当前位置：首页 → 问答吧 → 用户管理类，请各位帮忙挑刺

用户管理类，请各位帮忙挑刺

时间：2007-12-10

来源：互联网

代码如下：

复制内容到剪贴板

代码:

<?php
/**
* 用户认证类，包括注册、登录、注销、密码找回、用户信息查看设置
*/
class AuthUser
{
private $userdb;

/**
  * 构造函数
  * @param pdo $userdb 数据库处理对象
  */
public function __construct($userdb)
{
  $this->userdb = $userdb;
  date_default_timezone_set("PRC");
}

/**
  * 用户注册
  * @param array $user_info
  * 调用该方法前请先对输入参数进行过滤及转义
  * @return
  */
public function register($user_info)
{
  foreach ($user_info as $key=>$val)
  {
$$key = $val;
  }
  $info = array("username"=>$username);
  if ($this->chkUser($info) == true)
  {
$msg = "此用户已存在，请另换一个名字";
$url = "javascript:history.go(-1)";
  }
  else
  {
$reg_date = date("Y-m-d H:i:s");
$prx = sha1($username);
$psw = md5($prx.md5($psw.$prx));
$authkey = md5($email.md5($username.$psw));
$status = 0;
$l_login = time();
$unqid = "none";
$insert_info = array("username"=>$username,
      "psw"=>$psw,
      "email"=>$email,
      "question"=>$question,
      "answer"=>$answer,
      "tel"=>$tel,
      "desc"=>$desc,
      "authkey"=>$authkey,
      "reg_date"=>$reg_date,
      "status"=>$status,
      "l_login"=>$l_login,
      "unqid"=>$unqid
      );
if ($this->userdb->insert($insert_info))
{
$msg = "注册成功，返回注册前页面";
$url = "javascript:history.go(-1)";
}
else
{
$msg = "注册失败，请重新尝试";
$url = "javascript:history.go(-1)";
}
  }
  require_once "jump2url.php";
  jump2url($msg,$url);
  exit();
}

/**
  * 用户检测，检查是否有此用户名
  * @param array $user
  * field and value of username in db
  * @return bool
  */
public function chkUser($user)
{
  return  $this->userdb->check($user);
}

/**
  * 检查用户在线状态
  * @param string $username
  * @return bool
  */
public function chkOnline($username)
{
  $info = array("username"=>$username);
  $rs = $this->userdb->get($info);
  {
if ($rs['status'] == 1)
{
return true;
}
return false;
  }
}

/**
  * 检查黑名单
  * @param pdo $op
  * @param string $ip
  * @return bool
  */
public function checkRefusal($op,$ip)
{
  $check = array("ip"=>$ip);
  if ($rs = $op->get($check))
  {
$dst = (time() - $rs['t_error']) / 3600;
if ($dst < 5)
{
return true;
}
elseif ($dst >= 5)
{
$op->delete($check);
return false;
}
  }
  return false;
}

/**
  * 生成黑名单
  * @param pdo $op
  * @param string $ip
  * @return bool
  */
public function updateRefusal($op,$ip)
{
  $check = array("ip"=>$ip);
  if ($rs = $op->get($check))
  {
$update = array("t_error"=>time());
return $op->update($update,$check);
  }
  else
  {
$in = array("ip"=>$ip,"t_error"=>time());
return $op->insert($in);
  }
}

/**
  * 登录方法
  * @param string $username
  * @param string $password
  * @param pdo $op
  */
public function login($username,$password,$op)
{
  $prx = sha1($username);
  $psw = md5($prx.md5($password.$prx));
  $check_field = array("username"=>$username,"psw"=>$psw);
  $cilent = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
  $num = isset($_SESSION['l_num']) ? (int)$_SESSION['l_num'] : 0;
  require_once "jump2url.php";
  if ($cilent != $_SESSION['cilent'])
  {
$msg = "非法登录请求!";
$url = "javascript.history.go(-1)";
jump2url($msg,$url);
exit();
  }
  elseif ($num >= 5)
  {
$ip = $_SERVER['REMOTE_ADDR'];
$this->updateRefusal($op,$ip);
$msg = "你已超出限定的登录次数了，系统将转为浏览模式。请五个小时后再重新尝试登录！";
$url = "../index.php";
jump2url($msg,$url);
exit();
  }
  else
  {
$ip = $_SERVER['REMOTE_ADDR'];
if ($this->checkRefusal($op,$ip))
{
$msg = "你尝试登录的次数已超过限定次数了，只能以游客身份登录，请5小时后再重试！";
$url = "../index.php";
jump2url($msg,$url);
exit();
}
  }

  if ($this->userdb->check($check_field,"AND") == 1)
  {
$in = array("l_login"=>time(),"status"=>1);
$query = array("username"=>$username);
$this->userdb->update($in,$query);
if ($rs = $this->userdb->get($query))
{
$_SESSION['username'] = $username;
$l_login = strftime("%c",$rs['l_login']);
$msg = "$username,欢迎回来,你上次登录是在$l_login!";
$url = "../index.php";
jump2url($msg,$url);
}
exit();
  }
  else
  {
$_SESSION['l_num'] = ++$num;
$times = 5-$num;
$msg = "用户名或密码错，你还有".$times."次机会尝试！";
jump2url($msg);
exit();
  }
}

