OOP 기반의 샘플 다음보십시오 :
Session.class.php
<?php
class Session {
const SALT = 'foo';
const SESSION_NAME = '__DATABASE__';
const PROTOCOL = 'http';
const HOST = 'example.com';
const PAGE_LOGIN = 0;
const PAGE_MEMBER = 1;
const PAGE_ADMIN = 2;
private $pdo;
private $id;
private $admin;
public static function connect() {
static $self;
if ($self === null) {
if (isset($_SESSION[self::SESSION_NAME])) {
$self = $_SESSION[self::SESSION_NAME];
} else {
$self = $_SESSION[self::SESSION_NAME] = new self;
}
}
return $self;
}
public function __wakeup() {
$this->__construct();
}
public function isLogined() {
return $this->id !== null;
}
public function isAdmin() {
return (bool)$this->admin;
}
public function getId() {
return $this->id;
}
public function login($email, $password) {
$admin_id = $this->adminLogin($email, $password);
$member_id = $this->menberLogin($email, $password);
if ($admin_id === false and $member_id === false) {
throw new RuntimeException('Wrong email or password');
} elseif ($admin_id === false) {
$this->id = $member_id;
$this->admin = false;
} else {
$this->id = $admin_id;
$this->admin = true;
}
return $this;
}
public function autoRedirect($current_page) {
if ($this->admin === null and $current_page !== self::PAGE_LOGIN) {
self::redirect('/login.php');
}
if ($this->admin === false and $current_page !== self::PAGE_MEMBER) {
self::redirect('/member.php');
}
if ($this->admin === true and $current_page !== self::PAGE_ADMIN) {
self::redirect('/admincp/admin-panel.php');
}
}
private static function redirect($path) {
header(sprintf('Location: %s://%s%s', self::PROTOCOL, self::HOST, $path));
exit;
}
private function __construct() {
$this->pdo = new PDO(
'mysql:dbname=test;host=localhost;charset=utf8',
'user',
'',
array(
PDO::MYSQL_ATTR_EMULATE_PREPARES => false,
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
)
);
}
private function adminLogin($email, $password) {
$sql = 'SELECT id FROM admin WHERE email = ? AND password = ? LIMIT 1';
$stmt = $this->pdo->prepare($sql);
$stmt->execute(array($email, sha1(self::SALT . $password)));
return $stmt->fetchColumn();
}
private function memberLogin($email, $password) {
$sql = 'SELECT id FROM registered_members WHERE email = ? AND password = ? LIMIT 1';
$stmt = $this->pdo->prepare($sql);
$stmt->execute(array($email, sha1(self::SALT . $password)));
return $stmt->fetchColumn();
}
}
login.php
<?php
require 'Session.class.php';
try {
session_start();
DB::connect()->autoRedirect(Session::PAGE_LOGIN);
if (isset($_POST['email'], $_POST['password'])) {
DB::connect()->login($_POST['email'], $_POST['password']]);
}
DB::connect()->autoRedirect(Session::PAGE_LOGIN);
} catch (Exception $e) {
$msg = $e->getMessage();
}
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<body>
<?php if (isset($msg)): ?>
<p><?=$msg?></p>
<?php endif; ?>
<form method="post" action="">
Email: <input type="text" name="email" value=""><br>
Password: <input type="password" name="password" value=""><br>
<input type="submit">
</form>
</body>
</html>
SQL 인젝션 취약점이 있습니다. – SLaks
소금은 전혀 쓸모가 없습니다. – SLaks
간단히 말해서, 보안은 ** 하드 **입니다. 바퀴를 재발 명하지 마십시오. 기존의 입증 된 인증 시스템을 사용해야합니다. – SLaks