所以问题是,当调用/ MVCTest / manage / dashboard时,验证器失败,因为authenticate(验证器类中的方法)没有找到$ _SESSION ['user_id'],所以它将用户踢回登录页面。
但是,如果我将以下操作更改为: action =“/ MVCTest / manage / login?target = MVCTest / manage / dashboard”
并将相同的登录功能从索引控制器添加到manageController,一切正常,但这意味着我必须在每个控制器中都有一个登录功能,它有一个我要登录的页面(这是每个页面以后我想要一个用户仪表板。)
那么如何让$ _SESSION在控制器之间预先设定,这样我就可以让一个控制器负责记录用户进/出?
首先,一些代码......
action =“/ MVCTest / index / login?target = MVCTest / manage / dashboard”调用indexController的登录操作。
<?php
Class indexController Extends Core_Controller {
public function login(){
$this->registry->authenticator->login($_POST);
}
}
?>
在bootstrap中创建了authenticator对象并将其分配给注册表。现在是验证者对象。
<?php
Class Authenticator Extends Base_Model {
public function login($credentials){
//Select user from the database based on email/username
try{
$STH = $this->db->prepare("SELECT * FROM user_account WHERE email = ? OR username = ?");
$STH->bindParam(1, $credentials['login']);
$STH->bindParam(2, $credentials['login']);
$STH->execute();
while($user = $STH->fetch(PDO::FETCH_OBJ)){
$password = $user->user_salt.$credentials['password'];
$password = $this->hashData($password);
try{
if($password === $user->password){
//Active and Verified user exists, set sessions
$random = $this->generateRandomString();
//Build the token
$token = $_SERVER["HTTP_USER_AGENT"] . $random;
$token = $this->hashData($token);
//Setup session variables
session_start();
$_SESSION["token"] = $token;
$_SESSION["user_id"] = $user->id;
//Delete old session records for the user
$STH = $this->db->prepare("DELETE FROM user_session WHERE user_account_id = ?");
$STH->bindParam(1, $user->id);
$STH->execute();
//Insert new session records for the user
try{
$STH = $this->db->prepare("INSERT INTO user_session (user_account_id, session_id, token)
VALUES (?,'".session_id()."', ?);");
$STH->bindParam(1, $user->id);
$STH->bindParam(2, $token);
$STH->execute();
header("Location: /{$_GET['target']}");
exit;
} catch (PDOException $e){
file_put_contents(__SITE_PATH."/logs/errors/MySQLErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
}
} else {
throw new Exception("Password is incorrect!");
}
} catch (Exception $e){
file_put_contents(__SITE_PATH."/logs/errors/LoginErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
}
}
//Email/Username not found
throw new Exception("Email/Username not found!");
} catch (Exception $e) {
file_put_contents(__SITE_PATH."/logs/errors/LoginErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
} catch (PDOException $e){
file_put_contents(__SITE_PATH."/logs/errors/MySQLErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
}
}
}
?>
最后,我的manageController
<?php
session_name();
session_set_cookie_params(3600, "/MVCTest/manage/");
session_start();
Class manageController Extends Core_Controller {
public function index() {
if(isset($_SESSION['user_id'])){
header("Location: /MVCTest/manage/dashboard");
exit;
}
$this->registry->template->show('manage/index');
}
public function dashboard(){
$this->registry->authenticator->authenticate("/MVCTest/manage/");
$this->registry->template->show('manage/dashboard');
}
}
?>
我找到了答案。保留session_name(); session_set_cookie_params(3600,__SITE_PATH。'/ MVCTest / manage /');在moveController中移动session_start();添加公共登录功能时,扩展Core_Controller的开头。
结果是每个页面都可以记录某人;但是,我觉得这是不好的做法。我看到的问题是,无论用户是否登录,每个页面调用都将启动一个会话。我觉得这很糟糕,有什么建议吗?
答案 0 :(得分:1)
看看这段代码:
//Setup session variables
session_start();
$_SESSION["token"] = $token;
$_SESSION["user_id"] = $user->id;
您必须使用
session_start();
在文件的开头。
详细了解session_start