/**
  * 登录的第二种处理方法，不用数据库
  * @param string $username
  * @param string $ps
  */
public function login_nodb($username,$ps)
{
  $cilent = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
  //$cilent = "50fc03c434930d3fecc513606cc016be";
  $prx = sha1($username);
  $psw = md5($prx.md5($ps.$prx));
  $check = array("username"=>$username,"psw"=>$psw);
  $num = isset($_SESSION['l_num']) ? $_SESSION['l_num'] : 0;
  require_once "jump2url.php";
  if (($cilent != $_SESSION['cilent']) || isset($_COOKIE['loginnum']))
  {
$msg = "Invaid Request!";
jump2url($msg);
exit();
  }
  elseif ($num >= 5)
  {
setcookie("loginnum","timeout",time()+18000);
$msg = "你尝试登录的次数太多，请五个小时后重试！";
jump2url($msg);
exit ();
  }

  if ($rs = $this->userdb->get($check,"and"))
  {
$_SESSION['username'] = $username;
$l_login = strftime("%c",$rs['l_login']);
$in = array("l_login"=>time(),"status"=>1);
$query = array("username"=>$username);
$this->userdb->update($in,$query);
$msg = "$username,欢迎你回来，你上次登录是在$l_login!";
$url = "../index.php";
jump2url($msg,$url);
  }
  else
  {
$_SESSION['l_num'] = ++$num;
$t = 5- $num;
$msg = "用户名或密码错，你还有".$t."次机会尝试！";
jump2url($msg);
exit();
  }
}

/**
  * 用户注销
  *
  */
public function logout()
{
  $username = $_SESSION['username'];
  $query = array("username"=>$username);
  $in = array("status"=>0);
  $this->userdb->update($in,$query);
  session_destroy();
  setcookie(session_name(),"",time()-18000);
  $_SESSION = array();

}

/**
  * 获取用户信息
  *
  * @param string $username
  * @return mixed
  */
public function getInfo($username)
{
  $in = array("username"=>$username);
  return $this->userdb->get($in);
}

/**
  * 设置用户信息
  * @param array $userInfo
  * @return bool
  */
public function setInfo($userInfo)
{
  reset($userInfo);
  $key = key($userInfo);
  $value = current($userInfo);
  $query = array($key=>$value);
  return $this->userdb->update($userInfo,$query);
}

/**
  * 密码找回判断
  * @param array $userInfo
  * @param pdo $op
  */
public function chkPsw($userInfo,$op)
{
  $cilent = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
  $reg = isset($_SESSION['regquest']) ? (int)$_SESSION['regquest'] : 0;
  require_once "jump2url.php";
  if (($_SESSION['cilent'] != $cilent))
  {
die("非法请求!");
  }
  elseif ($req >= 5)
  {
$ip = $_SERVER['REMOTE_ADDR'];
$this->updateRefusal($op,$ip);
$msg = "你重试次数已超出限定，请五个小时后再重新尝试！";
jump2url($msg);
exit();
  }
  else
  {
$ip = $_SERVER['REMOTE_ADDR'];
if ($op->checkRefusal($op,$ip))
{
$msg = "你尝试的次数已超出限定了，请5小时后再重试";
$url = "javascript.history.go(-2)";
jump2url($msg,$url);
exit();
}
  }

  if ($this->userdb->check($userInfo,"AND") == 1)
  {
//发送邮件
$user = $userInfo['username'];
$id = md5(uniqid($user));
$in = array("unqid"=>$id);
$query = array("username"=>$user);
if ($this->userdb->update($in,$query))
{
$email = $userInfo['email'];
$subject = "Change password!";
$link = "repsw.php?id=$id";
$msg = "请点击以下链接，修改你的密码！\r\n".$link;
mail($email,$subject,$msg);
}
else
{
$msg = "数据库更新失败，请稍候再试，或联系管理员！";
jump2url($msg);
}
exit();
  }
  else
  {
$_SESSION['request'] = ++$reg;
$times = 5-$num;
$msg = "安全问题校验错误，你还有$times次机会尝试！";
jump2url($msg);
exit();
  }
}

