我有一个类 Authenticator,它使用 Datatype User 来登录用户。
include('User.datatype.php');
$usher = new Authenticator;
$usher->checkCreds();
$usher->startSession();
Class Authenticator {
protected $user;
protected function getCreds() {
if (!isset($_POST['login']))
throw new Exception("There was an error processing your request", 1);
else if ($_POST['username'] == '' || $_POST['password'] == '')
throw new Exception("You must enter a username and password", 1);
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$this->user = new User;
$this->user->username = $username;
$this->user->password = $password;
}
public function checkCreds() {
$this->getCreds();
if (empty($this->user->username) || empty($this->user->password))
throw new Exception("Error Processing Request", 1);
include('dbconnect.php'); // Normally I'd store the db connect script outside of webroot
$pdo = new PDO("mysql:host=$db_host;dbname=$db_name;", $db_user, $db_password);
$stmt = $pdo->prepare('SELECT username FROM Users WHERE username = :uname AND password = :pword');
$stmt->bindParam(':uname', $this->user->username);
$stmt->bindParam(':pword', $this->user->password);
$stmt->execute();
$status = $stmt->fetch(PDO::FETCH_NUM);
$this->user->status = $status;
}
protected function createSessionID() {
$seshID = mt_rand(99999, 1000000000);
return $seshID;
}
public function startSession() {
if ($this->user->status === false)
throw new Exception("There was a problem connecting to the database", 1);
session_start();
$_SESSION['username'] = $this->user->username;
$_SESSION['id'] = $this->createSessionID();
$secret = $_SESSION['id'];
header('Location:loggedin.php?' . $secret);
return true;
}
}
登录有效并且 session_starts() 有效,但是当我尝试
print 'Welcome, ' . $_SESSION['username'];
登录.php 时,会话变量为空。
登录的 HTML.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Product Cost Calculator</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="container">
<?php
/*require_once ('Authenticator.php');
if (!Authenticator::startSession())
print 'you are not logged in';*/
print 'Welcome, ' . $_SESSION['username'];
?>
</div>
</body>
</html>