我正在尝试实现自己的类,函数和视图,以实现多用户身份验证和使用php,mysql和pdo类的页面。
如果我以正确的方式这样做或者我走错了路,请告诉我?
Mysql表格如下:
userID-----------int 1
userName---------varchar abc
userPassword-----varchar pass
userAccessCode---int 100
这是html和php,它将通过post传递数据到类authen中的 aut
注意:会话将在标题登录中开始。并在退出时关闭
//include authen class
if(isset(POST){
$authen->name= Check_Params($_POST['name ']);
$authen->pass= Check_Params($_POST['pass']);
$authen->accs= Check_Params($_POST['accs']);
$authen->aut()
}
<form method="post">
<input name="name" type="text">
<input name="pass" type="password">
<input name="access" type="password">
<input type="submit" value="login">
</form>
现在,authen类将检查用户是否在数据库中:
public function auth() {
$name = Check_Param($this->name);
$pass = Check_Param($this->pass);
$accs = Check_Param($this->accs);
$passhashed = hash_pass(Check_Params($this->password));
$stm = "SELECT COUNT(*) FROM userTBL WHERE `userName`=:name AND `userPassword`=:pass AND `userAccessCode`=:accs LIMIT 1";
$stm = $this->conn->prepare($stmt9);
$stm->bindParam(':nameo', $name);
$stm->bindParam(':passs', $passhashed);
$stm->bindParam(':accs', $accs);
$stm->execute();
$checkstm = $stm->fetchColumn();
if ($checkstm == 1) {
$_SESSION['accs'] = Check_Params($accs);
$_SESSION['name'] = Check_Params($name);
header("location:../home");
exit;
} else {
header("location:logout.php");
exit;
}
}
现在在每个页面中,这将检查它是否是登录请求,这是 ifitislogin 功能
public function ifitislogin() {
if ($_SESSION['name'] == '' | $_SESSION['accs'] == '') {
header("location:logout.php");
} else {
$accs = Check_Params(preg_replace('#[^0-9]#i', '', $_SESSION["accs"]));
$name = Check_Params(preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["name"]));
$stm = "SELECT COUNT(*) FROM userTBL WHERE `userName`=:name AND `userAccessCode`=:accs";
stm = $this->conn->prepare($stmt9);
$stm->bindParam(':nameo', $name);
$stm->bindParam(':accs', $accs);
$stm->execute();
$checkstm = $stm->fetchColumn();
if ($checkstm != 1) {
header("location:logout.php");
exit();
}
}
}
现在,例如,这是所有的索引页面:
//include class authentic
$authen->ifitislogin(); // this will check if user is valid:
echo "<h1>" welcome to the document management system</h1> <br/>";
//this will befor admin and operator
if($_SESSION['accs'] = Check_Params('100')){
echo "<h1>welcome to admin page data....</h1>";
} elseif($_SESSION['accs']) == 101) {
echo "<h1>welcome to reporter page data....</h1>"
} else {
echo "welcome msg";
}
//this will be for clients or users, the function will get the result from database based on the user name and accs/
$accs = Check_Params($_SESSION['accs']);
$name = Check_Params($_SESSION['name']);
//get the result from database based on these tow variable which means $accs, $name it will select from database base where access = $accs and name = $name
在此代码部分中,根据从会话变量中获取的数据查询数据库中的数据是否可以?如果不知道我怎么知道应该向哪个用户显示哪些数据?或哪个页面是针对哪个用户的?
预付款。