0

我在网上找到了一个用户登录脚本,后来我发现它是用 PHP4 编写的,我正在将其更新到 PHP5 并同时学习 OOP :)

我的用户类的一个片段是

<?php
session_start();   //Tell PHP to start the session
include("include/database.php");
include("include/mailer.php");
include("include/form.php");

include("constants.php");

class user
{
var $username;     //Username given on sign-up
var $firstname;
var $lastname;
var $userid;       //Random value generated on current login
var $userlevel;    //The level to which the user pertains
var $time;         //Time user was last active (page loaded)
var $logged_in;    //True if user is logged in, false otherwise
var $userinfo = array();  //The array holding all user info
var $url;          //The page url current being viewed
var $referrer;     //Last recorded site page viewed
var $num_active_users;   //Number of active users viewing site
var $num_active_guests;  //Number of active guests viewing site
var $num_members;        //Number of signed-up users

/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/

public function __construct(db $db, Form $form)
{
    $this->database = $db;
    $this->form = $form;
    $this->time = time();
    $this->startSession();

    $this->num_members = -1;

    if(TRACK_VISITORS)
    {
        /* Calculate number of users at site */
        $this->calcNumActiveUsers();

        /* Calculate number of guests at site */
        $this->calcNumActiveGuests();
    }


 }      
/**
* startSession - Performs all the actions necessary to 
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables 
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession()
{

    /* Determine if user is logged in */
    $this->logged_in = $this->checkLogin();

    /**
    * Set guest value to users not logged in, and update
    * active guests table accordingly.
    */
    if(!$this->logged_in)
    {
        $this->username = $_SESSION['username'] = GUEST_NAME;
        $this->userlevel = GUEST_LEVEL;
        $this->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
    }
    /* Update users last active timestamp */
    else
    {
        $this->addActiveUser($this->username, $this->time);
    }

    /* Remove inactive visitors from database */
    $this->removeInactiveUsers();
    $this->removeInactiveGuests();

    /* Set referrer page */
    if(isset($_SESSION['url']))
    {
         $this->referrer = $_SESSION['url'];
    }
    else
    {
        $this->referrer = "/";
    }
    /* Set current url */
    $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's 
* authenticity. Returns true if the user has logged in.
*/
function checkLogin()
{
    /* Check if user has been remembered */
    if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid']))
    {
        $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
        $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
    }

    /* Username and userid have been set and not guest */
    if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME)
    {
        /* Confirm that username and userid are valid */
        if($this->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0)
        {
            /* Variables are incorrect, user not logged in */
            unset($_SESSION['username']);
            unset($_SESSION['userid']);
            return false;
        }

        /* User is logged in, set class variables */
        $this->userinfo  = $this->getUserInfo($_SESSION['username']);
        $this->username  = $this->userinfo['username'];
        $this->userid    = $this->userinfo['userid'];
        $this->userlevel = $this->userinfo['userlevel'];
        $this->lastlogin = $this->userinfo['lastlogin'];
        $this->townid = $this->userinfo['placeID'];

        return true;
    }
    /* User not logged in */
    else
    {
        return false;
    }
}
}
$db = new db($config);
$form = new Form;
$user = new User($db, $form);

但我被告知 var $username; 等不是很安全,不应该使用,所以我在这里问我应该使用什么来代替?

我为每个 var 做这样的事情吗?

private $username;

/**
 * @return the $username
 */
public function getUsername() {
    return $this->username;
}

/**
 * @param $newUsername
 * the username to set
 */
public function setUsername($newUsername) {
    $this->username = $newUsername;
}

谢谢

4

1 回答 1

0

var相当于public。通过创建所有成员变量private并向它们中的每一个添加 getter(但不是 setter),您可以有效地使使用您的 API 的其他开发人员无法 [意外地] 更新值。这就是“安全”的含义——如果您没有以正确的隐私级别声明某人*,就不会有人能够侵入您的服务器或访问数据。

如果你还要添加一个 setter,我会说你在浪费你的时间(尽管其他人会不同意我的观点)。无论如何,您已经让他们完全控制了变量。唯一的好处是,如果您决定要以不同的方式存储值,则可以在 getter/setter 中压缩一些其他计算。

* 尽管其他开发人员可能会意外泄露他不应该泄露的信息,例如密码。

于 2013-10-18T21:48:18.783 回答