考虑的是服务器最大限度的减少SQL查询。
SESSION如果浏览器关闭就失效,所以改用COOKIE,写了如下方式来检测用户是否登录。
代码如下:
/**
* 初始化,用户COOKIE数据验证 by default7#zbphp.com
*/
public function authCheck()
{
if (cookie('uid')) {
$uid = cookie('uid');
$umd5 = cookie('umd5');
$udata = cookie('udata');
if (isUid($uid) && isMd5($umd5) && $udata && ($strDecode = authcode($udata, 'DECODE'))
&& md5($strDecode) == $umd5 && ($data = json_decode($strDecode)) && $data['uid'] == $uid) {
//每隔60s必须查询SQL检测一次
if ($this->time - $data['lastactive'] > self::INTERVAL) {
if (($rsUser = M('Member')->where("mid='$uid'")->getField('mid,uname,pwd,vip,viptime1,viptime2,lastactive,isfbd'))
&& strtolower($rsUser['uname']) == strtolower($data['uname'])
&& strtolower($rsUser['email']) == strtolower($data['email'])
&& md5($rsUser['pwd'].$data['salt']) == $data['upwd']
) {
if($rsUser['isfbd'] == 't'){
$this->error('您的账号已被封禁,请联系管理员!');
$this->resetUser();
return;
}
//更新最后在线时间
M('Member')->setField('lastactive',$this->time);
//重新生成加密密匙
$data['salt'] = uniqid();
$data['upwd'] = md5($rsUser['pwd'].$data['salt']);
}else{
$this->error('账号信息(邮箱或密码)发生变化,请重新登录!','',U('Member/Index/login?f='.__URL__));
$this->resetUser();
return;
}
}
$data['lastactive'] = $this->time;
$this->UserData = $data;
$strEncode = json_encode($data);
//配置COOKIE默认10天过期
cookie('uid',$data['uid']);
cookie('umd5',md5($strEncode));
cookie('udata',authcode($strEncode,'ENCODE'));
return;
}
$this->resetUser();
}
}
/**
* 注销SESSION 所有
*
* @return bool
*/
public function resetUser()