PHP 使用cookie或会话的身份验证类
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了PHP 使用cookie或会话的身份验证类相关的知识,希望对你有一定的参考价值。
<?php
/*
#
# Copyright Iulian Ciobanu (CIGraphics) 2009
# Email: cigraphics@gmail.com
# Please leave the copyright and email intact.
#
# DATABASE TABLE:
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user` varchar(200) NOT NULL,
`password` varchar(40) NOT NULL,
`email` varchar(200) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC;
# LETS INSERT SOME DATA FOR TESTING PURPOSES:
INSERT INTO `users` (`id`, `user`, `password`, `email`) VALUES (1, 'user', '20ccbe71c69cb25e4e0095483cb63bd394a12b23', 'user@email.com');
# FOR TESTING PURPOSES:
The user is: user
The password is: 123456
# USAGE:
$auth = new Auth('database', 'user', 'password', 'host'); // This must be placed at the top of your document you don't need to start the session this script will do it.
$auth->type = session or cookie; // If you want to use sessions you don't need to write it else write cookie.
$auth->emailAuth = false or true; // If you want users to login with email instead of username set it to true or don't write this because is set to false by default
$auth->minval = integer; // The minimum chars for username. Write this only if you want to change the value because it's set by default 6.
$auth->maxval = integer; // The maximum chars for username. Write this only if you want to change the value because it's set by default 22.
$auth->minpass = integer; // The minimum chars for password. Write this only if you want to change the value because it's set by default 6.
$auth->salt = 'LOTS OF CHARS OF ANY TYPE'; // Change this. This is for security hashing. I strongly recommed to change this in the script or write this with other random chars.
$auth->login($user, $password); // Place this in the part where you get the post vars from your login forms
$auth->logout(); // Place this after $auth = new Auth(..) or if you setup type and emailAuth place it below them. Like in example. If you add it without that then you will never be able to login
$auth->error(); // Place this in your document. This function will display the errors from validation and other like mysql errors.
*/
class Auth {
var $type = 'cookie';
private $connection;
private $errors = array();
var $minval = 6;
var $maxval = 22;
var $minpass = 6;
var $salt = '#@()DIJK#)(F#&*()DS#@JKS)@(I()#@DU)*(&@#)(#U)J';
var $emailAuth = false;
function __construct($db, $user, $pass, $host) {
if ( $this->type == 'session' ) {
session_start();
}
$this->mysqlconnect($user, $pass, $host);
$this->mysqldb($db);
$this->check();
}
private function mysqlconnect($user, $pass, $host) {
$conn = @mysql_connect($host, $user, $pass);
if ( !$conn ) {
die('There is a problem with your mysql connection');
} else {
$this->connection = $conn;
}
}
private function mysqldb($db) {
if ( !@mysql_select_db($db, $this->connection) ) {
die('The database doesn\'t exist');
}
}
private function query($sql) {
$result = @mysql_query($sql, $this->connection);
if ( !$result ) {
$this->errors[] = 'SQL Error';
} else {
return $result;
}
}
private function fobj($result) {
return mysql_fetch_object($result);
}
private function fnum($result) {
return mysql_num_rows($result);
}
private function fescape($value) {
return mysql_real_escape_string($value);
}
public function login($user, $pass) {
$email = $this->emailAuth;
$err = false;
$user = strtolower($user);
$password = $this->encrypt($pass);
if ( $email == true ) {
if ( !$this->email($user) ) {
$this->errors[] = 'Email invalid.';
$err = true;
} else {
$col = 'email';
}
} else {
if ( !$this->name($user) ) {
$this->errors[] = 'Name invalid. Min chars: '.$this->minval.'. Max chars: '.$this->maxval;
$err = true;
} else {
$col = 'user';
}
}
if ( strlen($pass) < $this->minpass ) {
$this->errors[] = 'Password min value is 6 chars.';
$err = true;
}
if ( $err == false ) {
$sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($user));
