I am building a website that allows user to sign in. I currently have the register & login set up using jQuery -> php(on server) -> db and back, but now I am at lost on how to handle once the user logs in.
我正在构建一个允许用户登录的网站。我目前使用jQuery设置注册和登录 - > php(在服务器上) - > db和back,但现在我迷失了如何处理用户日志在。
For example, if I wanted to call up user's data in member's page, how should I verify that the user is the authentic user? Should I save the id and password as variables/cookies(is it even safe?) and use that to get the user's info in the member's page? Or is there a better way to handle user's data more securely?
例如,如果我想在成员页面中调用用户数据,我该如何验证用户是否是真实用户?我应该将id和密码保存为变量/ cookie(它是否安全?)并使用它来获取会员页面中的用户信息?或者是否有更好的方法来更安全地处理用户的数据?
I tried looking all over the place but I couldn't find a good place where architecture was explained well so I'm turning to SO for help!
我试着到处寻找,但我找不到一个很好的解释建筑物的地方,所以我转向SO求助!
Thanks in advance!
提前致谢!
2 个解决方案
#1
You should check the login status in every page.
您应该检查每个页面中的登录状态。
During login save the user id in a session variable and use another one simply as a flag namely
在登录期间,将用户ID保存在会话变量中,并使用另一个简单地作为标志
$_session['user_id'] = 24; // user id in db
$_session['is_user_logged_in'] = 1; //set a flag
check the value of 2nd session variable in every page
检查每个页面中第二个会话变量的值
session_start();
if(!isset($_session['is_user_logged_in'] || $_session['is_user_logged_in'] !=1)){
header('location:login.php');
}
I suggest you to write this code in a separate file (login_check.php) and include it in every file
我建议你将这段代码写在一个单独的文件(login_check.php)中,并将其包含在每个文件中
include 'login_check.php'
following this procedure will help you to get login status and id of current logged in user wherever you want.
遵循此过程将帮助您在任何位置获取当前登录用户的登录状态和ID。
And in logout page you have to destroy all you session values by using
在注销页面中,您必须使用以销毁所有会话值
session_destory();
#2
Abhinav pointed me in the right direction, but just in case someone else stumbles across the same problem, correct starting place is the php session.
Abhinav指出我正确的方向,但万一其他人偶然遇到同样的问题,正确的起点是php会话。
http://www.formget.com/login-form-in-php/ - an excellent tutorial on php login with sessions
http://www.formget.com/login-form-in-php/ - 一个关于php登录会话的优秀教程
#1
You should check the login status in every page.
您应该检查每个页面中的登录状态。
During login save the user id in a session variable and use another one simply as a flag namely
在登录期间,将用户ID保存在会话变量中,并使用另一个简单地作为标志
$_session['user_id'] = 24; // user id in db
$_session['is_user_logged_in'] = 1; //set a flag
check the value of 2nd session variable in every page
检查每个页面中第二个会话变量的值
session_start();
if(!isset($_session['is_user_logged_in'] || $_session['is_user_logged_in'] !=1)){
header('location:login.php');
}
I suggest you to write this code in a separate file (login_check.php) and include it in every file
我建议你将这段代码写在一个单独的文件(login_check.php)中,并将其包含在每个文件中
include 'login_check.php'
following this procedure will help you to get login status and id of current logged in user wherever you want.
遵循此过程将帮助您在任何位置获取当前登录用户的登录状态和ID。
And in logout page you have to destroy all you session values by using
在注销页面中,您必须使用以销毁所有会话值
session_destory();
#2
Abhinav pointed me in the right direction, but just in case someone else stumbles across the same problem, correct starting place is the php session.
Abhinav指出我正确的方向,但万一其他人偶然遇到同样的问题,正确的起点是php会话。
http://www.formget.com/login-form-in-php/ - an excellent tutorial on php login with sessions
http://www.formget.com/login-form-in-php/ - 一个关于php登录会话的优秀教程