PHP based on session and cookie user login status Operation class Code, sessioncookie_php tutorial

Source: Internet
Author: User
Tags setcookie

PHP based on session and cookie user login status Operation class Code, Sessioncookie


1. User Login state Operation class Userlogin

<?phpfinal class Userlogin {public Function __construct () {}public static function GetUserInfo () {if (Isset ($_cookie[) USER_ID "]) &&$_cookie[" user_id "]&& (Trim ($_cookie[" user_id "]) =" ")) {if (Isset ($_session[) user_ INFO "])) return $_session[" User_info "]; $dao = new Userdao (); $user = $dao->find ($_cookie[" user_id "]); if ($user) {$_ session["User_info"] = $user; Setcookie ("Docloud_sid", session_id (), time () + 36000), Setcookie ("user_id", $_cookie[" USER_ID "], time () + 36000), if (Array_key_exists (" selected_prj_id ", $_cookie)) Setcookie (" selected_prj_id ", $_COOKIE[" selected_prj_id "], time () + 36000), if (Array_key_exists (" selected_class_id ", $_cookie)) Setcookie (" selected_class_id ", $_cookie[" selected_class_id "], time () + 36000), if (Array_key_exists (" selected_image_id ", $_cookie)) Setcookie (" selected_image_id ", $_cookie[" selected_image_id "], time () + 36000), if (Array_key_exists (" Test_image_ids ", $_COOKIE)) Setcookie ("Test_image_ids", $_cookie["Test_image_ids"], time () + 36000); if (arrAy_key_exists ("Upload_image_ids", $_cookie)) Setcookie ("Upload_image_ids", $_cookie["Upload_image_ids"], time () + 36000); return $user;}} Self::clearcookie (); return null;} public static function Setuserinfo ($userInfo) {$_session["user_info"] = $userInfo; Setcookie ("Docloud_sid", session_id (), time () + 36000), Setcookie ("user_id", $userInfo->getid (), time () + 36000);} public static function IsLogin () {if (Self::getuserinfo ()) {return true;} return false;} public static function Deluserinfo () {Self::clearcookie (); Session_destroy ();} private static function ClearCookie () {Setcookie ("Docloud_sid", "", Time ()-36000) Setcookie ("user_id", "", Time ()-3600 0); Setcookie ("selected_prj_id", "", Time ()-36000), Setcookie ("selected_class_id", "", Time ()-36000); Setcookie (" selected_image_id "," ", Time ()-36000), Setcookie (" Test_image_ids "," ", Time ()-36000), Setcookie (" Upload_image_ids "," ", Time ()-36000);}}? >

2, in user input user name, password to make relevant decisions

<?phprequire_once ' init.php ';//If logged in, Logoutif (Userlogin::islogin () && $_cookie["user_id"]==1) { Userlogin::d eluserinfo ();} else if (Userlogin::islogin ()) {Utils::redirect (' Welcome ');} $username = null, $password = NULL, $msg = "", if (isset ($_post[' username ')) && isset ($_post[' password '])) {$ Username = addslashes (Trim (stripslashes ($_post [' username '])); $password = Addslashes (Trim (stripslashes ($_post [') Password ']));//validate$errors = Loginvalidator::validate ($username, $password); if (empty ($errors)) {//Save$dao = New Userdao (); $user = $dao->findbyname ($username); $last _login_ip = Utils::getipaddress (); $user Setlastloginip ($last _login_ip), $now = new DateTime (), $user->setlastlogintime ($now); $dao->save ($user); Userlogin::setuserinfo ($user); Flash::addflash (' Login successful! '); Utils::redirect (' Welcome ');} foreach ($errors as $e) {$msg. = $e->getmessage (). "
";}}? >

A code to introduce you to PHP based on the session and cookie user login state operation class knowledge.

Let's add some knowledge, the difference between Cookies and session

1.cookie is a text string handle sent to the client's browser and stored on the client's hard disk, which can be used to persist data between sessions of a Web site.

2.session In fact refers to the time when a visitor arrives from a particular homepage to the point of departure. The session actually uses cookies to process information, and when the user first makes a request, the server creates a cookie on the user's browser, which in fact means that the cookie expires when the session ends.

Note: The name of the cookie created for this user is ASPSessionID. The only purpose of this cookie is to provide a different identity for each user.

The common point of 3.cookie and session is that both cookies and sessions are used to track the user's identity in a browser.

The difference between the 4.cookie and session is that the cookie data is stored on the client and the session data is saved on the server side.
Simply put, when you log in to a website,

· If the Web server side uses the session, then all the data is stored on the server, the client each time the server is requested to send the current session of the SessionID, the server according to the current SessionID to determine the corresponding user data flag, To determine whether the user is logged on or has some kind of permission. Since the data is stored on the server, you can't forge it, but if you can get the SessionID of a logged-on user, it can be successful to forge the user's request with a special browser. SessionID are randomly assigned when the server and client link are not duplicated in general, but if there is a large number of concurrent requests, there is no possibility of duplication.

· If the browser is using a cookie, then all the data is stored on the browser side, such as when you log in, the server set the cookie user name, then when you request the server again, the browser will send the user name piece to the server, these variables have a certain special tag. The server is interpreted as a cookie variable, so as long as the browser is not closed, the cookie variable is always valid, so it can be guaranteed for a long time without dropping the line. If you can intercept a user's cookie variable and then forge a packet to send the past, the server still thinks you're legit. Therefore, the use of cookies is more likely to be attacked. If it is set to a valid time, then it will save the cookie on the client's hard disk, the next time you visit the website, the browser first check whether there is a cookie, if any, read the cookie, and then sent to the server. If you save a forum cookie on a machine that is valid for one year, if someone invades your machine, copies your cookie, and places it under the directory of his browser, then he or she logs in as your identity. So a cookie can be forged. Of course, you need an idea when you forge, copy directly.

Cookie file to the cookie directory, the browser is not recognized, he has a index.dat file, stored the cookie file set up time, and whether there are changes, so you must first have to have the cookie file of the website, and to cheat the browser from the guaranteed time

5. Two can be used to store private things, also have the term of validity, the difference is that the session is placed on the server, the expiration depends on the service period setting, the cookie is a client, the past or not can be set in the time of the cookie generation.

(1) The cookie data is stored on the client's browser and the session data is placed on the server

(2) Cookies are not very safe, others can analyze cookies stored locally and cookie spoofing, if the main consideration is that security should use the session

(3) The session will be stored on the server for a certain period of time. When the increase in access, will be compared to occupy your server performance, if the main consideration to mitigate server performance, you should use cookies

(4) The limit of a single cookie on the client is 3K, that is, the cookie stored by a site at the client cannot be 3 K.

(5) Therefore: the login information and other important information stored as a session; Other information can be placed in a cookie if it needs to be retained

http://www.bkjia.com/PHPjc/1127925.html www.bkjia.com true http://www.bkjia.com/PHPjc/1127925.html techarticle PHP based on session and cookie user login state operation class Code, Sessioncookie 1, User logon state operation class Userlogin Phpfinal class Userlogin {public Function __ Construct () {}pub ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.