


Since the Session is stored on the server side in the form of a text file, there is no fear of the client modifying the Session content. In fact, in the session file on the server side, PHP automatically modifies the permissions of the session file, retaining only system read and write permissions, and cannot be modified through ftp, so it is much safer. PHPChina Open Source Community Portal
For Cookie, if we want to verify whether the user is logged in, we must save the user name and password (possibly an md5 encrypted string) in the Cookie, and request the page every time to verify. If the username and password are stored in the database, a database query must be executed every time, causing unnecessary burden on the database. Because we can't do just one verification. Why? Because the information in the client cookie may be modified. If you store the $admin variable to indicate whether the user is logged in, when $admin is true, it means logged in, and when it is false, it means not logged in. After passing the verification for the first time, store $admin equal to true in the cookie, and there will be no need to verify next time. Okay, is this right? Wrong. If someone forges a $admin variable with a value of true, doesn't that mean he or she will immediately gain administrative rights? It's very unsafe.
The Session is different. The Session is stored on the server side. Remote users cannot modify the contents of the session file. Therefore, we can simply store a $admin variable to determine whether to log in. After the first verification is passed, set the $admin value to true. , and later determine whether the value is true. If not, go to the login interface, which can reduce a lot of database operations. And it can reduce the insecurity of passing the password every time to verify the cookie (session verification only needs to be passed once, if you do not use the SSL security protocol). Even if the password is md5 encrypted, it can be easily intercepted.
Of course, there are many advantages to using session, such as easy control and user-defined storage (stored in the database). I won’t say much more here.
Does the session need to be set in php.ini? Generally not required, because not everyone has the permission to modify PHP.ini. The default storage path of the session is the system temporary folder of the server. We can customize the storage In its own folder, which I will introduce later.
Start to introduce how to create a session. Very simple, really.
Start the session and create a $admin variable:
// Start session
session_start();
// Declare a variable named admin and assign a null value.
$_session["admin"] = null;
?>
If you use Seesion, or the PHP file wants to call the Session variable, then it must be To start a Session before calling it, use the session_start() function. You don’t need to set anything else, PHP automatically creates the session file.
After executing this program, we can find the session file in the system temporary folder. Generally, the file name is in the form: sess_4c83638b3b0dbf65583181c2f89168ec, followed by a 32-bit encoded random string. Open it with an editor and take a look at its content:
admin|N;
Generally, the content is structured like this:
Variable name | Type: length: value;
Separated by semicolons every variable. Some can be omitted, such as length and type.
Let’s take a look at the verification program, assuming that the database stores the username and md5 encrypted password:
// After the form is submitted...
$posts = $_POST;
// Clear some whitespace symbols
foreach ($posts as $key => $value)
{
$posts[$key] = trim($value);
}
$password = md5($posts["password"]);
$username = $posts["username"] ;
$query = "Select `username` FROM `user` Where `password` = '$password'";
// Get query results
$userInfo = $DB->getRow($query );
if (!empty($userInfo))
session
session_start();
//Register the admin variable for successful login and assign the value true
$_session["admin"] = true;
}
else
{
die("Username and password are incorrect"); Start the session on the user verification page to determine whether to log in:
// Prevent global variables from causing security risks
$admin = false;
// Start the session, this step is essential
session_start();
// Determine whether to log in
if (isset($_SESSION["admin"]) && $_session["admin"] === true)
{
echo "You have logged in successfully" ;
}
else
{
// Verification failed, set $_session["admin"] to false
$_session["admin"] = false;
die( "You do not have permission to access");
}
?>
Isn’t it very simple? Just think of $_session as an array stored on the server side. We registered Each variable is a key to the array, no different from using an array.
What should I do if I want to log out of the system? Just destroy the session.
Copy code
The code is as follows:
session_start();
// This method is to copy the originally registered certain Destroy variables
unset($_session["admin"]);
If the client does not disable cookies, the cookie plays the role of storing the session ID and session lifetime when starting the session.
Let’s manually set the session lifetime:
Copy code
session_start();
// Save for one day
$lifeTime = 24 * 3600;
Copy code
The code is as follows:
$lifeTime = 24 * 3600;
session_set_cookie_params($lifeTime);
Copy code
The code is as follows:
// Save for one day
$lifeTime = 24 * 3600;
// Get the current session name, the default is PHPSESSID
$sessionName = session_name();
// Get the session ID
$sessionID = $_GET[$sessionName];
// Use session_id() to set the obtained session ID
session_id($sessionID);
session_set_cookie_params($lifeTime);
session_start ();
$_session["admin"] = true;
?>
For virtual hosts, if all users’ Sessions are saved in the system temporary folder , will cause maintenance difficulties and reduce security. We can manually set the save path of the Session file. session_save_path() provides such a function. We can point the session storage directory to a folder that cannot be accessed through the Web. Of course, the folder must have read-write attributes.
// Set up a storage directory
$savePath = “./session_save_dir/” ;
// Save for one day
$lifeTime = 24 * 3600;
session_save_path($savePath);
session_set_cookie_params($lifeTime);
session_start();
$_session[" admin"] = true;
?>
Like the session_set_cookie_params(); function, the session_save_path() function must also be called before the session_start() function is called.
We can also store arrays and objects in session. There is no difference between operating an array and operating a general variable. When saving an object, PHP will automatically serialize the object (also called serialization) and then save it in the session. The following example illustrates this:
class person
{
var $ age;
function output() {
echo $this->age;
}
function setAge($age) {
$this->age = $age;
> }
}
?>
setage.PHP
session_start();
require_once “person.PHP”;
$person = new person();
$person->setAge(21);
$_session[ 'person'] = $person;
echo "check here to output age";
?>
output.PHP
// Set the callback function to ensure that the object is rebuilt.
ini_set('unserialize_callback_func', 'mycallback');
function mycallback($classname) {
$classname . “.PHP”;
}
session_start();
$ person = $_session["person"];
// Output 21
$person->output();
?>
When we execute setup.php file, the setage() method is called, the age is set to 21, and the status is serialized and saved in the session (PHP will automatically complete this conversion). When going to output.php, this value should be output , the object just saved must be deserialized, and because an undefined class needs to be instantiated during deserialization, we define a later callback function that automatically includes the person.PHP class file, so the object is reconstructed. And get the current age value as 21, and then call the output() method to output the value.

