登录会话数据,我们能否在代码点火器中从数据库中删除会话 [英] Login sessions data and can we delete session from db in code igniter
问题描述
我使用codeigniter 3.0.1制作了登录应用程序,但遇到了一些问题。首先是,当我不选中记住我复选框时,一切都无法正常工作,并且当我关闭浏览器并再次使用直接链接 localhost / ci_login_app / index.php / account再次打开浏览器时,它仍然使用户登录
I made login app using codeigniter 3.0.1, i'm facing couple of problems. First is things are not working when i don't check the 'remember me' check box and it still logs the user in when i close the browser and open it again with direct link "localhost/ci_login_app/index.php/account" seems like
$ config ['sess_expire_on_close'] = TRUE;
$config['sess_expire_on_close'] = TRUE;
对此没有任何影响:/
have no effect on it :/
我已经这样配置config.php
i have configured config.php like this
$config['sess_driver'] = 'database';
#$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 60*60*24*7;
$config['sess_expire_on_close'] = TRUE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_save_path'] = 'ci_sessions';
#$config['sess_use_database'] = TRUE;
$config['sess_match_ip'] = FALSE;
$config['sess_regenerate_destroy'] = TRUE;
这是我的身份验证文件uesr_authentication.php
This is my authentication file uesr_authentication.php
<?php
Class User_Authentication extends CI_Controller
{
public function __construct()
{
parent::__construct();
}
// Show login page
public function index()
{
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
}
public function user_login_process()
{
$session_set_value = $this->session->all_userdata();
// Check for remember_me data in retrieved session data
if (isset($session_set_value['remember_me']) && $session_set_value['remember_me'] == "1")
{
redirect('account');
} // Check for validation
else{
$this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
}
else
{
$result = $this->model_login->login_user();
switch ($result)
{
case 'authenticated':
redirect('account');
break;
case 'incorrect_password':
echo "Error loging in, password not correct...!";
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
break;
case 'not_activated':
echo "Please activate your account before logging in...!";
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
break;
case 'incorrect_username':
echo "Error loging in, password/username not correct...!";
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
break;
default:
echo "Enter correct value, press backspace";
break;
}
}
}
}
// Logout from admin page
public function logout()
{
// Destroy session data
$this->session->sess_destroy();
$data['message_display'] = 'Successfully Logout';
redirect('account');
}
}
?>
这是我的login.php控制器
This is my login.php controller
<?php
class Login extends CI_Controller
{
public function __construct()
{
parent::__construct();
}
public function index()
{
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
}
public function login_user()
{
$this->form_validation->set_rules('username', 'User Name', 'trim|required');
$this->form_validation->set_rules('password', 'Password ','trim|required');
if($this->form_validation->run() === FALSE)
{
echo "Validations doesn't run correctly!<br>";
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
}
else
{
$result = $this->model_login->login_user();
switch ($result) {
case 'logged_in':
redirect('home');
// $this->load->view('admin_page');
break;
case 'incorrect_password':
echo "Error loging in, password not correct...!";
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
break;
case 'not_activated':
echo "Please activate your account before logging in...!";
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
break;
case 'incorrect_username':
echo "Error loging in, password/username not correct...!";
$this->load->view('layouts/header');
$this->load->view('login_form');
$this->load->view('layouts/footer');
break;
default:
# code...
break;
}
}
}
public function reset_password()
{
if (isset($_POST['email']))
{
# code...
$this->form_validation->set_rules('email','Email Address','trim|required|valid_email');
