我正在尝试创建面向对象的登录系统。
在构建网站时,我已经开始通过解决一些相当简单的问题来提高我的OOP 技能。所以它从一个登录系统开始,我在 youtube 上学习了一个教程,帮助我制作了一个登录类,但随着它的进行,它提出了很多疑问(代码是 100 行,所以我会继续粘贴它)。
当我在不输入值的情况下执行代码时,输出invalid form submission 不会返回 invalid username/password等。
当我输入错误的用户名和密码时,然后返回invalid form submission;它不应该正常运行...
请帮我
我在这里输入我的代码。
<?php
class Login
{
private $_id;
private $_username;
private $_password;
private $_passmd5;
private $_errors;
private $_access;
private $_login;
private $_token;
//create a function
public function __construct()
{
$this->_errors = array();
$this->_login = isset($_POST['login'])?1:0;
$this->_access = 0;
$this->_token = $_POST['token'];
$this->_id = 0;
$this->_username= ($this->_login)? $this->filter($_POST['username']):$_SESSION['username'];
$this->_password= ($this->_login)? $this->filter($_POST['password']): '';
$this->_passmd5 = ($this->_login)? md5($this->_password) : $_SESSION['password'];
}
public function IsLoggedIn()
{
($this->_login)? $this->VerifyPost() : $this->VerifySession();
return $this->_access;
}
public function filter($var)
{
return preg_replace('/[^a-zA-Z0-9]/','',$var);
}
public function VerifyPost()
{
try
{
if($this->IsTokenValid())
throw new Exception('Invalid Form Submission');
if($this->IsDataValid())
throw new Exception('Invalid Form Data');
if($this->VerifyDatabase())
throw new Exception('Invalid Username / Password');
$this->_access=1;
$this->RegisterSession();
}
catch(Exception $e)
{
$this->_errors[]= $e->getMessage();
}
}
public function VerifySession()
{
if($this->SessionExist() && $this->VerifyDatabase())
{
$this->_access=1;
}
}
public function VerifyDatabase()
{
include "db_connection.php";
$q="select 'user_id' from user where username='".$this->_username."' and password='".$this->_passmd5."'";
echo $q;
$result=mysql_query($q);
if(mysql_num_rows($result))
{
// list($this->_id)= @array_values(mysql_fetch_assoc($result));
$row=mysql_fetch_array($result);
$this->_id= $row['user_id'];
return true;
}
else
{
return false;
}
}
public function IsDataValid()
{
return preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_username) && preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_password)?1:0;
}
public function IsTokenValid()
{
return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])?0:1;
}
public function RegisterSession()
{
$_SESSION['user_id']=$this->_id;
$_SESSION['username']=$this->_username;
$_SESSION['password']=$this->_passmd5;
}
public function SessionExist()
{
return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1:0;
}
public function ShowErrors()
{
echo '<h3> Errors: </h3>';
foreach($this->_errors as $key=>$value)
{
echo $value .'<br>';
}
}
}
?>
我在我的登录表单中处理此代码,即
enter code here
<?php
session_start();
if(isset($_POST['login']))
{
include "login.php";
$login =new Login();
if($login->IsloggedIn())
{
echo "success";
//header("location:index.php");
}
else
{
$login->ShowErrors();
}
}
$token=$_SESSION['token']= md5(uniqid(mt_rand(),true));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<form name="login_form" action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<p>
<label for="username">Username</label>
<input type="text" name="username" />
<br />
<label for="password">Pssword</label>
<input type="password" name="password" />
<br />
<input type="hidden" name="token" value="<?=$token;?>">
<input type="submit" name="login" value="Login" />
</p>
</form>
</body>
</html>