在

PHP筆記-用戶登錄&權限攔截說明

這篇博文中設置Cookie時用的是數據庫的用戶id。這樣有問題，用戶可以隨意改動ID，從而獲取不同的用戶權限。

這里我們更新下，增加點安全性。構造safe包

內容如下：

CookieAndSession.php

<?phpnamespace safe;class CookieAndSession{public $cookie;public $userId;public $browser;public $os;public $timeToLive; }

CookieTool.php

<?phpnamespace safe;class CookieTool{protected function generateKey(): string{$length = 32;$retKey = "";for ($i = 0; $i < $length; $i++){$retKey .= chr(mt_rand(33, 126));}return $retKey;}protected function getIPAddress(): string{$ipaddress = "";if (isset($_SERVER['HTTP_CLIENT_IP']))$ipaddress = $_SERVER['HTTP_CLIENT_IP'];else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];else if(isset($_SERVER['HTTP_X_FORWARDED']))$ipaddress = $_SERVER['HTTP_X_FORWARDED'];else if(isset($_SERVER['HTTP_FORWARDED_FOR']))$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];else if(isset($_SERVER['HTTP_FORWARDED']))$ipaddress = $_SERVER['HTTP_FORWARDED'];else if(isset($_SERVER['REMOTE_ADDR']))$ipaddress = $_SERVER['REMOTE_ADDR'];else$ipaddress = 'UNKNOWN';return $ipaddress;}protected function getBrowser($agent): string{$browserAgent = "";if(strstr($agent, 'MSIE')) {$browserAgent="Internet Explorer";}else if(strstr($agent, 'Opera')) {$browserAgent="Opera";}else if(strstr($agent, 'Firefox')) {$browserAgent="Firefox";}else if(strstr($agent, 'Chrome')) {$browserAgent = "Chrome";}else if(strstr($agent, 'Safari')) {$browserAgent = "Safari";}else{$browserAgent = "unknown";}return $browserAgent;}protected function getPlatform($agent): string{$agent = strtolower($agent);$platform = "";if(strstr($agent, 'win')) {$platform="windows";}else if(strstr($agent, 'linux')) {$platform = "linux";}else{$platform = "unknown";}return $platform;}protected function getMacAddress(): string{$MAC = exec('getmac');print_r($MAC);$MAC = strtok($MAC, ' ');return $MAC;}public function printCookieArray(){global $cookieAndSessionArray;print_r($cookieAndSessionArray);}public function setCookieByUserId($userId){$userToken = $this->generateKey();$browserAgent = $this->getBrowser($_SERVER['HTTP_USER_AGENT']);$platform = $this->getPlatform($_SERVER['HTTP_USER_AGENT']);$cookieAndSession = new CookieAndSession();$cookieAndSession->cookie = $userToken;$cookieAndSession->userId = $userId;$cookieAndSession->browser = $browserAgent;$cookieAndSession->os = $platform;$cookieAndSession->timeToLive = 24 * 60 * 60;@session_start();$_SESSION["user"] = serialize($cookieAndSession);setcookie('userToken',$userToken ,time() + 1 * 24 * 3600);} }

因為這里我用的是自定義MVC框架，在每次加載的時候，會調用如下start函數：

public static function start(){self::setPath();self::setConfig();self::setSafe();self::setUrl();self::setAutoLoad();self::setDispatch();}

其中setSafe()就是新加的，作用是加載對應的php文件

private static function setSafe(){$files = self::getAllFile(SAFE_PATH);foreach($files as $file){if(file_exists($file)){include $file;}}}

其中getAllfile是獲取當前目錄下的所有文件，如下：

private static function getAllFile($dir): array{$retArray = array();if(!is_dir($dir))return $retArray;$files = scandir($dir);foreach ($files as $file){$tmpFile = $dir . "/" . $file;if(!is_dir($tmpFile)){array_push($retArray, $dir . "/" . $file);}}return $retArray;}

其中SAFE_PATH如下：

?ROOT_PATH在index.php中定義的，如下：

index.php

<?phpdefine("ROOT_PATH", str_replace("\\", "/", dirname(__DIR__)) . "/");include ROOT_PATH . "core/App.php";\core\App::start();

當用戶點擊登錄后：

其userToken就為隨機數了

后臺登錄校驗是這樣的：

public function check(){$useName = trim($_POST["userName"]);$password = trim($_POST["password"]);$captcha = trim($_POST["captcha"]);..................$cookieTool = new CookieTool();$cookieTool->setCookieByUserId($user['user_id']);$this->success("登錄成功", '', 'dashboard', "index");}

?權限攔截如下：

public function __construct(){include VENDOR_PATH . "smarty/Smarty.class.php";$this->smarty = new \Smarty();$this->smarty->template_dir = APP_PATH . P . "/view/";$this->smarty->compile_dir = RESOURCES_PATH . "views";if(strtolower(C) != "privilege"){if(isset($_COOKIE['userToken'])){@session_start();$obj = unserialize($_SESSION["user"]);if(strcmp($_COOKIE['userToken'], $obj->cookie) != 0){$this->error("未登錄，請先登錄", "user", "privilege", "login");}$userModel = new UserModel();$user = $userModel->getById((int)$obj->userId);if($user){return;}}$this->error("未登錄，請先登錄", "user", "privilege", "login");}}

總結

以上是生活随笔為你收集整理的PHP笔记-随机生成cookie、后台检索、通过session获取ID增强安全性的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。