0

嗨,我有这个课程。该会话似乎可以工作,但是在单击一分钟或几页后,该会话完全消失了。我已从以下网址获取此代码:http: //www.wikihow.com/Create-a-Secure-Session-Managment-System-in-PHP-and-MySQL并将其纳入我的课堂。我想知道是否有人能告诉我为什么它会死?我有一个用 var 建立的数据库连接$sql

奇怪的是它工作了一会儿然后就死了。

编辑:我输入none了函数的返回read值,然后我回显了这个和它的read函数没有数据。

在我从中获得此代码的站点上,它具有if(!isset($this->gc_stmt)) { if(!isset($this->key_stmt)) { if(!isset($this->delete_stmt)) { if(!isset($this->w_stmt)) {函数内部的 if 语句,我已将这些语句放入我的代码中,因为我不明白它是如何设置它们的。这可能是为什么?

function __construct(){
    global $system;

    // set our custom session functions.
    session_set_save_handler(array($this, 'open'), 
                            array($this, 'close'), 
                            array($this, 'read'), 
                            array($this, 'write'), 
                            array($this, 'destroy'), 
                            array($this, 'gc'));

    // This line prevents unexpected effects when using objects as save handlers.
    register_shutdown_function('session_write_close');

    $this->start_session();
}

function start_session(){
    global $system;

    // Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
    $session_hash = 'sha512';

    // Check if hash is available
    if (in_array($session_hash, hash_algos())) {

        // Set the has function.
        ini_set('session.hash_function', $session_hash);
    }
    // How many bits per character of the hash.
    // The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
    ini_set('session.hash_bits_per_character', 5);

    // Force the session to only use cookies, not URL variables.
    ini_set('session.use_only_cookies', 1);

    // Set the parameters
    $time = 86400 * $system->system_settings('cookie_days');
    $cookieParams = session_get_cookie_params(); 
    // Set the parameters
    session_set_cookie_params($time, $cookieParams["path"], $cookieParams["domain"], false, true); 
    // Change the session name 
    session_name(SESSION_ID_NAME);
    // Now we cat start the session
    session_start();
    // This line regenerates the session and delete the old one. 
    // It also generates a new encryption key in the database. 
    session_regenerate_id(true);    
}


function open(){

    return true;
}

function close() {

    return true;
}

function read($id) {
    global $sql;

    $result = $sql->sql_query("SELECT data FROM `".TABLE_SESSIONS."` WHERE id = '".$id."' LIMIT 1");

    if($sql->sql_num($result) == 1){

        $row = $sql->sql_fetch($result);
        $data = $row['data'];

        $key = $this->getkey($id);
        $data = $this->decrypt($data, $key);

        return $data;
    }else{

        return '';
    }       
}

function write($id, $data){
    global $sql;

    // Get unique key
    $key = $this->getkey($id);
    // Encrypt the data
    $data = $this->encrypt($data, $key);

    $time = time();
    $sql->sql_query("REPLACE INTO `".TABLE_SESSIONS."` (id, set_time, data, session_key) VALUES ('".$id."', '".$time."', '".$data."', '".$key."')");

    return true;
}

function destroy($id){
    global $sql;

    $sql->sql_delete(TABLE_SESSIONS, " id='".$id."'");
    return true;
}

function gc($max){
    global $sql;

    $old = time() - $max;
    $sql->sql_delete(TABLE_SESSIONS, " set_time < '".$old."'");
    return true;
}

private function getkey($id){
    global $sql;

    $result = $sql->sql_query("SELECT session_key FROM `".TABLE_SESSIONS."` WHERE id = '".$id."' LIMIT 1");

    if($sql->sql_num($result) == 1){ 

        $row = $sql->sql_fetch($result);
        return $row['session_key'];
    }else{

        $random_key = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
        return $random_key;
    }
}


private function encrypt($data, $key) {

    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));

    return $encrypted;
}

private function decrypt($data, $key) {

    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);

    return $decrypted;
}
4

0 回答 0