将PHP注册和登录合并到一个类中,并在一个PHP文件中包含多个函数
我正在尝试将php网站的注册、激活和登录脚本组合成后端脚本,前端开发人员可以将不同表单的变量传递给后端脚本我的问题是这是否是合适的方法。我不想为我正在开发的应用程序的所有不同部分提供大量php文件。到目前为止,我已经编写了以下两个函数来登录、注册和激活前端开发人员可以调用的用户:将PHP注册和登录合并到一个类中,并在一个PHP文件中包含多个函数,php,function,class,module,Php,Function,Class,Module,我正在尝试将php网站的注册、激活和登录脚本组合成后端脚本,前端开发人员可以将不同表单的变量传递给后端脚本我的问题是这是否是合适的方法。我不想为我正在开发的应用程序的所有不同部分提供大量php文件。到目前为止,我已经编写了以下两个函数来登录、注册和激活前端开发人员可以调用的用户: <?php /** * Created by PhpStorm. * User: Karl * Date: 26/07/2016 * Time: 02:25 */ class users {
<?php
/**
* Created by PhpStorm.
* User: Karl
* Date: 26/07/2016
* Time: 02:25
*/
class users
{
function register_user($email, $password, $user_name)
{
$server_name = "localhost";
$u_name = "root";
$db_password = "root";
$db_name = "betamath_graspe";
//Email Notification variable
$from_address="info@slack.com";
//Registration form
$msg_reg_user='Username taken. Please choose a different username';
$msg_reg_email='Email Already registered';
$msg_reg_active='Activation code has been successfully sent to your Email Address';
//domain configuration
$url = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http");
$url .= "://".$_SERVER['HTTP_HOST'];
$url .= str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
// Create connection
$conn = new mysqli($server_name, $u_name, $db_password, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//prevent sql injection
$user_name=mysqli_real_escape_string($conn,$_POST["user_name"]);
$password=mysqli_real_escape_string($conn,$_POST["password"]);
$email=mysqli_real_escape_string($conn,$_POST["email"]);
//check if user exist already
$query="select * from users where user_name='$user_name'";
$result=mysqli_query($conn,$query) or die('error');
if (mysqli_num_rows($result))
{
die($msg_reg_user);
}
//check if user exist already
$query="select * from users where email='$email'";
$result=mysqli_query($conn,$query) or die('error');
if (mysqli_num_rows($result))
{
die($msg_reg_email);
}
$active_key = sha1(mt_rand(10000,99999).time().$email);
if(phpversion() >= 5.5)
{
$hashed_password=password_hash($password,PASSWORD_DEFAULT);
}
else
{
$hashed_password = crypt($password,'987654321'); //Hash used to suppress PHP notice
}
$query="insert into users(username,password,email,active_key) values ('$user_name','$hashed_password','$email','$active_key')";
if (!mysqli_query($conn,$query))
{
die('Error: ' . mysqli_error($conn));
}
//send email for the user with password
$to=$email;
$subject="Welcome To Graspe";
$body="Hi ".$user_name.
"<br /><br /> Thanks for your registration.<br />".
"Click the below link to activate your account<br /><br />".
"<a href=\"$url/activate_user_account.php?k=$active_key\"> Activate Account </a><br /><br /> Thanks<br />";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .="From:".$from_address . "\r\n";;
mail($to,$subject,$body,$headers);
echo $msg_reg_active;
}
function login_user($username, $password)
{
$server_name = "localhost";
$user_name = "root";
$db_password = "root";
$db_name = "betamath_graspe";
// Create connection
$conn = new mysqli($server_name, $user_name, $db_password, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Message strings
$msg_pwd_error='Password incorrect';
$msg_un_error='Username Doesn\'t exist';
$msg_email_1='User Account not yet activated.';
$msg_email_2='Click here to resend activation email';
//domain configuration
$url = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http");
$url .= "://".$_SERVER['HTTP_HOST'];
$url .= str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
//check if user exist already
$query="select * from users where username='$username'";
$result=mysqli_query($conn,$query) or die('error');
if (mysqli_num_rows($result)) //if exist then check for password
{
//Pickup password to compare with encrypted password
$query="select password,email from users where username='$username'";
$result=mysqli_query($conn,$query) or die('error');
$db_field = mysqli_fetch_assoc($result);
//3.3 $hashed_password=crypt($password,$db_field['password']);
if(phpversion() >= 5.5)
{
if(password_verify($password, $db_field['password']))
{
//once password is verified migrate to password_hash from crypt
if(strlen($db_field['password']) < 60)
{
$hashed_password=password_hash($password,PASSWORD_DEFAULT);
$query = "update users set password='$hashed_password' where username='$username' and email='$db_field[email]'";
//echo $query;
$result = mysqli_query($conn,$query) or die('error updating password hash');
}
$query="select * from users where username='$username";
$result=mysqli_query($conn,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['login'] = true;
$_SESSION['username']=$username;
echo json_encode( array('result'=>1));
}
else
{
echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_activation_key.php?user=".$username."\">$msg_email_2</a>."));
// echo "User Account not yet activated.Check your mail for activation details.";
}
}
else
{
echo json_encode( array('result'=>$msg_pwd_error));
}
}
else
{
$hashed_password=crypt($password,$db_field['password']);
$query="select * from users where username='$username' and password='$hashed_password'";
$result=mysqli_query($conn,$query) or die('error');
if (mysqli_num_rows($result)) //if passwords match then check activation status
{
$query="select * from users where username='$username' and password='$hashed_password' and active_status in(1)";
$result=mysqli_query($conn,$query) or die('error');
if(mysqli_num_rows($result))
{
$_SESSION['login'] = true;
$_SESSION['username']=$username;
echo json_encode( array('result'=>1));
}
else
{
echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_activation_key.php?user=".$username."\">$msg_email_2</a>."));
// echo "User Account not yet activated.Check your mail for activation details.";
}
}
else
{
echo json_encode( array('result'=>$msg_pwd_error));
// echo trim("password incorrect");
}
}
}
else
{
echo json_encode( array('result'=>$msg_un_error));
// die("Username Doesn't exist");
die();
}
}
}
这可能比这要好得多实际上,首先我不知道你是否在使用MVC框架,但如果你没有,你就必须迁移到MVC框架,以旧的方式创建网站不再是一个好的做法,但是如果你没有时间,有更好的方法来做到这一点
以下是几点:
有一个配置类,这样就不需要在每个函数中编写配置
您将数据库查询与逻辑相混合,以分离创建映射器、模型和服务类所需的查询,下面是一个很好的示例
还有一点你可以考虑ORM框架主义,它可以节省很多时间。
那么,实际的问题是什么?