PHP中使用session写一个CLASS,假设数据库中已经存在会员ID,密码,会员等级信息,条件:1.session5分钟自动登出,handling假设已经存在。2.会员等级检查(管理者,中间管理者,使用者)。3.不同IP地址相同账户登录检查。下面是我写的,请高手修正
class Login
{
var $username; //user name
var $userpass; //user password
var $userid; //user id
var $userlevel; //user level
var $userip; //IP var $err_mysql="mysql error"; //mysql error
var $err_username="username invalid";
var $err_password="password error"; var $err; //error
var $errorreport=false; function Login($dbserv,$dbport,$dbuser,$dbpass,$dbname) //connect DB
{
if(@mysql_pconnect($dbserv.":".$dbport,$dbuser,$dbpass))
{
mysql_select_db($dbname);
}else
{
$this->errReport($this->err_mysql);
$this->err=$this->err_mysql;
}
} function getIP ()
{
global $_SERVER;
if (getenv('HTTP_CLIENT_IP'))
{
$userip = getenv('HTTP_CLIENT_IP');
}else if (getenv('HTTP_X_FORWARDED_FOR'))
{
$userip = getenv('HTTP_X_FORWARDED_FOR');
}else if (getenv('REMOTE_ADDR'))
{
$userip = getenv('REMOTE_ADDR');
}else
{
$userip = $_SERVER['REMOTE_ADDR'];
}
return $userip;
} function user_mktime($onlinetime)
{
$now_time = mktime();
if($now_time-$onlinetime > '300')
{
echo "Session expired, please logon again!";
exit();
session_destroy();
}else
{
$_SESSION[times]=mktime();
}
} function userAuth($username,$userpass,$userip) //userAuth
{
$this->username=$username;
$this->userpass=$userpass;
$this->userip=$userip;
$query="select * from `".$this->authtable."` where `username`='$username';";
$result=mysql_query($query);
if(mysql_num_rows($result)!=0) //find user
{
$row=mysql_fetch_array($result);
if(md5($userpass)==$row['userpass']) //check passwd
{
if($this->userip=$row['userip'])
{
$this->userid=$row['userid'];
$this->userlevel=$row['userlevel'];
return true;
}else
{
echo "you have logged in!";
exit();
session_destroy();
}
}else //wrong passwd
{
$this->errReport($this->err_password);
$this->err=$this->err_password;
return false;
}
}else //no user
{
$this->errReport($this->err_username);
$this->err=$this->err_username;
return false;
}
} function setSession() //set session
{
$sid=uniqid('sid'); //sid
session_id($sid);
session_start();
$_SESSION['username']=$this->username;
$_SESSION['userid']=$this->userid;
$_SESSION['userlevel']=$this->userlevel;
$_SESSION['userip']=$this->userip;
} function errReport($str) //err report
{
if($this->error_report)
echo "ERROR: $str";
}
}
?>
class Login
{
var $username; //user name
var $userpass; //user password
var $userid; //user id
var $userlevel; //user level
var $userip; //IP var $err_mysql="mysql error"; //mysql error
var $err_username="username invalid";
var $err_password="password error"; var $err; //error
var $errorreport=false; function Login($dbserv,$dbport,$dbuser,$dbpass,$dbname) //connect DB
{
if(@mysql_pconnect($dbserv.":".$dbport,$dbuser,$dbpass))
{
mysql_select_db($dbname);
}else
{
$this->errReport($this->err_mysql);
$this->err=$this->err_mysql;
}
} function getIP ()
{
global $_SERVER;
if (getenv('HTTP_CLIENT_IP'))
{
$userip = getenv('HTTP_CLIENT_IP');
}else if (getenv('HTTP_X_FORWARDED_FOR'))
{
$userip = getenv('HTTP_X_FORWARDED_FOR');
}else if (getenv('REMOTE_ADDR'))
{
$userip = getenv('REMOTE_ADDR');
}else
{
$userip = $_SERVER['REMOTE_ADDR'];
}
return $userip;
} function user_mktime($onlinetime)
{
$now_time = mktime();
if($now_time-$onlinetime > '300')
{
echo "Session expired, please logon again!";
exit();
session_destroy();
}else
{
$_SESSION[times]=mktime();
}
} function userAuth($username,$userpass,$userip) //userAuth
{
$this->username=$username;
$this->userpass=$userpass;
$this->userip=$userip;
$query="select * from `".$this->authtable."` where `username`='$username';";
$result=mysql_query($query);
if(mysql_num_rows($result)!=0) //find user
{
$row=mysql_fetch_array($result);
if(md5($userpass)==$row['userpass']) //check passwd
{
if($this->userip=$row['userip'])
{
$this->userid=$row['userid'];
$this->userlevel=$row['userlevel'];
return true;
}else
{
echo "you have logged in!";
exit();
session_destroy();
}
}else //wrong passwd
{
$this->errReport($this->err_password);
$this->err=$this->err_password;
return false;
}
}else //no user
{
$this->errReport($this->err_username);
$this->err=$this->err_username;
return false;
}
} function setSession() //set session
{
$sid=uniqid('sid'); //sid
session_id($sid);
session_start();
$_SESSION['username']=$this->username;
$_SESSION['userid']=$this->userid;
$_SESSION['userlevel']=$this->userlevel;
$_SESSION['userip']=$this->userip;
} function errReport($str) //err report
{
if($this->error_report)
echo "ERROR: $str";
}
}
?>
session_destroy();
exit();exit后程序不会再执行了