如何从MySQL向会话cookie添加ID
[英]How to add an id from MySQL to a session cookie
问题描述
I followed a tutorial to Create a Secure Login Script in PHP and MySQL there we made a function that made a secure session and created a cookie with it. 
我遵循了在PHP和MySQL中创建安全登录脚本的教程,在那里我们创建了一个函数,该函数进行安全会话并使用它创建cookie。
<?php
function sec_session_start() {
$session_name = 'COOKIENAME'; // Set a custom session name
$secure = SECURE;
// This stops JavaScript being able to access the session id.
$httponly = true;
// Forces sessions to only use cookies.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
// Sets the session name to the one set above.
session_name($session_name);
session_start(); // Start the PHP session
session_regenerate_id(); // regenerated the session, delete the old one.
}
?>
now i want to add to that cookie the user id that i have in a mysql database i want to use those id's for later so i can get more data from the user if i need. 现在,我想将我在mysql数据库中拥有的用户ID添加到该cookie中,以便以后使用这些ID,以便在需要时可以从用户那里获取更多数据。 or store settings they have selected. 或存储他们选择的设置。
how would i do that? 我该怎么办? should i add something into the login function that on login the ID gets added to the session cookie? 我应该在登录功能中添加一些将登录ID添加到会话cookie的功能吗?
function login($email, $password, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT id, username, password, salt
FROM members
WHERE email = ?
LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $username, $db_password, $salt);
$stmt->fetch();
// hash the pasword with the unique salt.
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
if (checkbrute($user_id, $mysqli) == true) {
// Account is locked
// Send an email to user saying their account is locked
return false;
} else {
// Chec k if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
// XSS protection as we might print this value
$username = preg_replace("/[^a-zA-Z0-9_\-]+/",
"",
$username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512',
$password . $user_browser);
// Login successful.
return true;
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time)
VALUES ('$user_id', '$now')");
return false;
}
}
} else {
// No user exists.
return false;
}
}
link to tutorial http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL 链接到教程http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
1 个解决方案
解决方案1
0
You add session like this $_SESSION['user_id'] = $user_id; 您可以像这样添加会话$ _SESSION ['user_id'] = $ user_id; A session is just an array that doesn't go away and you access it via $_SESSION[] 会话只是一个不会消失的数组,您可以通过$ _SESSION []访问它
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.