Forum PHP.pl > [PHP] klasa UserSession

Pomoc - Szukaj - Użytkownicy - Kalendarz

dopelganger

6.08.2013, 11:37:40

cześć
przerobiłem kod klasy UserSession pod sterownik PDO, ale nie działa, tzn sesja tylko jest tworzona, ale nie zapisuje do tabel informacji ...
Może ktoś zerknąć na kod, może wyłapie jakieś usterki :]
dzięki

[PHP] pobierz, plaintext 
<?php
 
class UserSession {
 
private $php_session_id;
private $native_session_id;
private $dbhandle;
private $logged_in;
private $user_id;
private $session_timeout = 600; # 10 minut braku aktywności
private $session_lifespan = 3600; # 1 h - ważność sesji
 
public function __construct() 
{
	global $pdo;
	global $db;
 
	try 
	{
		$pdo = new PDO('mysql:host='.$db["Host"].';dbname='.$db["Name"], $db["User"], $db["Password"]);
		$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	} 
		catch(PDOException $error)
	{
      $error->getMessage();
   }
 
session_set_save_handler(
array($this, '_session_open_method'),
array($this, '_session_close_method'),
array($this, '_session_read_method'),
array($this, '_session_write_method'),
array($this, '_session_destroy_method'),
array($this, '_session_gc_method')
);
 
$strUserAgent = $GLOBALS["HTTP_USER_AGENT"];
if ($_COOKIE["PHPSESSID"]) {
$this->php_session_id = $_COOKIE["PHPSESSID"];
$stmt = $pdo->query("SELECT id FROM users_session WHERE id_session_ascii='".$this->php_session_id."' AND ((now() - date_start) < '".$this->session_lifespan." seconds') AND user_agent='".$strUserAgent."' AND ((now() - last_action) <= '".$this->session_timeout." seconds' OR last_action IS NULL)");
if ($stmt == 0) {
$failed = 1;
$result = $pdo->exec("DELETE FROM users_session WHERE (id_session_ascii = '".$this->php_session_id."') OR (now()-date_start) > $maxlifetime)");
$result->closeCursor(); 
$result = $pdo->exec("DELETE FROM users_session_vars WHERE id_session NOT IN (SELECT id FROM users_session)");
$result->closeCursor(); 
unset($_COOKIE["PHPSESSID"]);
}
}
 
session_set_cookie_params($this->session_lifespan);
session_start();
}
 
public function IsLoggedIn() {
return($this->logged_in);
}
 
public function GetUserID() {
if ($this->logged_in) {
return($this->user_id);
} else {
return(false);
}
}
 
public function GetUserObject(){
if ($this->logged_in) {
if (class_exists("user")) {
$objUser = new User($this->user_id);
return($objUser);
} else {
return(false);
}
}
}
 
public function GetSessionIdentifier() {
return($this->php_session_id);
}
 
public function Login($strUsername,$strPlainPassword) {
$strMD5Password = md5($strPlainPassword);
$stmt = $pdo->query("SELECT id FROM users WHERE login='$strUsername' AND password='$strMD5Password' LIMIT 1");
if ($stmt->rowCount() > 0) {
$row = $stmt->fetch();
$this->user_id = $row["id"];
$this->logged_in = true;
$result = $pdo->exec("UPDATE users_session SET online=1, id_user='".$this->user_id."' WHERE id='".$native_session_id."'");
$result->closeCursor(); 
return(true);
} else {
return(false);
}
}
 
public function LogOut() {
if ($this->logged_in == true) {
$result = $pdo->exec("UPDATE users_session SET online=0, id_user=0 WHERE id='".$this->native_session_id."'");
$result->closeCursor();
$this->logged_in = false;
$this->user_id = 0;
return(true);
} else {
return(false);
} 
}
 
public function __get($nm) {
$result = $pdo->query("SELECT value_var FROM users_session_vars WHERE id_session='".$this->native_session_id."' AND name_var='".$nm."'");
if ($result->rowCount() > 0) {
$row = $result->fetch();
return(unserialize($row["value_var"]));
} else {
return(false);
}
}
 
public function __set($nm,$val) {
$strSer = serialize($val);
$stmt = $pdo->exec("INSERT INTO users_session_vars(id_session, name_var, value_var) VALUES ('".$this->native_session_id."','".$nm."','".$strSer."')");
$stmt->closeCursor();
}
 
private function _session_open_method($save_path,$session_name) {
# nie robi nic
return(true);
}
 
private function _session_close_method() {
$dbhandle->closeCursor();
return(true);
}
 
private function _session_read_method($id) {
$strUserAgent = $GLOBALS["HTTP_USER_AGENT"];
$this->php_session_id = $id;
$failed = 1;
$result = $pdo->query("SELECT id, online, id_user FROM users_session WHERE id_session_ascii='$id'");
if ($result->rowCount() > 0) {
$row = $result->fetch();
$this->native_session_id = $row["id"];
if ($row["online"] == 1) {
$this->logged_in = true;
$this->user_id = $row["id_user"];
} else {
$this->logged_in = false;
}
} else {
$this->logged_in = false;
$result = $pdo->query("INSERT INTO users_session(id_session_ascii,online,id_user,date_start,user_agent) VALUES ('".$id."','0','0','".now()."','".$strUserAgent."')");
$result->closeCursor();
$result = $pdo->query("SELECT id FROM users_session WHERE id_session_ascci='$id'");
$row = $result->fetch();
$this->native_session_id = $row["id"];
}
return("");
}
 
private function _session_write_method($id,$sess_data) {
return(true);
}
 
private function _session_destroy_method($id) {
$result = $pdo->exec("DELETE FROM users_session WHERE id_session_ascci='$id'"); 
return($result);
$result->closeCursor();
}
 
private function _session_gc_method($maxlifetime) {
return(true);
}
 
}
 
 
?>
[PHP] pobierz, plaintext

Wywołanie:

[PHP] pobierz, plaintext 
<?php
require_once URL_LOGIN.'class.UserSession.php';
$objSession = new UserSession();
 
$objSession->Login("test","*****");
?>
Zalogowany: <?=(($objSession->IsLoggedIn() == true) ? "Tak" : "NIE")?>  <!-- wyświetla NIE - dla prawidowych danych -->
 
Id zalogowanego usera: <?=$objSession->GetUserID();?>
[PHP] pobierz, plaintext

SmokAnalog

7.08.2013, 08:47:23

Debuguj wartości po kolei i sprawdzaj co jest źle.

Pytanie, które mi się nasuwa: po co używasz PDO, skoro i tak wstawiasz zapytania "na pałę"? Twój kod jest podatny na ataki SQL Injection.

To jest wersja lo-fi głównej zawartości. Aby zobaczyć pełną wersję z większą zawartością, obrazkami i formatowaniem proszę kliknij tutaj.