所以问题是,当调用 /MVCTest/manage/dashboard 时,身份验证器失败,因为身份验证器(身份验证器类中的一个方法)没有找到 $_SESSION['user_id'],所以它将用户踢回登录页面.
但是,如果我将以下操作更改为: action="/MVCTest/manage/login?target=MVCTest/manage/dashboard"
并将索引控制器的相同登录功能添加到manageController,一切正常,但这意味着我必须在每个具有我想要登录的页面的控制器中都有一个登录功能(这是每个页面,因为我想要一个用户仪表板)。
那么如何让 $_SESSION 在控制器之间存在,以便我可以让一个控制器负责登录/注销用户?
首先,一些代码...
action="/MVCTest/index/login?target=MVCTest/manage/dashboard" 调用indexController的登录动作。
<?php
Class indexController Extends Core_Controller {
public function login(){
$this->registry->authenticator->login($_POST);
}
}
?>
验证器对象在引导程序中创建并分配给注册表。现在是验证器对象。
<?php
Class Authenticator Extends Base_Model {
public function login($credentials){
//Select user from the database based on email/username
try{
$STH = $this->db->prepare("SELECT * FROM user_account WHERE email = ? OR username = ?");
$STH->bindParam(1, $credentials['login']);
$STH->bindParam(2, $credentials['login']);
$STH->execute();
while($user = $STH->fetch(PDO::FETCH_OBJ)){
$password = $user->user_salt.$credentials['password'];
$password = $this->hashData($password);
try{
if($password === $user->password){
//Active and Verified user exists, set sessions
$random = $this->generateRandomString();
//Build the token
$token = $_SERVER["HTTP_USER_AGENT"] . $random;
$token = $this->hashData($token);
//Setup session variables
session_start();
$_SESSION["token"] = $token;
$_SESSION["user_id"] = $user->id;
//Delete old session records for the user
$STH = $this->db->prepare("DELETE FROM user_session WHERE user_account_id = ?");
$STH->bindParam(1, $user->id);
$STH->execute();
//Insert new session records for the user
try{
$STH = $this->db->prepare("INSERT INTO user_session (user_account_id, session_id, token)
VALUES (?,'".session_id()."', ?);");
$STH->bindParam(1, $user->id);
$STH->bindParam(2, $token);
$STH->execute();
header("Location: /{$_GET['target']}");
exit;
} catch (PDOException $e){
file_put_contents(__SITE_PATH."/logs/errors/MySQLErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
}
} else {
throw new Exception("Password is incorrect!");
}
} catch (Exception $e){
file_put_contents(__SITE_PATH."/logs/errors/LoginErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
}
}
//Email/Username not found
throw new Exception("Email/Username not found!");
} catch (Exception $e) {
file_put_contents(__SITE_PATH."/logs/errors/LoginErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
} catch (PDOException $e){
file_put_contents(__SITE_PATH."/logs/errors/MySQLErrors", $e->getMessage()."\n", FILE_APPEND);
die($e->getMessage());
}
}
}
?>
最后,我的 manageController
<?php
session_name();
session_set_cookie_params(3600, "/MVCTest/manage/");
session_start();
Class manageController Extends Core_Controller {
public function index() {
if(isset($_SESSION['user_id'])){
header("Location: /MVCTest/manage/dashboard");
exit;
}
$this->registry->template->show('manage/index');
}
public function dashboard(){
$this->registry->authenticator->authenticate("/MVCTest/manage/");
$this->registry->template->show('manage/dashboard');
}
}
?>
我找到了答案。离开 session_name(); session_set_cookie_params(3600, __SITE_PATH.'/MVCTest/manage/'); 移动 session_start() 时在 manageController 中;到扩展 Core_Controller 的开头,同时添加公共登录功能。
结果是每个页面都可以有人登录;但是,我觉得这是不好的做法。我看到的问题是,无论用户是否登录,每个页面调用都会启动一个会话。我觉得这很糟糕,有什么建议吗?