php – 使用会话的高级用户身份验证

前端之家收集整理的这篇文章主要介绍了php – 使用会话的高级用户身份验证前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在建立一个有3种类型用户的网站:
-those who are registered and are subscribed for current month
-those that are registered,but are not subscribed for current month
-users that are not registered (you cant be subscribed if you are not regitered)

我已经创建了识别这3种用户代码并且行为恰当.我的问题是,这是要走的路吗?我以前从未做过类似的事情.或者我应该重新编程我的方法

//login.PHP

//connect to database and see if a user and password combination exists. Store $exists=0 if not,and $exists=1 if it exists.
session_start();

$conn = new MysqLi($hn,$un,$pw,$db);
if ($conn->connect_error){
    die($conn->connect_error);
}
$query = "SELECT COUNT(1) as 'exists',expiration_date FROM table WHERE email = ? AND password = ?;";
$stmt = $conn->prepare($query);
$stmt->bind_param("ss",$email,$password);

$email = $_POST["email"];
$password = hash("hashingalgorithm","salt".$_POST["password"]."salthere");

$stmt->execute();
   /* Get the result */
$result = $stmt->get_result();
$num_of_rows = $result->num_rows;
$row = $result->fetch_assoc();
$exists = $row["exists"];
$expiration_date = $row["expiration_date"];

/* free results */
$stmt->free_result();

/* close statement */
$stmt->close();
$conn->close();

date_default_timezone_set('Europe/Berlin');


if ($exists==0){
    echo "Wrong email or password";
    $_SESSION['loginerror'] = 2;
    header('Location: https://www.homepage.com/login'); 
}else if ($exists){
    if (strtotime($expiration_date) < (strtotime("now"))){//logged in,but not subscribed
        session_destroy();
        session_start();
        $_SESSION["authenticated"] = true;
        header('Location: https://www.homepage.com');
    }else{//logged in and ready to go
        $_SESSION["authenticated"] = true;
        $_SESSION["email"] = $email;
        header('Location: https://www.homepage.com');
    }
}else{
    echo "An error with has occured.";
}

然后在我网站的每一页上我都使用这段代码,看看有哪些用户访问过我

session_start();
if(isset($_SESSION["authenticated"]) && isset($_SESSION["email"])){ 
    $email = $_SESSION["email"];

    //connect to database and fetch expiration_date for a user with $email. Store it in $expiration_date

$conn = new MysqLi($hn,$db);
    if ($conn->connect_error){
        die($conn->connect_error);
    }
    $query = "SELECT expiration_date FROM table WHERE email = ?;";
    $stmt = $conn->prepare($query);
    $stmt->bind_param("s",$email);

    $email = $_SESSION["email"];
    $stmt->execute();
    /* Get the result */
    $result = $stmt->get_result();
    $num_of_rows = $result->num_rows;
    $row = $result->fetch_assoc();
    $expiration_date = $row["expiration_date"];
    /* free results */
    $stmt->free_result();
    /* close statement */
    $stmt->close();
    $conn->close();
    date_default_timezone_set('Europe/Berlin');

    if (strtotime($expiration_date) < (strtotime("now"))){//logged in,but not subscribed
        session_destroy();
        session_start();
        $_SESSION["authenticated"] = true;
        header('Location: https://www.homepage.com');
    }else{  //html for subsribed and registered user
    echo <<<_END
    //html here
    _END;
    }
}else if(isset($_SESSION["authenticated"]) && !isset($_SESSION["email"])){
        // user is logged in,but not subscribed;
        echo <<<_END
        //htmlhere
        _END;
}else{// user is not registered nor is subscribed
        echo <<<_END
        //htmlhere
        _END;
}

代码有效,但我担心一旦用户注册订阅,就会在每个页面上访问数据库.我实际上是在惩罚用户注册订阅.
是否有更好的,性能明智的方式来处理这类问题?

根据我的理解,你已经有了一个有效的代码.你要问的是意见.您希望在检查数据库的每个页面删除重复以进行身份​​验证和订阅.

在我看来,你需要改变你使用会话的方式,

$_session['email']        // email address of user 
 $_session['auth_type']    // holds authentication type
 $_session['auth_till']    // subscription expire date

然后让我们创建函数来检查订阅.此函数可以放在单独的文件中,例如:init.PHP.在这里,我们可以设置会话启动机制,以便在任何情况下都可以使用会话.

if(!isset($_SESSION)) 
    session_start();       // start session if not already started

// lets define global vars to hold authentication type of visitor
define("SUBSCRIBED",1); 
define("UN_SUBSCRIBED",2);
define("REGISTERED",3);
function checkSubscription():bool{
    $return = false;
    if(($_session['auth_type']==SUBSCRIBED)&&(strtotime($_session['auth_till']) < strtotime("now")))
        $return= true;
    return $return
}

并且在login.PHP上使用相同的技术,同时设置会话身份验证类型.

现在任何其他页面都可以简单地使用函数来检查订阅

例如:

<?PHP
// file: product.PHP
include_once("init.PHP");
if(!checkSubscription()){
    // subscription finished. do what you need to do. otherwise continue.
}

您的代码可以进行许多改进.但我认为这将满足您的需求.如果您需要任何其他助手,请告诉我.请访问Scape,如果有任何有用的编码,请告诉我.

猜你在找的PHP相关文章