我想问一下登录系统技术,这里是我的登录系统脚本,如果我使用session_id()作为我的会话密钥是安全的。并且您是否应该向我分享您的登录系统以获取更多参考。谢谢。
<?php
class Login {
function __construct(){
}
function is_logged_in(){
if(empty($_SESSION)){
session_start();
}
if(empty($_SESSION[session_id()])){
return false;
}
return true;
}
function get_user(){
if(!$this->is_logged_in()){
return $this->login();
exit();
}
return $_SESSION;
}
function set_user($userattr){
$_SESSION[session_id()] = $userattr;
}
function login(){
if(isset($_POST['btnlogin'])){
$config = new Config;
$result = "";
$sql = $config->pdo->prepare("SELECT * FROM auth
WHERE username = '".$_POST['username']."'
AND passcode = '".md5($_POST['password'])."'");
$sql->execute();
if($sql->rowCount() > 0){
$this->set_user(array('username' =>
$_POST['username'])
);
header("Location: ./index.php");
}else{
echo 'wrong username or pass';
}
}
?>
<div id="login-box">
<form method="post" action="">
<input type="text" name="username" class="input-field" required="true" placeholder="type your username" />
<input type="password" name="password" class="input-field" required="true" placeholder="type your password" />
<input type="submit" value="Log In" class="login-button" name="btnlogin" />
</form>
</div>
<?php
}
}