时间戳

首页 > 解决方案 > 自动检查登录处理程序上的用户角色,而不是检查每个页面上的会话?

php - 自动检查登录处理程序上的用户角色,而不是检查每个页面上的会话?

问题描述

我正在尝试向我的网站添加登录信息。我在互联网上搜索示例我发现了两个登录系统

这个这个

我想使用第二个,这个对我来说看起来更完整。我不是编码员,我需要你的建议。

我确实在每个受保护的页面上使用此代码检查用户角色

if(!$isLoggedIn || $_SESSION["role"] != admin) {
    echo "you dont have permissions to access this page";
    exit();
}elseif(!$isLoggedIn || $_SESSION["role"] != normal){
    echo "you dont have permissions to access this page";
    exit();
}elseif(!$isLoggedIn || $_SESSION["role"] != notactive){
    echo "you must update your account";
    exit();
}

第一个问题。如何将上述代码与 sessionCheck.php 中的 cookie 检查集成

require_once "Auth.php";
require_once "Util.php";

$auth = new Auth();
$util = new Util();

// Get Current date, time
$current_time = time();
$current_date = date("Y-m-d H:i:s", $current_time);

// Set Cookie expiration for 1 month
$cookie_expiration_time = $current_time + (30 * 24 * 60 * 60);  // for 1 month

$isLoggedIn = false;

// Check if loggedin session and redirect if session exists
if(!empty($_SESSION["uid"])) {
    $isLoggedIn = true;
}
// Check if loggedin session exists
else if(!empty($_COOKIE["member_login"]) && !empty($_COOKIE["random_password"]) && !empty($_COOKIE["random_selector"])) {
    // Initiate auth token verification directive to false
    $isPasswordVerified = false;
    $isSelectorVerified = false;
    $isExpiryDateVerified = false;

    // Get token for username
    $userToken = $auth->getTokenByUsername($_COOKIE["member_login"],0);

    // Validate random password cookie with database
    if(password_verify($_COOKIE["random_password"], $userToken[0]["password_hash"])) {
        $isPasswordVerified = true;
    }

    // Validate random selector cookie with database
    if(password_verify($_COOKIE["random_selector"], $userToken[0]["selector_hash"])) {
        $isSelectorVerified = true;
    }

    // check cookie expiration by date
    if($userToken[0]["expiry_date"] >= $current_date) {
        $isExpiryDareVerified = true;
    }

    // Redirect if all cookie based validation retuens true
    // Else, mark the token as expired and clear cookies
    if(!empty($userToken[0]["id"]) && $isPasswordVerified && $isSelectorVerified && $isExpiryDareVerified) {
        $isLoggedIn = true;
    } else {
        if(!empty($userToken[0]["id"])) {
            $auth->markAsExpired($userToken[0]["id"]);
        }
        // clear cookies
        $util->clearAuthCookie();
    }
}

第二个问题你推荐我用哪一个?

标签: php

解决方案

假设$userToken包含该role属性,这应该可以工作。

require_once "Auth.php";
require_once "Util.php";

$auth = new Auth();
$util = new Util();

// Get Current date, time
$current_time = time();
$current_date = date("Y-m-d H:i:s", $current_time);

// Set Cookie expiration for 1 month
$cookie_expiration_time = $current_time + (30 * 24 * 60 * 60);  // for 1 month

$isLoggedIn = false;
$role = null;

// Check if loggedin session and redirect if session exists
if(!empty($_SESSION["uid"])) {
    $isLoggedIn = true;
    $role = (isset($_SESSION["role"]) ? $_SESSION["role"] : null);
}
// Check if loggedin session exists
else if(!empty($_COOKIE["member_login"]) && !empty($_COOKIE["random_password"]) && !empty($_COOKIE["random_selector"])) {
    // Initiate auth token verification directive to false
    $isPasswordVerified = false;
    $isSelectorVerified = false;
    $isExpiryDateVerified = false;

    // Get token for username
    $userToken = $auth->getTokenByUsername($_COOKIE["member_login"],0);

    // Validate random password cookie with database
    if(password_verify($_COOKIE["random_password"], $userToken[0]["password_hash"])) {
        $isPasswordVerified = true;
    }

    // Validate random selector cookie with database
    if(password_verify($_COOKIE["random_selector"], $userToken[0]["selector_hash"])) {
        $isSelectorVerified = true;
    }

    // check cookie expiration by date
    if($userToken[0]["expiry_date"] >= $current_date) {
        $isExpiryDareVerified = true;
    }

    // Redirect if all cookie based validation retuens true
    // Else, mark the token as expired and clear cookies
    if(!empty($userToken[0]["id"]) && $isPasswordVerified && $isSelectorVerified && $isExpiryDareVerified) {
        $isLoggedIn = true;
        $role = (isset($userToken[0]["role"]) ? $userToken[0]["role"] : null);
    } else {
        if(!empty($userToken[0]["id"])) {
            $auth->markAsExpired($userToken[0]["id"]);
        }
        // clear cookies
        $util->clearAuthCookie();
    }
}

if (!$isLoggedIn || $role != "admin") {
    echo "you dont have permissions to access this page";
    exit();
} else if (!$isLoggedIn || $role != "normal") {
    echo "you dont have permissions to access this page";
    exit();
} else if (!$isLoggedIn || $role != "notactive") {
    echo "you must update your account";
    exit();
}

推荐阅读