109 lines
2.1 KiB
PHP
Executable File
109 lines
2.1 KiB
PHP
Executable File
<?php
|
||
class member
|
||
{
|
||
var $ck='Dxe8SqIcmyUf';
|
||
var $db; //传入PDO对象
|
||
var $mid; //会员ID
|
||
|
||
public $scr; //cookie 安全码 $_COOKIE['scr']
|
||
public $user;//cookie User $_COOKIE['user']
|
||
|
||
public $srpwd;//执行checkcookie后方可调用
|
||
|
||
function __construct()
|
||
{
|
||
if(!empty($_COOKIE['scr']))
|
||
{
|
||
$this->scr = $_COOKIE['scr'];
|
||
}
|
||
if(!empty($_COOKIE['user']))
|
||
{
|
||
$this->user= $_COOKIE['user'];
|
||
}
|
||
}
|
||
|
||
|
||
/**
|
||
* 检测cookie
|
||
*/
|
||
public function checkcookie()
|
||
{
|
||
$uname = $this->user;
|
||
$hash = $this->scr;
|
||
|
||
if(!empty($uname) && !empty($hash))
|
||
{
|
||
if (preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$uname) || preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$hash))
|
||
{
|
||
$this->mid=0;
|
||
return false;
|
||
}
|
||
else{
|
||
$sql = "select username,password from users where username='$uname'";
|
||
$rs = $this->db->query($sql);
|
||
$row = $rs->fetch();
|
||
$scr = $this->makescr($row['username'],$row['password']);
|
||
|
||
if($hash == $scr)
|
||
{
|
||
$this->srpwd=$row['password'];
|
||
return true;
|
||
}
|
||
else {
|
||
return false;
|
||
}
|
||
}//cookie安全
|
||
}else {
|
||
return false;
|
||
}//exit
|
||
}//function checkcookie
|
||
|
||
/**
|
||
* putcookie
|
||
*
|
||
* 登陆成功后放置cookie,包含安全码
|
||
*
|
||
* @param String $uname
|
||
* @param String $pwd
|
||
* @param Int $time
|
||
*/
|
||
public function putcookie($uname,$pwd,$time = 604800)
|
||
{
|
||
try {
|
||
$scrString = $this->makescr($uname,$pwd);//加密验证串:防止用户密码被盗;防止伪造cookie。
|
||
|
||
if(!is_numeric($time))
|
||
{
|
||
$time = 604800;
|
||
}
|
||
|
||
setcookie('user',$uname,time()+$time,'/');
|
||
setcookie('scr',$scrString,time()+$time,'/');
|
||
|
||
return true;
|
||
} catch (Exception $e) {
|
||
return false;
|
||
}
|
||
|
||
}//function putcookie
|
||
|
||
/**
|
||
* 生成安全码
|
||
*
|
||
* @param String $u
|
||
* @param String $p
|
||
*/
|
||
public function makescr($u,$p)
|
||
{
|
||
return substr(md5($u.$p.$this->ck),3,20);
|
||
}
|
||
|
||
/**
|
||
* 清除cookie
|
||
*/
|
||
static function flushcookie()
|
||
{
|
||
setcookie('user','',time()-99999,'/');
|
||
setcookie('scr','',time()-99999,'/');
|
||
}
|
||
} |