if ($this->form_validation->run() === FALSE) {
# code...
$this->load->view('layouts/header');
$this->load->view('login/view_reset_password', array('error' => 'Please provide a valid email address'));
$this->load->view('layouts/footer');
}
else
{
$email = trim($this->input->post('email'));
$result = $this->model_login->email_exists($email);
if ($result)
{
$this->send_reset_password_email($email, $result);
$this->load->view('layouts/header');
$this->load->view('login/view_reset_password_sent', array('email' => $email));
$this->load->view('layouts/footer');
}
else
{
$this->load->view('layouts/header');
$this->load->view('login/view_login_reset_password_sent', array('error' => 'Email not registerd here'));
$this->load->view('layouts/footer');
}
}
}
else
{
$this->load->view('layouts/header');
$this->load->view('login/view_reset_password');
$this->load->view('layouts/footer');
}
}
public function reset_password_form($email, $email_code)
{
if (isset($email) && isset($email_code))
{
#$email = trim($email);
$email_hash = sha1($email.$email_code);
$verified = $this->model_login->verify_reset_password_code($email, $email_code);
if ($verified)
{
$this->load->view('layouts/header');
$this->load->view('login/view_update_password',
array(
'email_hash'=>$email_hash,
'email_code'=>$email_code,
'email' => $email
));
$this->load->view('layouts/footer');
}
else
{
echo "Can't get verified";
}
}
}
public function send_reset_password_email($email, $name)
{
$this->load->library('email');
$email_code = md5($this->config->item('salt').$name);
$this->email->set_mailtype('html');
$this->email->from($this->config->item('bot_email'),'reset password email');
$this->email->to($email);
$this->email->subject('Please reset your password');
$message = "<!DOCTYPE html><html>
<head>
<title>Reset Password</title>
</head>
<body>";
$message .= "<p> Dear '{$name}'</p>";
$message .='<p> we want to help you reset your password! please <strong> <a href="'.base_url().'index.php/login/reset_password_form/'.$email.'/'.$email_code.'">Click here </a> </strong> to reset your password</p>';
$message .="<p>Thank you</p>";
$message .="</body></html>";
$this->email->message($message);
$this->email->send();
}
public function update_password()
{
print_r($_REQUEST);
$email = $this->input->post('email');
$email_hash = $this->input->post('email_hash');
$email_code = sha1($this->input->post('email').$this->input->post('email_code'));
if (!isset($email,$email_hash) || ($email_hash != $email_code))
{
# code...
die("Error updating password, unauthorize access");
}
$this->form_validation->set_rules('email_hash', 'Email Hash', 'trim|required');
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
$this->form_validation->set_rules('new-password', 'password', 'trim|required|matches[new-password-again]');
$this->form_validation->set_rules('new-password-again', 'password', 'trim|required');
if ($this->form_validation->run() === FALSE)
{
$this->load->view('layouts/header');
$this->load->view('login/view_update_password');
$this->load->view('layouts/footer');
}
else
{
$result = $this->model_login->update_password();
if ($result)
{
$this->load->view('layouts/header');
$this->load->view('login/view_update_password_success');
$this->load->view('layouts/footer');
}
else
{
$this->load->view('layouts/header');
$this->load->view('login/view_update_password',array(
'error' => 'problem updating your password please contact site admin xyz@abc.com' ));
$this->load->view('layouts/footer');
}
}
}
}
?>
这是我的模型类model_login.php
This is my model class model_login.php
<?php
class Model_login extends CI_Model
{
public function __construct()
{
# code...
parent::__construct();
}
public function login_user()
{
$username = $this->input->post('username');
#$password = $this->input->post('password');
$remember = $this->input->post('remember_me');
$userpass = sha1($this->config->item('salt').$this->input->post('password'));
$sql = "SELECT * FROM users WHERE username = '{$username}' LIMIT 1";
$result = $this->db->query($sql);
$row = $result->row();
if($result->num_rows() == 1)
{
if($row->activated)
{
if ($row->password == $userpass)
{
if ($remember)
{
$this->session->set_userdata('remember_me', TRUE);
$this->config->set_item('sess_expire_on_close', FALSE);
}
$sess_data = array(
'username' => $username,
