我一直在尝试让我的登录脚本与数据库管理会话工作。
这是我的数据库会话类:class SessionManager {
var $life_time;
function SessionManager() {
// Read the maxlifetime setting from PHP
$this->life_time = 600; //10 minutes
// Register this object as the session handler
session_set_save_handler(array( &$this, "open" ),
array( &$this, "close" ),
array( &$this, "read" ),
array( &$this, "write"),
array( &$this, "destroy"),
array( &$this, "gc" )
);
}
function open( $save_path, $session_name ) {
global $sess_save_path;
$sess_save_path = $save_path;
// Don't need to do anything. Just return TRUE.
return true;
}
function close() {
return true;
}
function read( $id ) {
// Set empty result
$data = '';
// Fetch session data from the selected database
$time = time();
$newid = mysql_real_escape_string($id);
$sql = "SELECT
`session_data`
FROM
`sessions`
WHERE
`session_id` = '$newid'
AND
`session_expire` > $time";
$rs = mysql_query($sql);
$a = mysql_num_rows($rs);
if($a > 0) {
$row = mysql_fetch_assoc($rs);
$data = $row['session_data'];
}
return $data;
}
function write($id, $data) {
// Build query
$time = time() + $this->life_time;
$newid = mysql_real_escape_string($id);
$newdata = mysql_real_escape_string($data);
$sql = "INSERT INTO `sessions` (`session_id`, `session_data`,
`session_expire`, `session_agent`,
`session_ip`)
VALUES
('"".$id."'", '"".$data."'",
'"".time()."'",'"".$_SERVER['HTTP_USER_AGENT']."'",
'"".$_SERVER['REMOTE_ADDR']."'")
ON DUPLICATE KEY UPDATE
`session_id` = '"".$id."'",
`session_data` = '"".$data."'",
`session_expire` = '"".time()."'"";
$rs = mysql_query($sql) or die(mysql_error());
return true;
}
function destroy($id) {
// Build query
$id = mysql_real_escape_string($id);
$sql = "DELETE FROM `sessions` WHERE `session_id`='$id'";
mysql_query($sql);
return true;
}
function gc(){
// Garbage Collection
// Build DELETE query. Delete all records who have passed the expiration time
$sql = 'DELETE FROM `sessions` WHERE `session_expire` < UNIX_TIMESTAMP();';
mysql_query($sql);
// Always return TRUE
return true;
}
}
这是我的登录类的一部分:
function process_login(){
global $mysql_prefix;
$email = mysql_real_escape_string($_POST['email']);
$check = mysql_query("SELECT password,salt,id FROM ".$mysql_prefix."users WHERE email='$email'");
if(mysql_num_rows($check) > 0){
$info = mysql_fetch_assoc($check);
$private_key = $this->get_secret_key();
$password = hash('sha256', $info['salt'] . hash('sha256', $private_key.$_POST['password']));
if($password == $info['password']){
$_SESSION[$this->user_session]['id'] = $info['id'];
return true;
}else{
return false;
}
}else{
return false;
}
}
我需要在我的global.php文件中的会话类,并调用类(或任何它被称为),但我如何实际去和使用这个新的数据库会话系统与我当前的登录类?
我尝试这样使用$ManageSessions->write(id, data):
function process_login(){
global $mysql_prefix;
$email = mysql_real_escape_string($_POST['email']);
$check = mysql_query("SELECT password,salt,id FROM ".$mysql_prefix."users WHERE email='$email'");
if(mysql_num_rows($check) > 0){
$info = mysql_fetch_assoc($check);
$private_key = $this->get_secret_key();
$password = hash('sha256', $info['salt'] . hash('sha256', $private_key.$_POST['password']));
if($password == $info['password']){
$SessionManager->write(session_id(),$info['id']);
return true;
}else{
return false;
}
}else{
return false;
}
}
但是它似乎不起作用,并且数据在页面更新的第二秒被覆盖。
我一定是遗漏了一些明显的东西,或者只是编码错误。
(我知道脚本中的安全漏洞,我正在重新设计它,所以请不要说任何关于安全之类的事情。)谢谢:))
上面的类用类中的会话系统替换php的会话系统。当创建类的新实例时,将调用其构造函数(function SessionManager() {),将类中的函数设置为运行,而不是php的默认值。所以现在当你写一些东西到$_SESSION,它使用SessionManager的写函数,这将它添加到数据库。
基本上,在每个页面上初始化那个类,然后像平常一样使用你的会话。它们都会出现在数据库中