[英]PHP login: best way to show different contents between logged-in and not logged users
I'm learning PHP and I'm developing a quite simple website with authentication. 我正在学习PHP,并且正在开发一个非常简单的带有身份验证的网站。 As I don't think I'm good enough to make a secure authentication system (and anyway I don't have so much time), I searched and found this script http://php-login.net/ that seems to work perfectly. 由于我认为我不足以建立一个安全的身份验证系统(无论如何我没有太多时间),因此我搜索并找到了该脚本http://php-login.net/完美。 I'm using the "2-advanced" version of the script and in the index.php file there's something like this: 我正在使用脚本的“ 2-高级”版本,并且在index.php文件中是这样的:
<?php
// load php-login components
require_once("php-login.php");
// create a login object. when this object is created, it will do all login/logout stuff automatically
// so this single line handles the entire login process.
$login = new Login();
// ... ask if we are logged in here:
if ($login->isUserLoggedIn() == true) {
include("views/logged_in.php");
} else {
include("views/not_logged_in.php");
}
So if the user is logged in it shows the contents of logged_in.php or not_logged_in.php if he's not (in the views directory there's an .htaccess that prevents the views to be accessed directly). 因此,如果用户登录,则如果没有登录,则显示logged_in.php或not_logged_in.php的内容(在views目录中,有一个.htaccess阻止直接访问视图)。 Also other pages work this way (For example registration.php in the root directory includes the file views/registration.php in which there are the contents). 其他页面也以这种方式工作(例如,根目录中的registration.php包含其中包含内容的views / registration.php文件)。
So here's my question: Is it more convenient to do it this way or (at least for the index) to make just one view and control single elements with something like this 所以这是我的问题:以这种方式这样做(还是至少对于索引而言)更方便吗?只制作一个视图并用这样的东西控制单个元素
if ($login->isUserLoggedIn() == true) { echo "you are logged in"
} else {echo "login form" }
for every element where it's needed? 对于每个需要的元素? I think that for the client it would be basically the same but on the server-side I don't know and since I'm a beginner I wanted to ask. 我认为对于客户端来说基本上是相同的,但是在服务器端我不知道,因为我是初学者,所以我想问一下。 I'm sorry for my English but I hope you understood. 我的英语很抱歉,但我希望你能理解。
PS: I didn't understand if I can make "What's the best way" question on SO and I'sorry if I couldn't, next time I won't. PS:我不知道我是否可以在SO上提出“最好的方法是什么”的问题,如果不能,我很抱歉,下次我不会。
My preferred method is to authenticate the user (however I wish, usually by hashed password in database) and then use sessions to track the login status. 我的首选方法是对用户进行身份验证(但是,我通常希望通过数据库中的哈希密码进行身份验证),然后使用会话来跟踪登录状态。 I can then set a variable like $_SESSION['loggedIn'] = true;
然后,我可以设置一个像$_SESSION['loggedIn'] = true;
的变量$_SESSION['loggedIn'] = true;
and then test for that on subsequent calls to my script. 然后在随后调用我的脚本时进行测试。
Eg 例如
if(isset($_SESSION['loggedIn'] && $_SESSION['loggedIn'] == true)) {
//Redirect to welcome page
} else {
//Redirect to other page for users that are not logged in
}
If the user clicks a link to logout I can simply unset the flag. 如果用户单击注销链接,我可以简单地取消设置该标志。
unset($_SESSION['loggedIn']);
Bascially, depending on your needs, including security, there may be a few different ways you could go about doing this. 基本上,根据您的需求(包括安全性),您可能会采用几种不同的方式进行此操作。 Again though, for me, I authenticate the user with a hashed password stored in a database and then track the user's login status with a session variable. 不过,对我来说,我还是使用存储在数据库中的哈希密码对用户进行身份验证,然后使用会话变量跟踪用户的登录状态。
If what you have right now feels convenient and meets your needs, then you are good to go. 如果您现在拥有的东西感到方便并且可以满足您的需求,那么您就很好了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.