我已经阅读了大量关于它的问题,讨论情况与此问题的答案不同。
我需要拥有用户ID才能从数据库中检索他的数据并使用此数据创建会话以创建继续登录。
哈希会议:
function createNewUserSession($uid, $email, $salt){
$session_key = $email.$salt;
$options = [
'cost' => 11
];
$session_key = password_hash($session_key, PASSWORD_BCRYPT, $options);
$connect = mysqliConnect();
$query = "UPDATE `users` SET";
$query .= " session_key = '$session_key'";
$query .= " WHERE id = '$uid'";
mysqli_query($connect, $query);
return $session_key;
}
function generateRandomString($length) {
return substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_+|"}?><~', ceil($length/strlen($x)) )),1,$length);
}
$user_session_salt = generateRandomString(32);
if (isset($_COOKIE['sk'])) {
if (password_verify($email.$_COOKIE['sk'], $session_key)) {
// Creating Sessions
$_SESSION['uid'] = $uid;
$_SESSION['fName'] = $fName;
$_SESSION['lName'] = $lName;
} else {
// Creating New Sessions
createNewUserSession($uid, $email, $user_session_salt);
$_SESSION['uid'] = $uid;
$_SESSION['fName'] = $fName;
$_SESSION['lName'] = $lName;
// Creating Cookies
setcookie("sk", $user_session_salt, time() + (90 * 24 * 60 * 60), '/', '.mywebsite.io');
}
}
续会:
function restoreSession($uid) {
$connect = mysqliConnect();
$query = "SELECT * FROM `users` WHERE id = '$uid'";
$result = mysqli_query($connect, $query);
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$uid = $row['id'];
$email = $row['email'];
$fName = $row['first_name'];
$lName = $row['last_name'];
$session_key = $row['session_key'];
if (isset($_COOKIE['sk']) && !isset($_SESSION['uid'])) {
$user_salt = $_COOKIE['sk'];
if (password_verify($email.$user_salt, $session_key)) {
// Creating Sessions
$_SESSION['uid'] = $uid;
$_SESSION['fName'] = $fName;
$_SESSION['lName'] = $lName;
}
}
}
}
我知道这并不完美,但我仍然在学习并需要就此问题提供足够的意见。