在

PHP筆記-用戶登錄&權(quán)限攔截說明

這篇博文中設(shè)置Cookie時(shí)用的是數(shù)據(jù)庫(kù)的用戶id。這樣有問題，用戶可以隨意改動(dòng)ID，從而獲取不同的用戶權(quán)限。

這里我們更新下，增加點(diǎn)安全性。構(gòu)造safe包

內(nèi)容如下：

CookieAndSession.php

<?phpnamespace safe;class CookieAndSession{public $cookie;public $userId;public $browser;public $os;public $timeToLive; }

CookieTool.php

<?phpnamespace safe;class CookieTool{protected function generateKey(): string{$length = 32;$retKey = "";for ($i = 0; $i < $length; $i++){$retKey .= chr(mt_rand(33, 126));}return $retKey;}protected function getIPAddress(): string{$ipaddress = "";if (isset($_SERVER['HTTP_CLIENT_IP']))$ipaddress = $_SERVER['HTTP_CLIENT_IP'];else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];else if(isset($_SERVER['HTTP_X_FORWARDED']))$ipaddress = $_SERVER['HTTP_X_FORWARDED'];else if(isset($_SERVER['HTTP_FORWARDED_FOR']))$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];else if(isset($_SERVER['HTTP_FORWARDED']))$ipaddress = $_SERVER['HTTP_FORWARDED'];else if(isset($_SERVER['REMOTE_ADDR']))$ipaddress = $_SERVER['REMOTE_ADDR'];else$ipaddress = 'UNKNOWN';return $ipaddress;}protected function getBrowser($agent): string{$browserAgent = "";if(strstr($agent, 'MSIE')) {$browserAgent="Internet Explorer";}else if(strstr($agent, 'Opera')) {$browserAgent="Opera";}else if(strstr($agent, 'Firefox')) {$browserAgent="Firefox";}else if(strstr($agent, 'Chrome')) {$browserAgent = "Chrome";}else if(strstr($agent, 'Safari')) {$browserAgent = "Safari";}else{$browserAgent = "unknown";}return $browserAgent;}protected function getPlatform($agent): string{$agent = strtolower($agent);$platform = "";if(strstr($agent, 'win')) {$platform="windows";}else if(strstr($agent, 'linux')) {$platform = "linux";}else{$platform = "unknown";}return $platform;}protected function getMacAddress(): string{$MAC = exec('getmac');print_r($MAC);$MAC = strtok($MAC, ' ');return $MAC;}public function printCookieArray(){global $cookieAndSessionArray;print_r($cookieAndSessionArray);}public function setCookieByUserId($userId){$userToken = $this->generateKey();$browserAgent = $this->getBrowser($_SERVER['HTTP_USER_AGENT']);$platform = $this->getPlatform($_SERVER['HTTP_USER_AGENT']);$cookieAndSession = new CookieAndSession();$cookieAndSession->cookie = $userToken;$cookieAndSession->userId = $userId;$cookieAndSession->browser = $browserAgent;$cookieAndSession->os = $platform;$cookieAndSession->timeToLive = 24 * 60 * 60;@session_start();$_SESSION["user"] = serialize($cookieAndSession);setcookie('userToken',$userToken ,time() + 1 * 24 * 3600);} }

因?yàn)檫@里我用的是自定義MVC框架，在每次加載的時(shí)候，會(huì)調(diào)用如下start函數(shù)：

public static function start(){self::setPath();self::setConfig();self::setSafe();self::setUrl();self::setAutoLoad();self::setDispatch();}

其中setSafe()就是新加的，作用是加載對(duì)應(yīng)的php文件

private static function setSafe(){$files = self::getAllFile(SAFE_PATH);foreach($files as $file){if(file_exists($file)){include $file;}}}

其中g(shù)etAllfile是獲取當(dāng)前目錄下的所有文件，如下：

private static function getAllFile($dir): array{$retArray = array();if(!is_dir($dir))return $retArray;$files = scandir($dir);foreach ($files as $file){$tmpFile = $dir . "/" . $file;if(!is_dir($tmpFile)){array_push($retArray, $dir . "/" . $file);}}return $retArray;}

其中SAFE_PATH如下：

?ROOT_PATH在index.php中定義的，如下：

index.php

<?phpdefine("ROOT_PATH", str_replace("\\", "/", dirname(__DIR__)) . "/");include ROOT_PATH . "core/App.php";\core\App::start();

當(dāng)用戶點(diǎn)擊登錄后：

其userToken就為隨機(jī)數(shù)了

后臺(tái)登錄校驗(yàn)是這樣的：

public function check(){$useName = trim($_POST["userName"]);$password = trim($_POST["password"]);$captcha = trim($_POST["captcha"]);..................$cookieTool = new CookieTool();$cookieTool->setCookieByUserId($user['user_id']);$this->success("登錄成功", '', 'dashboard', "index");}

?權(quán)限攔截如下：

public function __construct(){include VENDOR_PATH . "smarty/Smarty.class.php";$this->smarty = new \Smarty();$this->smarty->template_dir = APP_PATH . P . "/view/";$this->smarty->compile_dir = RESOURCES_PATH . "views";if(strtolower(C) != "privilege"){if(isset($_COOKIE['userToken'])){@session_start();$obj = unserialize($_SESSION["user"]);if(strcmp($_COOKIE['userToken'], $obj->cookie) != 0){$this->error("未登錄，請(qǐng)先登錄", "user", "privilege", "login");}$userModel = new UserModel();$user = $userModel->getById((int)$obj->userId);if($user){return;}}$this->error("未登錄，請(qǐng)先登錄", "user", "privilege", "login");}}

總結(jié)

以上是生活随笔為你收集整理的PHP笔记-随机生成cookie、后台检索、通过session获取ID增强安全性的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。