/**
  * 密码找回判断，无数据库
  * @param array $userInfo
  */
public function chkpsw_nodb($userInfo)
{
  require_once "jump2url.php";
  $cilent = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
  $reg = isset($_SESSION['request']) ? (int)$_SESSION['request'] : 0;
  if (($cilent != $_SESSION['cilent'])
  || isset($_COOKIE['chknum']))
  {
$msg = "你尝试的次数已超出限定，请稍候再试！";
$url = "javascript:history.go(-2)";
jump2url($msg,$url);
exit();
  }
  elseif ($reg >= 5)
  {
$msg = "你尝试的次数已超出限定，请稍候再试！";
$url = "javascript:history.go(-2)";
setcookie("chkpswnum","chkpsw",time()+18000);
jump2url($msg,$url);
exit();
  }

  if ($this->userdb->check($userInfo,"AND"))
  {
//发送邮件
$user = $userInfo['username'];
$id = md5(uniqid($user));
$in = array("unqid"=>$id);
$query = array("username"=>$user);
if ($this->userdb->update($in,$query))
{
$email = $userInfo['email'];
$subject = "Change password!";
$link = "repsw.php?id=$id";
$msg = "请点击以下链接，修改你的密码！\r\n".$link;
mail($email,$subject,$msg);
}
else
{
$msg = "数据库更新失败，请稍候再试，或联系管理员！";
jump2url($msg);
}
exit();
  }
  else
  {
$_SESSION['request'] = ++$reg;
$times = 5-$num;
$msg = "安全问题校验错误，你还有$times次机会尝试！";
jump2url($msg);
exit();
  }
}

/**
  * 重设密码
  * @param string $username
  * @param string $psw
  * @return bool
  */
public function repsw($username,$psw)
{
  $cilent = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']);
  require_once "jump2url.php";
  if ($cilent != $_SESSION['cilent'])
  {
$msg = "非法请求！";
jump2url($msg);
exit();
  }
  else
  {
$prx = sha1($username);
$password = md5($prx.md5($psw.$prx));
$query = array("username"=>$username);
$in = array("psw"=>$password);
if ($this->userdb->update($in,$query))
{
$msg = "成功修改，请妥善保管你的密码！";
$url = "javascript:history.go(-2)";
jump2url($msg,$url);
exit();
}
else
{
$msg = "数据库处理出错，请重新尝试，或联系管理员解决！";
jump2url($msg);
exit();
}
  }
}

}

复制内容到剪贴板

代码:

<?php
/**
* 数据操作类，对数据库对象进行的一系列操作
*/

class userDB
{
private $opDB;
private $datebase;
private $table;

/**
   * 构造函数
   * 根据传入参数，初始化数据库名以及PDO对象
   * @param PDO $opDB
   * db's operation class
   * @param string datebasename
   * @param string $table
   */

public function __construct($opDB,$datebase,$table)
{
$this->opDB = $opDB;
$this->datebase = $datebase;
$this->table = $table;
}

/**
   * 克隆方法
   * @return mixed
   */
public function __clone()
{
$this->table = "inject_tb";
}

/**
   * 创建数据表
   * 给出由数据表字段名及其属性构成的数组和存储类型
   * @param array  $var
   * field and it's value of table which you want to create
   * @param string  $type
   * store's type
   */
public function createDB($var,$type)
{
$sql = "CREATE TABLE `$this->datebase`.`$this->table` (\n";
$length = count($var);
reset($var);
for ($i=0;$i<($length-1);$i++)
{
list($field,$val) = each($var);
$sql .= "`$field` $val,\n";
}
list($field,$val) = each($var);
$sql .= "`$field` $val)\n";
$sql .= $type;
try
{
$stmt = $this->opDB->prepare($sql);
return $stmt->execute();
}
catch (PDOExcepton $e)
{
$e->getMessage();
exit();
}
}

/**
   * 查询与数组键名对应的字段中是否有数组的值存在
   * 此方法必须要对输入参数进行严格检查，以保证安全
   * @param array $var
   * field and value which you want to query
   * @param string $Operators
   * logital operation
   * @return bool
   */
public function check($var,$Operators="")
{
$sql = "SELECT * FROM `$this->datebase`.`$this->table`";
$len = count($var);
if (is_array($var))
{
if ($len > 1)
{
reset($var);
$prop = array();
$sql .= " WHERE ";
for ($i=0;$i<$len-1;$i++)
{
$field = key($var);
$prop[] = current($var);
$sql .= "`$field` = '$prop[$i]'";
$sql .= " ".$Operators." ";
next($var);
}
$field = key($var);
$prop[] = current($var);
$end = $len - 1;
$sql .= "`$field` = '$prop[$end]'";
}
elseif ($len = 1)
{
$sql .= " WHERE ";
$field = key($var);
$prop = current($var);
$sql .= "`$field` = '$prop'";
}
$stmt = $this->opDB->query($sql);
}
return $stmt->rowCount();
}

