1. 首页
  2. 问题列表
  3. 注销页:从浏览器中删除cookie和从数据库中删除令牌
提问者:小点点

注销页:从浏览器中删除cookie和从数据库中删除令牌


所以,我正在构建一个社交网络(社交媒体),为了让它更安全一点,我选择使用cookies/令牌来保存用户登录等。 现在我正在构建注销页面,我的目标是从我保存令牌的数据库中删除令牌(令牌),但是唯一要删除的是浏览器中的cookie,而不是数据库中的。

logout.php

<?php 
include('DB.php');
include('cookie_login.php');

if (!Login::isLoggedIn()) 
{
    die("not logged in.");
}

if (isset($_POST['confirm'])) {
    if(isset($_POST['alldevices'])) {
    DB_update::query_update('DELETE FROM tokens WHERE user_id=:userid',array(':userid'=>Login::isLoggedIn()));
    }else{
        if ($_COOKIE['SNID']) {
            DB_update::query_update('DELETE FROM tokens WHERE token=:token',array(':token'=>sha1($_COOKIE['SNID'])));
        }
        setcookie("SNID",'1',time()-7000000,'/');  
        setcookie("SNID_",'1',time()-7000000,'/');
    }
    header("location: ../logout.html");
}
?>

cookie_login.php

<?php 
class Login
{
    public static function isloggedIn()
    {
        if (isset($_COOKIE['SNID'])) {
            if (DB::query('SELECT user_id FROM tokens WHERE token=:token', array(':token' =>sha1($_COOKIE['SNID'])))) {
                $userid = DB::query('SELECT user_id FROM tokens WHERE token=:token',array(':token' =>sha1($_COOKIE['SNID'])))[0]['user_id'];
                if (isset($_COOKIE['SNID_'])) {
                    return $userid;   
                }else{
                    $cstrong = TRUE;
                    $token = bin2hex(openssl_random_pseudo_bytes(64,$cstrong));
                    DB_update::query_update('INSERT INTO tokens VALUES (\'\',:token,:user_id)',array(':token'=>sha1($token),':user_id'=>$userid));
                    DB_update::query_update('DELETE FROM tokens WHERE token=:token',array(':token'=>sha1($_COOKIE['SNID'])));
                    setcookie("SNID",$token, time() + 60*60*24*7, '/',NULL,TRUE,TRUE);
                    setcookie("SNID:",'1',time() + 60*60*24*3, '/',NULL,TRUE,TRUE);

                    return $userid; 
               }
         }
      }
      return false;
    } 
}

?>

db.php


<?php 
class DB
{
    private static function connect()
    {
        $pdo = new PDO('mysql:host=127.0.0.1;dbname=pap;charset=utf8','root','');
        $pdo -> setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
        return $pdo;
    }

    public static function query($query,$params=array())
    {
        $statement = self::connect() ->prepare($query);
        $statement ->execute($params);
        $data = $statement -> fetchALL();
        return $data;

    }
}   
class DB_update{

private static function connect()
    {
        $pdo = new PDO('mysql:host=127.0.0.1;dbname=pap;charset=utf8','root','');
        $pdo -> setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
        return $pdo;
    }
public static function query_update($query_update,$params=array())
    {
        $statement = self::connect() ->prepare($query_update);
        $statement ->execute($params);
        $data = $statement -> RowCount();
        return $data;



    }
}



?>

ps:db_update::query_update并不意味着这只是更新查询。 我只是这么命名的


共1个答案

匿名用户

在logout.php中的这一行,您似乎正在将isLoggedIn作为参数传递给数据库,而不是userid:

DB_update::query_update('DELETE FROM tokens WHERE user_id=:userid',array(':userid'=>Login::isLoggedIn()));

相关问题



热门标签
Java JavaScript Python PHP C# Android Html jQuery C++ Css IOS MySQL NodeJS