我正在使用此脚本为我的页面创建登录系统。
http://php-login.net/demo3.html
用户可以检查“保持登录状态”-box,然后脚本将用户登录详细信息保存在cookie中。在桌面上的chrome,firefox,explorer和Safari中一切正常,但在移动safari中,cookie登录过程失败。
我可以回显cookie值,所以我知道它已经设置了cookie,但登录仍然失败。
以下是设置cookie的脚本:
private function newRememberMeCookie()
{
// if database connection opened
if ($this->databaseConnection()) {
// generate 64 char random string and store it in current user data
$random_token_string = hash('sha256', mt_rand());
$sth = $this->db_connection->prepare("UPDATE users SET user_rememberme_token = :user_rememberme_token WHERE user_id = :user_id");
$sth->execute(array(':user_rememberme_token' => $random_token_string, ':user_id' => $_SESSION['user_id']));
// generate cookie string that consists of userid, randomstring and combined hash of both
$cookie_string_first_part = $_SESSION['user_id'] . ':' . $random_token_string;
$cookie_string_hash = hash('sha256', $cookie_string_first_part . COOKIE_SECRET_KEY);
$cookie_string = $cookie_string_first_part . ':' . $cookie_string_hash;
// set cookie
setcookie('rememberme', $cookie_string, time() + COOKIE_RUNTIME, "/", COOKIE_DOMAIN);
}
}
以下是通过cookie登录的代码:
private function loginWithCookieData()
{
if (isset($_COOKIE['rememberme'])) {
// extract data from the cookie
list ($user_id, $token, $hash) = explode(':', $_COOKIE['rememberme']);
// check cookie hash validity
if ($hash == hash('sha256', $user_id . ':' . $token . COOKIE_SECRET_KEY) && !empty($token)) {
// cookie looks good, try to select corresponding user
if ($this->databaseConnection()) {
// get real token from database (and all other data)
$sth = $this->db_connection->prepare("SELECT user_id, user_name, user_email FROM users WHERE user_id = :user_id
AND user_rememberme_token = :user_rememberme_token AND user_rememberme_token IS NOT NULL");
$sth->bindValue(':user_id', $user_id, PDO::PARAM_INT);
$sth->bindValue(':user_rememberme_token', $token, PDO::PARAM_STR);
$sth->execute();
// get result row (as an object)
$result_row = $sth->fetchObject();
if (isset($result_row->user_id)) {
// write user data into PHP SESSION [a file on your server]
$_SESSION['user_id'] = $result_row->user_id;
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_logged_in'] = 1;
// declare user id, set the login status to true
$this->user_id = $result_row->user_id;
$this->user_name = $result_row->user_name;
$this->user_email = $result_row->user_email;
$this->user_is_logged_in = true;
// Cookie token usable only once
$this->newRememberMeCookie();
return true;
}
}
}
// A cookie has been used but is not valid... we delete it
$this->deleteRememberMeCookie();
$this->errors[] = $this->lang['Invalid cookie'];
}
return false;
}