/**
   * 获取与数组键名对应的字段值
   * 此方法必须要对输入参数进行严格检查，以保证安全
   * @param array $var
   * field and value of the query's expression
   * @param string $Operators
   * logital operation
   * @param string $addi
   * addition expression as 'ORDER BY * ……'
   * @return bool
   */
public function get($var,$Operators="",$addi="")
{
$sql = "SELECT * FROM `$this->datebase`.`$this->table` WHERE ";
$len = count($var);
if (is_array($var))
{
if ($len > 1)
{
reset($var);
$prop = array();
for ($i=0;$i<$len-1;$i++)
{
$field = key($var);
$prop[] = current($var);
$sql .= "`$field` = :prop".$i;
$sql .= " ".$Operators." ";
next($var);
}
$field = key($var);
$prop[] = current($var);
$end = $len - 1;
$sql .= "`$field` = :prop".$end;
if (!empty($addi))
{
$sql .= " ".$addi;
}
$stmt = $this->opDB->prepare($sql);
for ($i=0;$i<$len;$i++)
{
$stmt->bindparam(":prop$i",$prop[$i]);
}
}
elseif ($len = 1)
{
$field = key($var);
$prop = current($var);
$sql .= "`$field` = :prop";
if (!empty($addi))
{
$sql .= " ".$addi;
}
$stmt = $this->opDB->prepare($sql);
$stmt->bindparam(":prop",$prop);
}
$stmt->execute();
}
return $stmt->fetch(PDO::FETCH_ASSOC);
}

/**
   * 删除字段
   * 此方法必须要对输入参数进行严格检查，以保证安全
   * @param array $var
   * field and value of the expression which you want to del
   * @param string $Operators
   * logital operation
   * @return bool
   */
public function delete($var,$Operators="")
{
$sql = "DELETE FROM `$this->datebase`.`$this->table` WHERE ";
$len = count($var);
if (is_array($var))
{
if ($len > 1)
{
reset($var);
$prop = array();
for ($i=0;$i<$len-1;$i++)
{
$field = key($var);
$prop[] = current($var);
$sql .= "`$field` = '$prop[$i]'";
$sql .= " ".$Operators." ";
next($var);
}
$field = key($var);
$prop[] = current($var);
$end = $len - 1;
$sql .= "`$field` = '$prop[$end]'";
}
elseif ($len = 1)
{
$field = key($var);
$prop = current($var);
$sql .= "`$field` = '$prop'";
}
return $this->opDB->exec($sql);
}
}

/**
   * 插入数据
   * 给出字段名和值组成的数组
   * @param array $var
   * field and value which you want to insert
   * @return bool
   */
public function insert($var)
{
$sql = "INSERT INTO `$this->datebase`.`$this->table` SET  \n";
$len = count($var)-1;
reset($var);
$val = array();
for ($i=0;$i<$len;$i++)
{
$field = key($var);
$val[$i] = current($var);
$sql .= "`$field` = :exp".$i.",\n";
next($var);
}
$field = key($var);
$val[] = current($var);
$sql .= "`$field` = :exp".$len;

$stmt = $this->opDB->prepare($sql);

for ($i=0;$i<$len+1;$i++)
{
$stmt->bindparam(":exp$i",$val[$i]);
}
return $stmt->execute();
}

/**
   * 修改数据
   * 给出字段名和值组成的数组
   * @param array $var
   * field and value which you want to update
   * @param array $expression
   * the query's expression
   * @return bool
   */
public function update($var,$expression)
{
$sql = "UPDATE `$this->datebase`.`$this->table` SET  \n";
$len = count($var)-1;
reset($var);
$val = array();
for ($i=0;$i<$len;$i++)
{
$field = key($var);
$val[$i] = current($var);
$sql .= "`$field` = :exp".$i.",\n";
next($var);
}
$field = key($var);
$val[] = current($var);
$sql .= "`$field` = :exp".$len;
$expre = key($expression);
$value = current($expression);
$sql .= " WHERE `$expre` = '$value'";

$stmt = $this->opDB->prepare($sql);

for ($i=0;$i<$len+1;$i++)
{
$stmt->bindparam(":exp$i",$val[$i]);
}
return $stmt->execute();
}
}

作者: yianyao 发布时间: 2007-12-09

如果有实例就好了，请恕我头脑还笨，暂时还没有明白如何和SQL语句联系起来，

作者: forweike 发布时间: 2007-12-09