$result = $this->query($sql);
if ( $this->fnum($result) == 0 ) {
$this->errors[] = ucfirst($col).' doesn\'t exist.';
} else {
$row = $this->fobj($result);
if ( $row->password == $password ) {
if ( $this->type == 'session' ) {
$this->set_session($col, $user);
$this->set_session('password', $password);
} elseif ( $this->type == 'cookie' ) {
$this->set_cookie($col, $user);
$this->set_cookie('password', $password);
}
header('Location: ./auth.php');
} else {
$this->errors[] = 'Incorrect password';
}
}
}
}
private function encrypt($value) {
$enc = md5($this->salt.md5($value));
return sha1($enc);
}
// Email validation
private function email($email) {
$reg = "#^(((([a-z\d][\.\-\+_]?)*)[a-z0-9])+)\@(((([a-z\d][\.\-_]?){0,62})[a-z\d])+)\.([a-z\d]{2,6})$#i";
if ( !preg_match($reg, $email) ) {
return false;
} else {
return true;
}
}
// Name validation
private function name($name) {
$min = $this->minval - 2;
if ( !preg_match("#^[a-z][\da-z_]{".$min.",".$this->maxval."}[a-z\d]\$#i", $name) ) {
return false;
} else {
return true;
}
}
private function set_session($name, $value) {
$_SESSION[$name] = $value;
}
private function destroy_session() {
session_unset();
session_destroy();
}
private function set_cookie($name, $value, $time = 3600 ) {
setcookie($name, $value, time()+$time, '/');
}
private function destroy_cookie($name) {
setcookie($name, '', time()-1, '/');
}
public function logout() {
if ( $this->emailAuth == false ) {
$col = 'user';
} else {
$col = 'email';
}
if ( $this->type == 'session' ) {
$this->destroy_session();
} elseif ( $this->type == 'cookie' ) {
$this->destroy_cookie('password');
$this->destroy_cookie($col);
}
header ( 'Location: ./auth.php' );
}
private function check() {
if ( $this->emailAuth == false ) {
$col = 'user';
} else {
$col = 'email';
}
if ( $this->type == 'cookie' ) {
if ( isset($_COOKIE['password']) ) {
$sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_COOKIE[$col]) );
$result = $this->query($sql);
$row = $this->fobj($result);
if ( $row->{$col} !== $_COOKIE[$col] || $row->password !== $_COOKIE['password'] ) {
$this->logout();
}
}
} elseif ( $this->type == 'session' ) {
if ( isset($_SESSION['password']) ) {
$sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_SESSION[$col]) );
$result = $this->query($sql);
$row = $this->fobj($result);
if ( $row->{$col} !== $_SESSION[$col] || $row->password !== $_SESSION['password'] ) {
$this->logout();
}
}
}
}
public function error() {
if ( is_array($this->errors) && !empty($this->errors) ) {
echo '<div style="border:1px solid #CCC; background-color:#FAFAFA; color:#FF0000">';
foreach ( $this->errors as $value ) {
echo $value."<br />";
}
echo '</div>';
}
}
public function isLoggedIn() {
$ret = false;
if ( $this->emailAuth == false ) {
$col = 'user';
} else {
$col = 'email';
}
if ( $this->type == 'cookie' ) {
if ( isset($_COOKIE['password']) ) {
$ret = true;
}
} elseif ( $this->type == 'session' ) {
if ( isset($_SESSION['password']) ) {
$ret = true;
}
}
return $ret;
}
}
?>
Example:
login.php
<?php
include 'class_auth.php';
$auth = new Auth('database', 'user', 'password', 'host'); // This order: Database User Password Host
if ( isset($_GET['logout']) ) {
$auth->logout();
}
if ( isset($_POST['login']) ) {
$auth->login($_POST['user'], $_POST['pass']); // This order: User/Email Password True/False (if you want to use email as auth
}
?>
HERE HTML STUFF
<?php if ( $auth->isLoggedIn() ) : ?>
<h1>Welcome</h1>
<a href="<?=$_SERVER['PHP_SELF'];?>?logout=true">Logout</a>
<?php else : ?>
<h1>Please login</h1>
<form action="<?=$_SERVER['PHP_SELF'];?>?auth" method="post">
<input type="text" name="user" /> User/Email<br />
<input type="password" name="pass" /> Password<br />
<input type="submit" name="login" value="Login" />
</form>
<?php $auth->error(); endif; ?>以上是关于PHP 使用cookie或会话的身份验证类的主要内容,如果未能解决你的问题,请参考以下文章
如何检查用户是不是通过 Laravel 上的 cookie 会话进行身份验证?
MVC 身份验证超时/会话 cookie 删除后的 Ajax 请求