'password' => $userpass
);
$this->session->set_userdata('logged_in', $sess_data);
return 'authenticated';
}
else
{
return 'incorrect_password';
}
}
else
{
return 'not_activated';
}
}
else
{
return 'incorrect_username';
}
}
public function email_exists($email)
{
$sql = "SELECT name , email FROM users WHERE email = '{$email}' LIMIT 1";
$result = $this->db->query($sql);
$row = $result->row();
return ($result->num_rows() === 1 && $row->email) ? $row->name : false;
}
public function verify_reset_password_code($email, $code)
{
$sql = "SELECT name, email FROM users WHERE email = '{$email}' LIMIT 1";
$result = $this->db->query($sql);
$row = $result->row();
if ($result->num_rows() === 1)
{
return ($code == md5($this->config->item('salt').$row->name)) ? true : false;
}
else
return false;
}
public function update_password()
{
$email = $this->input->post('email');
echo $this->input->post('password')."<br>";
$password = sha1($this->config->item('salt').$this->input->post('new-password'));
echo $this->input->post('password')." hashed password <br>";
$sql = "UPDATE users SET password = '{$password}' WHERE email = '{$email}' LIMIT 1";
$this->db->query($sql);
if (isset($sql)) {
return true;
}
else
{
return false;
}
}
private function set_session($session_data)
{
$sess_data = array(
'id' => $session_data['id'],
'name' => $session_data['name'],
'username' => $session_data['username'],
'email' => $session_data['email'],
'logged_in' => 1 );
$this->session->set_userdata($sess_data);
}
}
?>
我仅在用户登录时设置会话,第二个问题是生成的记录太多当我们访问/重新访问页面时,时不时在db中,如何处理db中的记录?当用户注销时,如何删除记录?只是取消了调用
I'm setting session only when user logs in, Second problem is that there are so many records generated from time to time in db when we visiting/revisiting page, how do we handle record in db how do we delete the record when user logs out ? It just unset the data on calling
$ this-> session-> sess_destroy();
$this->session->sess_destroy();
我已经从两天内开始搜索了,如果有人可以帮助我,我将不胜感激。我有一会儿能看到这些设置/代码,但我不知道发生了什么,一切都搞砸了。
如果需要其他文件,请告诉我。预先感谢
i have been searching on it from more than two days, if anyone can help i would be grateful. I had a moment when these setting/code worked spot on but i don't know what happened it all messed up. If any other file is required please tell me. Thanks in advance
推荐答案
垃圾收集器
CI是一个href = https://ellislab.com/codeigniter/user-guide/libraries/sessions.html rel = nofollow noreferrer>(旧)CodeIgniter文档,它有自己的垃圾收集器。对于CI 3.x,这仍然仍然正确
Garbage Collector
As mentioned in the (old) CodeIgniter docs, CI has his own Garbage Collector. This is still true for CI 3.x
Session类具有内置的垃圾收集器,可以清除
会话已过期,因此您无需编写自己的例程即可执行
。
The Session class has built-in garbage collection which clears out expired sessions so you do not need to write your own routine to do it.
在CI论坛中,垃圾收集器使用 session.gc_probability 和由 php.ini 提供的session.gc_divisor值来调用清除过程。 (默认情况下,发出会话请求时有1%的机会清理旧会话)
As stated in the CI forum, the Garbage Collector uses session.gc_probability and session.gc_divisor values, provided by your php.ini, to invoke the cleanup process. (By default, there is a chance of 1% to clean up the old sessions when making a session request)
无论如何,建议您将 sess_regenerate_destroy 设置为 FALSE (根据新版CI文档)
Anyway, I'd suggest you to set sess_regenerate_destroy to FALSE (according to the newer CI docs)
在自动重新生成旧的会话ID
时是否销毁与旧会话ID相关联的会话数据会话ID。设置为FALSE时,数据
随后将由垃圾收集器删除。
Whether to destroy session data associated with the old session ID when auto-regenerating the session ID. When set to FALSE, the data will be later deleted by the garbage collector.
关闭标签页上的会话
$ config ['sess_expire_on_close'] 不可用不再在CI 3.x中
Destroy session on tab close
$config['sess_expire_on_close'] is not available anymore in CI 3.x
要使用JavaScript检测浏览器或标签页是否关闭(但不太可靠),请查看此答案。
使会话持续到关闭浏览器的最简单方法是将 session_expiration 的值设置为 0 。
For detecting the browser or tab close by using JavaScript (but it is slightly unreliable) , take a look on this answer.
The easiest way to make a session last until the browser is being closed is to set the session_expiration value to 0.
您希望会话持续的秒数。如果您希望
像一个未到期的会话(直到关闭浏览器),则将值设置为
零:0
The number of seconds you would like the session to last. If you would like a non-expiring session (until browser is closed) set the value to zero: 0
这篇关于登录会话数据,我们能否在代码点火器中从数据库中删除会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
