0

这是我的课,

<?php
class session {
// session-lifetime
var $lifeTime;
// mysql-handle
var $dbHandle;

function open($savePath, $sessName) {
// get session-lifetime
$this->lifeTime = get_cfg_var("session.gc_maxlifetime");
// open database-connection
$dbHandle = @mysql_connect("server","user","pass");
$dbSel = @mysql_select_db("database",$dbHandle);
// return success
if(!$dbHandle || !$dbSel)
return false;
$this->dbHandle = $dbHandle;
return true;
}

function close() {
$this->gc(ini_get('session.gc_maxlifetime'));
// close database-connection
return @mysql_close($this->dbHandle);
}

function read($sessID) {
// fetch session-data
$res = mysql_query("SELECT session_data AS d FROM ws_sessions
WHERE session_id = '$sessID'
AND session_expires >
".time(),$this->dbHandle);
// return data or an empty string at failure
if($row = mysql_fetch_assoc($res))
return $row['d'];
return "";
}

function write($sessID,$sessData) {
// new session-expire-time
$newExp = time() + $this->lifeTime;
// is a session with this id in the database?
$res = mysql_query("SELECT * FROM ws_sessions
WHERE session_id =
'$sessID'",$this->dbHandle);
// if yes,
if(mysql_num_rows($res)) {
// ...update session-data
mysql_query("UPDATE ws_sessions
SET session_expires = '$newExp',
session_data = '$sessData'
WHERE session_id = '$sessID'",$this->dbHandle);
// if something happened, return true
if(mysql_affected_rows($this->dbHandle))
return true;
}
// if no session-data was found,
else {
// create a new row
mysql_query("INSERT INTO ws_sessions (
session_id,
session_expires,
session_data)
VALUES(
'$sessID',
'$newExp',
'$sessData')",$this->dbHandle);
// if row was created, return true
if(mysql_affected_rows($this->dbHandle))
return true;
}
// an unknown error occured
return false;
}

function destroy($sessID) {
// delete session-data
mysql_query("DELETE FROM ws_sessions WHERE session_id =
'$sessID'",$this->dbHandle);
// if session was deleted, return true,
if(mysql_affected_rows($this->dbHandle))
return true;
// ...else return false
return false;
}

function gc($sessMaxLifeTime) {
// delete old sessions
mysql_query("DELETE FROM ws_sessions WHERE session_expires < " .
time(), $this->dbHandle);
// return affected rows
return mysql_affected_rows($this->dbHandle);
}
}
?>

我是从 php 手册中获取的。如果我在脚本中测试这个类,一切都会好起来的。这边走,

<?php
require_once 'session/sessionDb.php';

$session = new session();

session_set_save_handler(array(&$session,"open"),
array(&$session,"close"),
array(&$session,"read"),
array(&$session,"write"),
array(&$session,"destroy"),
array(&$session,"gc"));

session_start();
$_SESSION['name'] = "MySession";

if (!isset($_SESSION['initiated']))
{
session_regenerate_id();
$_SESSION['initiated'] = true;
}

echo 'Sesiones.-<br/><br/>';

$session_id = session_id();
echo '<br/>Sesion Id: ' . $session_id . '<br/>';

$return = $session->write($session_id, 'user1');

if($return)
{
$value = $session->read($session_id);
echo '<br/>User en sesion: ' . $value . '<br/>';
}

$return = $session->write($session_id, 'user2');

if($return)
{
$value = $session->read($session_id);
echo '<br/>User en sesion: ' . $value . '<br/>';
}


$session->close();
echo '<br/>Sesion cerrada!!!<br/>';
?>

但是当我在我的网站上尝试它时不起作用。如果我尝试验证用户是否已经登录,我会得到用户已登录,就好像他已经登录而他没有登录一样。这是脚本 login.php,

<?php

$cliente = "";

if(isset($_POST["user"]) && isset($_POST["pass"]))
{
if((trim($_POST["user"]) == '') || (trim($_POST["pass"]) == ''))
{
?>
<script type="text/javascript">
alert("Debes logarte correctamente.");
</script>
<?php
}
else
{
$logged = false;

if(trim($session->read($session_id)) ==
trim($_POST["user"]));
{
?>
<script type="text/javascript">
alert('The user is already logged in');
</script>
<?php
$logged = true;
}

if(!$logged)
{
$db = new DBAccess(DB_SERVER, DB_USER, DB_PASS,
DB_DATABASE);
$db->connect();

$sql = "SELECT nombre FROM " . TABLE_CLIENTE .
" WHERE id_usuario IN " .
"(SELECT id_usuario FROM " . TABLE_USUARIO . "
WHERE login = '" . trim($_POST["user"]) . "')";

$cliente = $db->result($sql, 0, 'nombre');

$db->close();
$db = null;

if($session->write($session_id, trim($_POST["user"])))
{
?>
<script type="text/javascript">
alert("User registered in session.");
</script>
<?php
}
else
{
?>
<script type="text/javascript">
alert("This does not work.");
</script>
<?php
}
}
}
}
?>

这里 trim($session->read($session_id)) == trim($_POST["user"]) 为真,这意味着验证始终为真。如果我不验证,我会收到消息:这不起作用。

在我的主页的标题中,

require_once 'private/classes/session/sessionDb.php';

$session = new session();
session_set_save_handler(array(&$session,"open"),
array(&$session,"close"),
array(&$session,"read"),
array(&$session,"write"),
array(&$session,"destroy"),
array(&$session,"gc"));

session_start();
$_SESSION['name'] = "MySession";

if (!isset($_SESSION['initiated']))
{
session_regenerate_id();
$_SESSION['initiated'] = true;
}
$session_id = session_id();

我想我为整个站点设置了 $session 和 $session_id 但他们没有。

出了什么问题?

问候

4

1 回答 1

2

解决。

这是我在 home.php 文件开头的代码,

global $session;
global $session_id;
global $mysession;

session_write_close();
$session = new session();
session_set_save_handler(array(&$session,"open"),
                         array(&$session,"close"),
                         array(&$session,"read"),
                         array(&$session,"write"),
                         array(&$session,"destroy"),
                         array(&$session,"gc"));

if(isset($_COOKIE[session_name()]))
$mysession = $_COOKIE[session_name()];
else {
$mysession = md5(microtime().rand(1,9999999999999999999999999));
$parametros_cookies = session_get_cookie_params();
setcookie(session_name($mysession), $mysession, time()+3600,                       $parametros_cookies['path']);
}

ini_set('session.gc_probability', 100);
ini_set('session.gc_divisor', 100);
session_name($mysession);
session_start();
$old = session_id();
session_regenerate_id(true);
$session_id = session_id();
$rsi = new RegenerateSessionId($old, $session_id);
$rsi->regenerate_id();
unset($rsi);
$rsi = null;

会话启动并创建会话变量,您可以键入 $_SESSION['user'] 就足够了。

要关闭会话,我使用如下 logout.php 脚本,

global $session;

if(isset($session) && isset($_POST["logout"]))
{   
if(trim($_POST["logout"]) == 'logOut')
{   
    $session_name = session_name();

    unset($session);
    $session = null;

    session_destroy();

    $parametros_cookies = session_get_cookie_params(); 
    setcookie($session_name,'0',1,$parametros_cookies["path"]);
}
}

问候。

于 2012-08-15T11:40:38.777 回答