检查用户登录 [英] check if user is logged in

问题描述

我有一些基本的code，我放置在每一页的标题，以确保用户在登录我希望有人能在这看看，并给我一些建议：

 
如果（$ _SESSION ['LOGGED_IN'] == 1）{
        $处理= DBCONNECT ::初始化;
        $结果= $把手型>选择（） - 从>（'SESSION_ID'）
                                    - >在哪里（'？SESSION_ID ='，$ _SESSION ['SID']）
                                    - >列（IP）;
        $查询= $ result->使用fetchall（）;
        如果（$检查[0]  - > IP = $ _ SERVER ['REMOTE_ADDR']）{//用户已更改网络
                                                        //或有人试图
                                                        //切换对我们的cookies
            返回false;
        }
    }其他{
        返回false;
    }  

谢谢！

解决方案

你有没有从数据库中提取的远程IP特殊需要？会更容易储存_SESSION内的远程IP，而不是与其他查询困扰的数据库。

你可能想给用户一个选项来禁用此功能，因为他们可能需要通过透明代理与更改IP地址连接到您的服务器，例如 http://webmaster.info.aol.com/proxyinfo.html 说：

AOL会员的互联网对象的请求通常是由AOL代理系统处理。当成员请求多个文档的多个URL，每个请求可能来自不同的代理服务器。由于一个代理服务器可以有多个成员去一个网站，设计他们的网站站长时，不应做出关于会员和代理服务器之间的关系的假设。

挑剔挑剔：你应该如果有至少一个记录您尝试访问它之前先测试。可能是这样的：（！使用isset（$检查[0]）|| $检查[0] - > IP = $ _ SERVER ['REMOTE_ADDR']）

 如果 

I have some basic code that I place at the header of every page to make sure that the user is logged in. I was hoping someone could take a look at it and give me some suggestions:

if ($_SESSION['logged_in'] == 1) {
        $handle = dbconnect::init;
        $result = $handle->select()->from('session_id')
                                   ->where('session_id=?', $_SESSION['SID'])
                                   ->columns('ip');
        $check = $result->fetchAll();
        if ($check[0]->ip != $_SERVER['REMOTE_ADDR']) { //user has changed networks
                                                        // or someone is trying 
                                                        // to switch cookies on us
            return false;
        }
    } else {
        return false;
    }

Thanks!

解决方案

Do you have a special need for pulling the remote ip from the database? Would be easier to store the remote ip within _SESSION instead of bothering the database with another query.
You might want to give the user an option to disable this feature as they might have to connect to your server through transparent proxies with changing ip addresses, e.g. http://webmaster.info.aol.com/proxyinfo.html says:

AOL Members' requests for internet objects are usually handled by the AOL Proxy system. When a member requests multiple documents for multiple URLs, each request may come from a different proxy server. Since one proxy server can have multiple members going to one site, webmasters should not make assumptions about the relationship between members and proxy servers when designing their web site.

nit picky: You should first test if there is at least one record before you try to access it. Might be something like:

if ( !isset($check[0]) || $check[0]->ip!=$_SERVER['REMOTE_ADDR'] )

这篇关于检查用户登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！