我正在建立一个拥有3种类型的用户的网站:
-those who are registered and are subscribed for current month
-those that are registered, but are not subscribed for current month
-users that are not registered (you cant be subscribed if you are not regitered)
我创建了识别这3种用户并适当采取行动的代码。我的问题是,这是走的路吗?我以前从未做过类似的事情。还是应该重新编程我的方法?
//login.php
//connect to database and see if a user and password combination exists. Store $exists=0 if not, and $exists=1 if it exists.
session_start();
$conn = new mysqli($hn,$un,$pw,$db);
if ($conn->connect_error){
die($conn->connect_error);
}
$query = "SELECT COUNT(1) as 'exists',expiration_date FROM table WHERE email = ? AND password = ?;";
$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $email, $password);
$email = $_POST["email"];
$password = hash("hashingalgorithm", "salt".$_POST["password"]."salthere");
$stmt->execute();
/* Get the result */
$result = $stmt->get_result();
$num_of_rows = $result->num_rows;
$row = $result->fetch_assoc();
$exists = $row["exists"];
$expiration_date = $row["expiration_date"];
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
$conn->close();
date_default_timezone_set('Europe/Berlin');
if ($exists==0){
echo "Wrong email or password";
$_SESSION['loginerror'] = 2;
header('Location: https://www.homepage.com/login');
}else if ($exists){
if (strtotime($expiration_date) < (strtotime("now"))){//logged in, but not subscribed
session_destroy();
session_start();
$_SESSION["authenticated"] = true;
header('Location: https://www.homepage.com');
}else{//logged in and ready to go
$_SESSION["authenticated"] = true;
$_SESSION["email"] = $email;
header('Location: https://www.homepage.com');
}
}else{
echo "An error with has occured.";
}
然后,在我网站的每个页面上,我都使用此代码,以查看什么样的用户访问了我
session_start();
if(isset($_SESSION["authenticated"]) && isset($_SESSION["email"])){
$email = $_SESSION["email"];
//connect to database and fetch expiration_date for a user with $email. Store it in $expiration_date
$conn = new mysqli($hn,$un,$pw,$db);
if ($conn->connect_error){
die($conn->connect_error);
}
$query = "SELECT expiration_date FROM table WHERE email = ?;";
$stmt = $conn->prepare($query);
$stmt->bind_param("s", $email);
$email = $_SESSION["email"];
$stmt->execute();
/* Get the result */
$result = $stmt->get_result();
$num_of_rows = $result->num_rows;
$row = $result->fetch_assoc();
$expiration_date = $row["expiration_date"];
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
$conn->close();
date_default_timezone_set('Europe/Berlin');
if (strtotime($expiration_date) < (strtotime("now"))){//logged in, but not subscribed
session_destroy();
session_start();
$_SESSION["authenticated"] = true;
header('Location: https://www.homepage.com');
}else{ //html for subsribed and registered user
echo <<<_END
//html here
_END;
}
}else if(isset($_SESSION["authenticated"]) && !isset($_SESSION["email"])){
// user is logged in, but not subscribed;
echo <<<_END
//htmlhere
_END;
}else{// user is not registered nor is subscribed
echo <<<_END
//htmlhere
_END;
}
该代码有效,但是我担心一旦用户注册并订阅,就可以访问每个页面上的数据库。我实际上是在惩罚用户注册和订阅。
是否有更好的,性能更佳的方式来解决此类问题?
最佳答案
据我了解,您已经有一个有效的代码。而您要问的是意见。您希望在 checkin 数据库以进行身份验证和订阅的每一页中删除重复项。
我认为您需要更改 session 的使用方式,
$_session['email'] // email address of user
$_session['auth_type'] // holds authentication type
$_session['auth_till'] // subscription expire date
然后让create函数检查订阅。可以将此函数放在一个单独的文件中,例如:init.php。在这里,我们可以设置 session 启动机制,以便在任何情况下都可以使用 session 。
if(!isset($_SESSION))
session_start(); // start session if not already started
// lets define global vars to hold authentication type of visitor
define("SUBSCRIBED",1);
define("UN_SUBSCRIBED",2);
define("REGISTERED",3);
function checkSubscription():bool{
$return = false;
if(($_session['auth_type']==SUBSCRIBED)&&(strtotime($_session['auth_till']) < strtotime("now")))
$return= true;
return $return
}
并且在login.php上使用相同的技术,同时设置 session 身份验证类型。
现在,任何其他页面都可以简单地使用功能来检查订阅
例如:
<?php
// file: product.php
include_once("init.php");
if(!checkSubscription()){
// subscription finished. do what you need to do. otherwise continue.
}
您的代码可以做很多改进。但是我认为这可以满足您的需求。如果您需要其他任何帮助,请告诉我。请访问Scape,让我知道那里是否有任何有用的编码。