反序列化数据库会话Codeigniter

Question

I do have an issue with Codeigniter Database Session. 我的Codeigniter数据库会话确实有问题。

To make it short, I don't want multiple login with the same credentials(login/password). 简而言之，我不想使用相同的凭据（登录名/密码）进行多次登录。

The first verification is made by username/passwod matches in the database. 第一次验证是通过数据库中的用户名/密码匹配进行的。

Here is my code 这是我的代码

function index()
{
    // Load Model.
    $this->load->model('membres_model');

    // Check if the user is already logged
    if($this->session->userdata('alias') || $this->session->userdata('logged'))
    {
        //Redirect if he is logged.
        redirect('membres/');
    }
    // If the form has been sent.   
    if($this->input->post('submit'))
    {           
        // Trim data
        $this->form_validation->set_rules('alias','Nom d\'utilisateur','trim|required|xss_clean');
        $this->form_validation->set_rules('motdepasse','Mot de passe','trim|required|xss_clean');

        if($this->form_validation->run())
        {
            // check verification in the model
            if($this->membres_model->verification_connexion($this->input->post('alias'),$this->input->post('motdepasse')))
            {
                // Set userdata variables
                $data = array(
                    'alias'     =>  $this->input->post('alias'),
                    'addr_ip'   =>  $_SERVER['REMOTE_ADDR'],
                    'hote'      =>  gethostbyaddr($_SERVER['REMOTE_ADDR']),
                    'logged'    =>  true
                );

                    /****************************************
                    I Want to verify if the membres is already logged if another one want to use the                        same login/password of the logged on. but I don't know how to verify in the                         ci_sessions
                    *****************************************/

                    // start session
                    $this->session->set_userdata($data);
                    // Redirection sur l'espace membre apres la creation de la session.
                    redirect('membres/');
            }
            else {
                // if return false
                $data['error'] = 'Mauvais identifiants';
                $data['contenu'] = 'connexion/formulaire';
                $this->load->view('includes/template',$data);
            }
        } 
        else {

            $data['contenu'] = 'connexion/formulaire'; // La variable vue pour loader dans le template.
            $this->load->view('includes/template',$data);
        }

    } 
    else {

        $data['contenu'] = 'connexion/formulaire'; // La variable vue pour loader dans le template.
        $this->load->view('includes/template',$data);
    }

}
}

I know I do have to use session Unserialize. 我知道我必须使用会话反序列化。 I can't get the array but I don't know how to compare the data with the logged user. 我无法获取数组，但是我不知道如何将数据与登录用户进行比较。 Does anybody can help me ? 有人可以帮助我吗？

Answer 1

Just add another column (say "user_id") to the sessions table, so you can check it with a single and simple SQL query. 只需在会话表中添加另一列（例如“ user_id”），即可使用一个简单的SQL查询对其进行检查。 unserialize() (you'll need it) is typically a very slow function and checking each row in the sessions table might become an issue. unserialize() （您将需要它）通常是一个非常慢的函数，并且检查session表中的每一行可能会成为问题。

But ... here's how CodeIgniter unserializes it's session data: 但是...这是CodeIgniter如何反序列化其会话数据的方式：

    protected function _unserialize($data)
    {
            $data = @unserialize(strip_slashes($data));

            if (is_array($data))
            {
                    array_walk_recursive($data, array(&$this, '_unescape_slashes'));
                    return $data;
            }

            return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
    }

... and here's one called by it: ...这就是它的名字：

    protected function _unescape_slashes(&$val, $key)
    {
            if (is_string($val))
            {
                    $val= str_replace('{{slash}}', '\\', $val);
            }
    }

You could've used those directly if they were not protected, but ... it's still probably better that you just extend the Session library instead of implementing it on your own. 如果它们没有受到保护，则可以直接使用它们，但是...最好扩展会话库而不是自己实现它。

Answer 2

You could try something like this: 您可以尝试这样的事情：

$sessions = "SELECT * FROM ci_sessions"; // return as object

        foreach($sessions as $sess)
        {
            foreach(unserialize($sess->user_data) as $k => $v)
            {
                if($k === 'alias' AND isset($v))
                {
                    return true;
                }
            }
        }

OR as an alternative you might want to use a cookie 或者作为替代方案，您可能要使用Cookie

public function _before_check($alias) // alias should have UNIQUE constraint
{
    return ($this->input->cookie('my_cookie_'.$alias, TRUE)) ? TRUE : FALSE;
}

Inside your form validation, do your before check! 在您的表单验证中，进行检查之前！

if($this->_before_check($alias))
{
   //already logged In
}
else
{
  //log them in AND set your cookie
}

Con : They can bypass this if they attempt login via new computer 缺点：如果尝试通过新计算机登录，他们可以绕过此操作

Note : you might want to set your expire time to match your session time, ie: 2 hours ( 7200 ). 注意：您可能需要设置到期时间以匹配会话时间，即：2小时（7200）。

反序列化数据库会话Codeigniter

问题描述

2 个解决方案

解决方案1
0 2012-01-13 16:25:36

解决方案2
0 2012-01-25 18:53:41

反序列化数据库会话Codeigniter

问题描述

2 个解决方案

解决方案1 0 2012-01-13 16:25:36

解决方案2 0 2012-01-25 18:53:41

解决方案1
0 2012-01-13 16:25:36

解决方案2
0 2012-01-25 18:53:41