PHP用户类(登录/注销/注册) [英] PHP user class (login/logout/signup)
问题描述
开始尝试构建类,我开始将我的用户注册/登录转换为单个类。
class UserService
{
private $ _email ;
private $ _password;
public function login($ email,$ password)
{
$ this-> _email = mysql_real_escape_string($ email);
$ this-> _password = mysql_real_escape_string($ password);
$ user_id = $ this-> _checkCredentials();
if($ user_id){
$ _SESSION ['user_id'] = $ user_id;
return $ user_id;
}
return false;
}
protected function _checkCredentials()
{
$ query =SELECT *
FROM users
WHERE email ='$ this- > _email';
$ result = mysql_query($ query);
if(!empty($ result)){
$ user = mysql_fetch_assoc($ result);
$ submitted_pass = sha1($ user ['salt']。$ this-> _password);
if($ submitted_pass == $ user ['password']){
return $ user ['id'];
}
}
return false;
}
}
我有一个问题,是:我应该建立如下:
$ User = new UserService();
$ User-> login($ _ POST ['email'],$ _POST ['password']);
login方法自动调用_checkCredentials方法。
或者应该像下面这样构建:
$ User = new UserService
$ UserId = $ User-> checkCredentials($ _ POST ['email'],$ _POST ['password']);
$ User-> login($ UserId);
除此之外,我喜欢一些关于如何重组的提示, m做错了!
感谢各人
想法是将用户处理(会话)与数据库查询分开,这在我看来是一件好事。
不是你的实际实现的情况,因为 login 转义要发送到数据库的数据,即使该方法的其余部分与数据库没有任何关系。不是说您的数据库查询取决于要工作的全局资源。
此外,您的属性 $ _ email $ _ password 在私有作用域中,但是通过受保护的方法访问。这可能会导致问题。 属性和方法应具有等同的可见性。
UserService 需要三件事情::数据库处理程序,电子邮件和密码。 以下是我的操作方式:
class UserService
{
protected $ _email; // using protected so they can be accessed
protected $ _password; //如果必要,重写
protected $ _db; //存储数据库处理程序
protected $ _user; //存储用户数据
public function __construct(PDO $ db,$ email,$ password)
{
$ this-> _db = $ db;
$ this-> _email = $ email;
$ this-> _password = $ password;
}
public function login()
{
$ user = $ this-> _checkCredentials();
if($ user){
$ this-> _user = $ user; //存储它以便以后可以访问
$ _SESSION ['user_id'] = $ user ['id'];
return $ user ['id'];
}
return false;
}
受保护的函数_checkCredentials()
{
$ stmt = $ this-> _db-> prepare('SELECT * FROM users WHERE email =? ');
$ stmt-> execute(array($ this-> email));
if($ stmt-> rowCount()> 0){
$ user = $ stmt-> fetch(PDO :: FETCH_ASSOC);
$ submitted_pass = sha1($ user ['salt']。$ this-> _password);
if($ submitted_pass == $ user ['password']){
return $ user;
}
}
return false;
}
public function getUser()
{
return $ this-> _user;
}
}
然后使用它:
$ pdo = new PDO('mysql:dbname = mydb','myuser','mypass');
$ userService = new UserService($ pdo,$ _POST ['email'],$ _POST ['password']);
if($ user_id = $ userService-> login()){
echo'将其作为用户id:'记录$ user_id;
$ userData = $ userService-> getUser();
// do stuff
} else {
echo'Invalid login';
}
Started experimenting with building classes, and I've began by converting my user registration/login into a single class. Wanted to stop and ask for feedback before getting too far.
class UserService
{
private $_email;
private $_password;
public function login($email, $password)
{
$this->_email = mysql_real_escape_string($email);
$this->_password = mysql_real_escape_string($password);
$user_id = $this->_checkCredentials();
if($user_id){
$_SESSION['user_id'] = $user_id;
return $user_id;
}
return false;
}
protected function _checkCredentials()
{
$query = "SELECT *
FROM users
WHERE email = '$this->_email'";
$result = mysql_query($query);
if(!empty($result)){
$user = mysql_fetch_assoc($result);
$submitted_pass = sha1($user['salt'] . $this->_password);
if($submitted_pass == $user['password']){
return $user['id'];
}
}
return false;
}
}
One of the questions I do have related to my class is: should I be building it as this:
$User = new UserService();
$User->login($_POST['email'], $_POST['password']);
Where the login method calls the _checkCredentials method automatically. Or should it be built like:
$User = new UserService();
$UserId = $User->checkCredentials($_POST['email'], $_POST['password']);
$User->login($UserId);
Other than that I've love some tips on how to restructure this and please point out anything I'm doing wrong!
thanks guys
I think your main idea was to separate the user handling (session) from the database query, which is a good thing in my opinion.
However, this is not the case with your actual implementation, because login escapes the data to be sent to the database, even if the rest of the method does not having anything to do with databases. Not to say that your database query depends on a global resource to work. While I'm at it, I will also suggest you use PDO.
Also, your properties $_email and $_password are in the private scope, but are to be accessed by a protected method. This may cause problems. The properties and the method should have equivalent visibility.
Now, I can see that your UserService requires three things: a database handler, an email and a password. It would make sense to put it in a constructor.
Here's how I would do it:
class UserService
{
protected $_email; // using protected so they can be accessed
protected $_password; // and overidden if necessary
protected $_db; // stores the database handler
protected $_user; // stores the user data
public function __construct(PDO $db, $email, $password)
{
$this->_db = $db;
$this->_email = $email;
$this->_password = $password;
}
public function login()
{
$user = $this->_checkCredentials();
if ($user) {
$this->_user = $user; // store it so it can be accessed later
$_SESSION['user_id'] = $user['id'];
return $user['id'];
}
return false;
}
protected function _checkCredentials()
{
$stmt = $this->_db->prepare('SELECT * FROM users WHERE email=?');
$stmt->execute(array($this->email));
if ($stmt->rowCount() > 0) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$submitted_pass = sha1($user['salt'] . $this->_password);
if ($submitted_pass == $user['password']) {
return $user;
}
}
return false;
}
public function getUser()
{
return $this->_user;
}
}
Then use it as such:
$pdo = new PDO('mysql:dbname=mydb', 'myuser', 'mypass');
$userService = new UserService($pdo, $_POST['email'], $_POST['password']);
if ($user_id = $userService->login()) {
echo 'Logged it as user id: '.$user_id;
$userData = $userService->getUser();
// do stuff
} else {
echo 'Invalid login';
}
这篇关于PHP用户类(登录/注销/注册)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
