嗨,我有这个课程。该会话似乎有效,但在一分钟或几页点击后,会话完全消失。我从以下代码中获取了这些代码:http://www.wikihow.com/Create-a-Secure-Session-Managment-System-in-PHP-and-MySQL并将其编入我的班级。我想知道是否有人能告诉我为什么它会死?我有一个与var $sql
奇怪的是,它会工作一段时间然后就会死掉。
编辑:我在none函数的返回中放了read,然后我回复了这个以及没有数据的read函数。
在网站上我从中得到了这些代码,如果函数中有if(!isset($this->gc_stmt)) { if(!isset($this->key_stmt)) { if(!isset($this->delete_stmt)) { if(!isset($this->w_stmt)) {这样的语句,我已将这些语句放在我的代码中,因为我没有不明白它是如何设定它们的。这可能是为什么?
function __construct(){
global $system;
// set our custom session functions.
session_set_save_handler(array($this, 'open'),
array($this, 'close'),
array($this, 'read'),
array($this, 'write'),
array($this, 'destroy'),
array($this, 'gc'));
// This line prevents unexpected effects when using objects as save handlers.
register_shutdown_function('session_write_close');
$this->start_session();
}
function start_session(){
global $system;
// Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
$session_hash = 'sha512';
// Check if hash is available
if (in_array($session_hash, hash_algos())) {
// Set the has function.
ini_set('session.hash_function', $session_hash);
}
// How many bits per character of the hash.
// The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
ini_set('session.hash_bits_per_character', 5);
// Force the session to only use cookies, not URL variables.
ini_set('session.use_only_cookies', 1);
// Set the parameters
$time = 86400 * $system->system_settings('cookie_days');
$cookieParams = session_get_cookie_params();
// Set the parameters
session_set_cookie_params($time, $cookieParams["path"], $cookieParams["domain"], false, true);
// Change the session name
session_name(SESSION_ID_NAME);
// Now we cat start the session
session_start();
// This line regenerates the session and delete the old one.
// It also generates a new encryption key in the database.
session_regenerate_id(true);
}
function open(){
return true;
}
function close() {
return true;
}
function read($id) {
global $sql;
$result = $sql->sql_query("SELECT data FROM `".TABLE_SESSIONS."` WHERE id = '".$id."' LIMIT 1");
if($sql->sql_num($result) == 1){
$row = $sql->sql_fetch($result);
$data = $row['data'];
$key = $this->getkey($id);
$data = $this->decrypt($data, $key);
return $data;
}else{
return '';
}
}
function write($id, $data){
global $sql;
// Get unique key
$key = $this->getkey($id);
// Encrypt the data
$data = $this->encrypt($data, $key);
$time = time();
$sql->sql_query("REPLACE INTO `".TABLE_SESSIONS."` (id, set_time, data, session_key) VALUES ('".$id."', '".$time."', '".$data."', '".$key."')");
return true;
}
function destroy($id){
global $sql;
$sql->sql_delete(TABLE_SESSIONS, " id='".$id."'");
return true;
}
function gc($max){
global $sql;
$old = time() - $max;
$sql->sql_delete(TABLE_SESSIONS, " set_time < '".$old."'");
return true;
}
private function getkey($id){
global $sql;
$result = $sql->sql_query("SELECT session_key FROM `".TABLE_SESSIONS."` WHERE id = '".$id."' LIMIT 1");
if($sql->sql_num($result) == 1){
$row = $sql->sql_fetch($result);
return $row['session_key'];
}else{
$random_key = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
return $random_key;
}
}
private function encrypt($data, $key) {
$salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
$key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));
return $encrypted;
}
private function decrypt($data, $key) {
$salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
$key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);
return $decrypted;
}