"User authentication" this way to verify that the user is logged on with no loopholes, problems
This post was last edited by default7 on 2014-05-25 13:31:32
Consider that the server minimizes SQL queries.
Session if the browser is disabled, so use a cookie, write the following way to detect whether the user is logged in.
The code is as follows:
/**
* Initialization, user cookie data validation by default7#zbphp.com
*/
Public Function Authcheck ()
{
if (Cookie (' uid ')) {
$uid = Cookie (' uid ');
$UMD 5 = Cookie (' umd5 ');
$udata = Cookie (' Udata ');
if (Isuid ($uid) && isMd5 ($UMD 5) && $udata && ($strDecode = Authcode ($udata, ' DECODE '))
&& MD5 ($strDecode) = = $UMD 5 && ($data = Json_decode ($strDecode)) && $data [' uid '] = = $uid) {
Every 60s must be queried for SQL detection once
if ($this->time-$data [' lastactive '] > Self::interval) {
if ($rsUser = M (' Member ')->where ("Mid= ' $uid '")->getfield (' Mid,uname,pwd,vip,viptime1,viptime2,lastactive, ISFBD '))
&& strtolower ($rsUser [' uname ']) = = Strtolower ($data [' uname '])
&& strtolower ($rsUser [' email ']) = = Strtolower ($data [' email '])
&& MD5 ($rsUser [' pwd ']. $data [' salt '] = = = $data [' upwd ']
) {
if ($rsUser [' isfbd '] = = ' t ') {
$this->error (' Your account has been blocked, please contact the administrator! ');
$this->resetuser ();
Return
}
Update last online time
M (' Member ')->setfield (' lastactive ', $this->time);
Regenerate the encryption key
$data [' salt '] = uniqid ();
$data [' upwd '] = MD5 ($rsUser [' pwd ']. $data [' salt '];
}else{
$this->error (' account information (email or password) has changed, please login again! ', ', U (' member/index/login?f= '. __url__));
$this->resetuser ();
Return
}
}
$data [' lastactive '] = $this->time;
$this->userdata = $data;
$strEncode = Json_encode ($data);
Configuration cookie expires 10 days by default
Cookie (' uid ', $data [' uid ']);
Cookies (' Umd5 ', MD5 ($strEncode));
Cookies (' Udata ', Authcode ($strEncode, ' ENCODE '));
Return
}
$this->resetuser ();
}
}
/**
* Logout Session All
*
* @return BOOL
*/
Public Function Resetuser ()