能像以前那样做。
<?php
class Login {
// Login and password
private $_userName;
private $_userPass;
// For the user info retrieved, and the database handler
private $_userDetails;
private $_dbh;
public function __construct($userName, $userPass, $dbh) {
$this->_userName = $userName;
$this->_userPass = $userPass;
$this->_dbh = $dbh;
}
public function loginUser() {
$user = $this->_verifyUser();
if ($user) {
// Store the user details for later.
$this->_userDetails = $user;
// Start the users session.
session_start();
$_SESSION['loggedIn'] = 1;
$_SESSION['userId'] = $this->_userName;
return $this->_userDetails['registeredNumber'];
}
return false;
}
protected function _verifyUser() {
try {
$stmt = $this->_dbh->prepare("SELECT firstName, lastName, securityLevel,
password, registeredNumber FROM userDetails
WHERE registeredNumber = :userName");
$stmt->bindParam(':userName', $this->_userName);
$stmt->execute();
}
catch (PDOException $e) {
print "Error! " . $e->getMessage() . '<br/>';
die();
}
if ($stmt->rowCount() > 0) {
$userDetails = $stmt->fetch(PDO::FETCH_ASSOC);
if (validate_password($this->_userPass, $userDetails['password'])){
return $userDetails;
}
}
return false;
}
public function getFirstName() {
return $this->_userDetails['firstName'];
}
public function getLastName() {
return $this->_userDetails['lastName'];
}
public function getFullName() {
return $this->_userDetails['firstName'] . " " .
$this->_userDetails['lastName'];
}
public function getSecLevel() {
return $this->_userDetails['securityLevel'];
}
}
我如何使用该课程:
<?php
// Connect to the database
include('./includes/db.php');
include('./includes/general.php');
include('./includes/pbkdf2.php');
include('./classes/login.php');
// Check if the user has submitted some details.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$loginId = $_POST['userId'];
$loginPass = $_POST['password'];
// Verify format, type and length of the input.
if (!checkLoginId($loginId) || (!checkPassword($loginPass))) {
$errorMsg = "Please enter a valid username or password!";
}
$login = new Login($loginId, $loginPass, $dbh);
if ($userId = $login->loginUser()) {
echo "Welcome " . $login->getFullName() . "<br/>";
}
else {
echo "Invalid login";
}
}
?>