php把负数转为正整数的方法:1、使用abs()函数将负数转为正数,使用intval()函数对正数取整,转为正整数,语法“intval(abs($number))”;2、利用“~”位运算符将负数取反加一,语法“~$number + 1”。

实现方法:1、使用“sleep(延迟秒数)”语句,可延迟执行函数若干秒;2、使用“time_nanosleep(延迟秒数,延迟纳秒数)”语句,可延迟执行函数若干秒和纳秒;3、使用“time_sleep_until(time()+7)”语句。

php除以100保留两位小数的方法:1、利用“/”运算符进行除法运算,语法“数值 / 100”;2、使用“number_format(除法结果, 2)”或“sprintf("%.2f",除法结果)”语句进行四舍五入的处理值,并保留两位小数。

判断方法:1、使用“strtotime("年-月-日")”语句将给定的年月日转换为时间戳格式;2、用“date("z",时间戳)+1”语句计算指定时间戳是一年的第几天。date()返回的天数是从0开始计算的,因此真实天数需要在此基础上加1。

方法:1、用“str_replace(" ","其他字符",$str)”语句,可将nbsp符替换为其他字符;2、用“preg_replace("/(\s|\ \;||\xc2\xa0)/","其他字符",$str)”语句。

php判断有没有小数点的方法:1、使用“strpos(数字字符串,'.')”语法,如果返回小数点在字符串中第一次出现的位置,则有小数点;2、使用“strrpos(数字字符串,'.')”语句,如果返回小数点在字符串中最后一次出现的位置,则有。

在PHP中,可以利用implode()函数的第一个参数来设置没有分隔符,该函数的第一个参数用于规定数组元素之间放置的内容,默认是空字符串,也可将第一个参数设置为空,语法为“implode(数组)”或者“implode("",数组)”。

php字符串有下标。在PHP中,下标不仅可以应用于数组和对象,还可应用于字符串,利用字符串的下标和中括号“[]”可以访问指定索引位置的字符,并对该字符进行读写,语法“字符串名[下标值]”;字符串的下标值(索引值)只能是整数类型,起始值为0。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

SublimeText3 Linux new version
SublimeText3 Linux latest version

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

WebStorm Mac version
Useful JavaScript development tools

SublimeText3 English version
Recommended: Win version, supports code prompts!
