4

我正在尝试在 android 中进行会话处理过程。在这里,我已经通过 android 成功登录,现在我想处理登录用户的会话。这是我的 login_suer.java(android 部分)

package com.iwantnew.www;



import java.util.ArrayList;
import java.util.List;

import org.apache.http.NameValuePair;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONException;
import org.json.JSONObject;

import android.app.Activity;
import android.app.ProgressDialog;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
import android.util.Log;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;

public class login_user extends Activity{
    private ProgressDialog pDialog;
    JSONParser jsonParser = new JSONParser();
    EditText login_email;
    EditText login_password;
    Button signin;
    TextView error_msg;

    private static String url_create_signin= "http://10.0.2.2/android_iwant/login_user.php";
    // JSON Node names
            private static final String TAG_SUCCESS = "success";
            public void onCreate(Bundle savedInstanceState) {
                super.onCreate(savedInstanceState);
                setContentView(R.layout.user_form);

                // Edit Text
                login_email = (EditText) findViewById(R.id.login_email);
                login_password = (EditText) findViewById(R.id.login_password);              
                signin = (Button) findViewById(R.id.signin);
                error_msg = (TextView) findViewById(R.id.error_msg);

                signin.setOnClickListener(new View.OnClickListener() {

                    @Override
                    public void onClick(View view) {
                        // creating new product in background thread
                        new CheckLogin().execute();
                    }
                });
            }

            class CheckLogin extends AsyncTask<String, String, String> {
                /**
                 * Before starting background thread Show Progress Dialog
                 * */
                @Override
                protected void onPreExecute() {
                    super.onPreExecute();
                    pDialog = new ProgressDialog(login_user.this);
                    pDialog.setMessage("Signing in..");
                    pDialog.setIndeterminate(false);
                    pDialog.setCancelable(true);
                    pDialog.show();
                }
                /**
                 * Creating product
                 * */
                protected String doInBackground(String... args) {

                    //Building Parameters
                    List<NameValuePair> params = new ArrayList<NameValuePair>();
                    params.add(new BasicNameValuePair("email",login_email.getText().toString()));
                    params.add(new BasicNameValuePair("password", login_password.getText().toString()));

                    // getting JSON Object
                    // Note that create product url accepts POST method
                    JSONObject json = jsonParser.makeHttpRequest(url_create_signin,
                            "POST", params);

                    // check log cat fro response
                    Log.d("Create Response", json.toString());

                    // check for success tag
                    try {
                        int success = json.getInt(TAG_SUCCESS);

                        if (success == 1) {
                            // successfully created users
                            Intent i = new Intent(getApplicationContext(), post_item.class);
                            startActivity(i);

                            // closing this screen
                            finish();
                        } else {
                            // failed to sign in
                            error_msg.setText("Incorrect username/password");

                        }
                    } catch (JSONException e) {
                        e.printStackTrace();
                    }

                    return null;
                }

                /**
                 * After completing background task Dismiss the progress dialog
                 * **/
                protected void onPostExecute(String file_url) {
                    // dismiss the dialog once done
                    pDialog.dismiss();
                }

            }


}

现在我需要在这个 java 文件中开始会话处理的想法。服务器端的代码如下:即login_user.php

<?php
session_start();
// array for JSON response
$response = array();
if(isset($_POST['email']) && isset($_POST['password'])){
    $email = $_POST['email'];
    $password = $_POST['password'];

// include db handler
    require_once 'DB_Functions.php';
    $db = new DB_Functions();

     $user = $db->getUesrByEmailAndPassword($email, $password);
      if ($user != false) {
            // user found
            // echo json with success = 1
            $response["success"] = 1;
            $response["uid"] = $user["unique_id"];
            $response["user"]["name"] = $user["name"];
            $response["user"]["email"] = $user["email"];
            $response["user"]["created_at"] = $user["created_at"];
            $response["user"]["updated_at"] = $user["updated_at"];
            echo json_encode($response);
        } else {
            // user not found
            // echo json with error = 1
            $response["error"] = 1;
            $response["error_msg"] = "Incorrect email or password!";
            echo json_encode($response);
        }

}

?>

上面这个 php 文件中使用的函数是 getUesrByEmailAndPassword($email, $password) 如下:

public function getUserByEmailAndPassword($email, $password) {
        $result = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error());
        // check for result 
        $no_of_rows = mysql_num_rows($result);
        if ($no_of_rows > 0) {
            $result = mysql_fetch_array($result);
            $salt = $result['salt'];
            $encrypted_password = $result['encrypted_password'];
            $hash = $this->checkhashSSHA($salt, $password);
            // check for password equality
            if ($encrypted_password == $hash) {
                // user authentication details are correct
                //return $result;
                session_start();
                $_SESSION['clientId'] = $result[0];
                $_SESSION['logged_in'] = TRUE;
            }
        } else {
            // user not found
            return false;
        }
    }

请帮助我使我的代码正常工作。任何帮助将不胜感激。任何包含此类问题解决方案的链接都可能对我有所帮助。谢谢你!

4

1 回答 1

2

据我所知,您getUserByEmailAndPassword()在成功检查密码后永远不会返回实际的用户数据。//return $result;被注释掉了。$user因此null,客户收到“不正确的电子邮件或密码!” 信息。

另一件事。为了使 PHP 会话正常工作,客户端必须接收并记住其 session_id 并将其与每个请求一起作为 GET 或 COOKIE 参数发送。查看您的代码,我没有看到 android 收到它的 session_id。见:http ://www.php.net/manual/en/session.idpassing.php

顺便说一句,$email直接从 POST 在 SQL 查询中使用未转义是一个坏主意。请参阅:如何防止 PHP 中的 SQL 注入?

于 2013-09-22T13:57:14.177 回答