您好我正在关注php / mysql / PDO的教程:PHP OOP登录/注册系统。
我认为vid是很久以前创建的,而且PHP代码中的内容发生了变化,现在我没有获得登录成功记录。
的login.php
<?php
require_once '../core/config/conf.php';
if(Input::exists()) {
if(Token::check(Input::get('token'))) {
$validate = new Validate();
$validation = $validate->check($_POST, array(
'gebruikersnaam' => array('required' => true),
'wachtwoord' => array('required' => true)
));
if($validate->passed()) {
$user = new User();
$login = $user->login(Input::get('gebruikersnaam'), Input::get('wachtwoord'));
if($login) {
echo (isset($user) && ($user->isLoggedIn())) ? 'Ingelogd!' : 'Inloggen ging fout.';
} else {
foreach ($validate->errors() as $error) {
echo $error, '<br />';
}
}
}
}
}
?>
<form action="" method="post">
<div class="field">
<label for="gebruikersnaam">Gebruikersnaam</label>
<input type="text" name="gebruikersnaam" id="gebruikersnaam" autocomplete="on">
</div>
<div class="field">
<label for="wachtwoord">Wachtwoord</label>
<input type="password" name="wachtwoord" id="wachtwoord" autocomplete="off">
</div>
<input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
<input type="submit" value="Inloggen">
</form>
User.class.php
<?php
class User {
private $_db,
$_data,
$_sessionName,
$_isLoggedIn = null;
public function __construct($user = null) {
$this->_db = DB::getInstance() ;
$this->_sessionName = Config::get('session/session_name');
if(!$user) {
if(Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if($user) {
($this->find($user)) ? $this->_isLoggedIn = true : $this->_isLoggedIn = false;
} else {
echo 'Class fout';
}
}
} else {
$this->find($user);
}
}
public function create($fields = array()) {
if(!$this->_db->insert('users', $fields)) {
throw new Exception('Ooops... daar ging iets fout.');
}
}
public function find($user = null) {
if($user) {
$field = (is_numeric($user)) ? 'id' : 'username';
$data = $this->_db->get('users', array($field, '=', $user));
if(($data) && ($data->count())) {
$this->_data = $data->first();
return true;
} else {
return false;
}
}
return false;
}
public function login($user = null, $pass = null) {
if(isset($user) && ($this->find($user))) {
if($this->data()->password === Hash::make($pass, $this->data()->salt)) {
Session::put($this->_sessionName, $this->data()->u_id);
return true;
}
}
return false;
}
public function data() {
return $this->_data;
}
public function isLoggedIn() {
return $this->_isLoggedIn;
}
}
此方法为LoggedIn();即使我检查了登录(),也不会返回true;和find();方法,他们似乎按计划工作,但不知何故,它并没有告诉我,我已登录。
感谢。
答案 0 :(得分:0)
您永远不会设置_isloggedin变量
public function login($user = null, $pass = null) {
if(isset($user) && ($this->find($user))) {
if($this->data()->password === Hash::make($pass, $this->data()->salt)) {
Session::put($this->_sessionName, $this->data()->u_id);
// set it here
$ this->_isloggedin = true;
return true;
}
}
return false;
}
答案 1 :(得分:0)
看起来很复杂。你可以制作一个更简单的登录脚本,它不会让你的大脑完全搞砸。这里快速输入一个(不会完全安全,检查一个很好的PHP安全教程!)最好从小开始,了解,然后变得更大。
<form action='au.php' method='POST'>
Username: <input type='text' name='user' />
Password: <input type='password' name='pass' />
<input type='submit' value='login' />
</form>
au.php
<?php
include "mysqli.php";
global $db; // OOP form of mysqli
$user = $db->real_escape_string(trim($_POST['user']));
$pass = $db->real_escape_string(trim($_POST['pass']));
$epass = md5($pass); // hashing a password isn't the best idea these days. Look into encrypting passwords
if(!isset($user) || !isset($pass))
{
echo " didn't fill out form";
} else {
$q = $db->query("SELECT * FROM users WHERE username='$user' AND password='$epass'");
$nr = $q->num_rows; // count the number of users (should only be one if data is entered right)
$ar = $q->fetch_array(MYSQLI_BOTH);
if($nr != 1)
{
// error
} else {
session_start();
session_regenerate_id();
$_SESSION['userid'] = $ar['userid'];
$_SESSION['loggedin'] = 1;
header("location:loggedin.php");
}
}
?>
在此之后您需要做的就是检查$ _SESSION ['loggedin']变量是否等于1以查看用户是否已登录,如果是,那么您可以从$ _SESSION ['引用与它们相关的任何内容。用户ID']。