Php 此持久登录身份验证的说明和实现
我在php登录系统中遵循了这个答案(记住我) 我能够使用Php 此持久登录身份验证的说明和实现,php,cookies,Php,Cookies,我在php登录系统中遵循了这个答案(记住我) 我能够使用 $selector = base64_encode(random_bytes(9)); $authenticator = random_bytes(33); $token = hash('sha256', $authenticator); $expires = date('Y-m-d\TH:i:s', time() + 864000); $stmt2 = $pdo->prepare("INSERT INTO auth_token
$selector = base64_encode(random_bytes(9));
$authenticator = random_bytes(33);
$token = hash('sha256', $authenticator);
$expires = date('Y-m-d\TH:i:s', time() + 864000);
$stmt2 = $pdo->prepare("INSERT INTO auth_tokens (selector,token,userid,expires) VALUES (:selector, :token, :userid, :expires)");
$stmt2->bindParam(':selector', $selector);
$stmt2->bindParam(':token', $token);
$stmt2->bindParam(':userid', $userid);
$stmt2->bindParam(':expires', $expires);
$stmt2->execute();
setcookie(
'remember',
$selector.':'.base64_encode($authenticator),
time()+86400,
'/',
false
);
if (empty($_SESSION['userid']) && !empty($_COOKIE['remember'])) {
list($selector, $authenticator) = explode(':', $_COOKIE['remember']);
$row = $database->selectRow(
"SELECT * FROM auth_tokens WHERE selector = ?",
[
$selector
]
);
if (hash_equals($row['token'], hash('sha256', base64_decode($authenticator)))) {
$_SESSION['userid'] = $row['userid'];
// Then regenerate login token as above
}
}
$selector$authenticatorsetcookie(…, $selector.':'.base64_encode($authenticator), …);
它从cookie中获取。所以不需要声明变量??
setcookie(…, $selector.':'.base64_encode($authenticator), …);
if ($login->success && $login->rememberMe) { // However you implement it
$selector = base64_encode(random_bytes(9));
$authenticator = random_bytes(33);
…
}