检查用户是否登录 [英] check if user is logged in

问题描述

我有一些基本的代码，我放在每个页面的标题，以确保用户已登录。我希望有人可以看看它，并给我一些建议：

  
 if（$ _SESSION ['logged_in'] == 1）{
 $ handle = dbconnect :: init; 
 $ result = $ handle-> select（） - > from（'session_id'）
  - > where（'session_id =？'，$ _SESSION ['SID']）
  - columns（'ip'）; 
 $ check = $ result-> fetchAll（）; 
 if（$ check [0]  - > ip！= $ _SERVER ['REMOTE_ADDR']）{//用户更改了网络
 //或有人正在尝试
 //切换cookie on us 
 return false; 
} 
} else {
 return false; 
}  

谢谢！

解决方案

你有特殊的需要从数据库中拉远程ip吗？将更容易在_SESSION中存储远程ip，而不是使用另一个查询来阻塞数据库。

您可能希望为用户提供一个选项来禁用此功能，因为他们可能必须通过透明连接到您的服务器代理与改变ip地址，例如 http://webmaster.info.aol.com/proxyinfo.html 说： blockquote> AOL成员对互联网对象的请求通常由AOL代理系统处理。当成员为多个URL请求多个文档时，每个请求可能来自不同的代理服务器。由于一个代理服务器可以有多个成员访问一个网站，网站管理员在设计网站时不应该假设成员和代理服务器之间的关系。

nit picky：你应该首先测试是否有至少一个记录，然后再尝试访问它。可能是这样的：

  if（！isset（$ check [0]）|| $ check [0]  - > ip！= $ _ SERVER ['REMOTE_ADDR']） code> 

I have some basic code that I place at the header of every page to make sure that the user is logged in. I was hoping someone could take a look at it and give me some suggestions:

if ($_SESSION['logged_in'] == 1) {
        $handle = dbconnect::init;
        $result = $handle->select()->from('session_id')
                                   ->where('session_id=?', $_SESSION['SID'])
                                   ->columns('ip');
        $check = $result->fetchAll();
        if ($check[0]->ip != $_SERVER['REMOTE_ADDR']) { //user has changed networks
                                                        // or someone is trying 
                                                        // to switch cookies on us
            return false;
        }
    } else {
        return false;
    }

Thanks!

解决方案

Do you have a special need for pulling the remote ip from the database? Would be easier to store the remote ip within _SESSION instead of bothering the database with another query.
You might want to give the user an option to disable this feature as they might have to connect to your server through transparent proxies with changing ip addresses, e.g. http://webmaster.info.aol.com/proxyinfo.html says:

AOL Members' requests for internet objects are usually handled by the AOL Proxy system. When a member requests multiple documents for multiple URLs, each request may come from a different proxy server. Since one proxy server can have multiple members going to one site, webmasters should not make assumptions about the relationship between members and proxy servers when designing their web site.

nit picky: You should first test if there is at least one record before you try to access it. Might be something like:

if ( !isset($check[0]) || $check[0]->ip!=$_SERVER['REMOTE_ADDR'] )

这篇关于检查用户是否登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！