所以我试图转移到 PDO 连接,但我目前真的被卡住了。现在需要一些帮助。包括 - 我的 login.php 和我的类文件。我也知道 MD5 根本不安全,正在修复它。谢谢你。
if(isset($_POST['submit'])) {
$object = new Login();
$object->verifyDatabase();
if($object->isLoggedIn())
header('location: index.php');
else
$object->showErrors();
}
$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
Username: <input type="text" name="username"/>
Password: <input type="password" name="password"/>
<input type="hidden" name="token" value="<?php echo $token;?>" />
<input type="submit" name="submit" value="Login"/>
<?php
include_once('class.mysql.php');
class Login {
private $_id;
private $_username;
private $_password;
private $_passmd5;
private $_errors;
private $_access;
private $_login;
private $_token;
private $db;
public function __construct() {
$this->_errors = array();
$this->_login = isset($_POST['login'])? 1 : 0;
$this->_access = 0;
$this->_token = $_POST['token'];
$this->_id = 0;
$this->_username = ($this->_login)? $this->filter($_POST['username']) : $_SESSION['username'];
$this->_password = ($this->_login)? $this->filter($_POST['password']) : '';
$this->_passmd5 = ($this->_login)? md5($this->_password) : $_SESSION['password'];
$this->db = new Connection();
$this->db = $this->db->dbConnect();
}
public function isLoggedIn() {
($this->_login)? $this->verifyPost() : $this->verifySession();
return $this->_access;
}
public function filter($var) {
return preg_replace('/[^a-zA-Z0-9]/','',$var);
}
public function verifyPost() {
try {
if(!$this->isTokenValid())
throw new Exception('Invalid Form Submission');
if(!$this->isDataValid())
throw new Exception('Invalid Form Data');
if(!$this->verifyDatabase())
throw new Exception('Invalid Username/Password');
$this->_access = 1;
$this->registerSession();
}
catch(Exception $e) {
$this->_errors[] = $e->getMessage();
}
}
public function verifySession() {
if($this->sessionExist() && $this->verifyDatabase())
$this->_access = 1;
}
/////Old verifyDatabase/////
///////////////////////////////
//public function verifyDatabase() {
//mysql_connect("localhost", "root", "") or die(mysql_error());
//mysql_select_db("example") or die(mysql_error());
//$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");
//if(mysql_num_rows($data))
// {
// list($this->_id) = @array_values(mysql_fetch_assoc($data));
// return true;
// }
//else
// { return false; }
//}
public function verifyDatabase() {
$st = $this->db->prepare("SELECT * FROM users WHERE username='{$this->_username}' AND password='{$this->_password}'");
$st->bindParam(1, $this->_username);
$st->bindParam(2, $this->_password);
$st->execute();
if($st->rowCount() == 1) {
echo "User verified";
} else {
echo "Incorrect username or password";
}
}
public function isDataValid() {
return (preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_username) && preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_password))? 1 : 0;
}
public function isTokenValid() {
return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;
}
public function registerSession() {
$_SESSION['ID'] = $this->_id;
$_SESSION['username'] = $this->_username;
$_SESSION['password'] = $this->_passmd5;
}
public function sessionExist() {
return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0;
}
public function showErrors() {
echo "<h3>Errors</h3>";
foreach($this->_errors as $key=>$value)
echo $value."<br>";
}
}
?>