1、登录时对用户输入的用户名、密码进行验证
<?php /** * Validator for Login. */ final class LoginValidator { private function __construct() { } /** * Validate the given username and password. * @param $username and $password to be validated * @return array array of {@link Error} s */ public static function validate($username, $password) { $errors = array(); $username = trim($username); if (!$username) { $errors[] = new Error('username', '用户名不能为空。'); } elseif (strlen($username)<3) { $errors[] = new Error('username', '用户名长度不能小于3个字符。'); } elseif (strlen($username)>30) { $errors[] = new Error('username', '用户名长度不能超过30个字符。'); } elseif (!preg_match('/^[A-Za-z]+$/',substr($username, 0, 1))) { $errors[] = new Error('username', '用户名必须以字母开头。'); } elseif (!preg_match('/^[A-Za-z0-9_]+$/', $username)) { $errors[] = new Error('username', '用户名只能是字母、数字以及下划线( _ )的组合。'); } elseif (!trim($password)) { $errors[] = new Error('password', '密码不能为空。'); } else { // check whether use exists or not $dao = new UserDao(); $user = $dao->findByName($username); if ($user) { if (!($user->getPassword() == sha1($user->getSalt() . $password))) { $errors[] = new Error('password', '用户名或密码错误。'); } } else { $errors[] = new Error('username', '用户名不存在。'); } } return $errors; } } ?>
Error是自己写的一个类:
<?php /** * Validation error. */ final class Error { private $source; private $message; /** * Create new error. * @param mixed $source source of the error * @param string $message error message */ function __construct($source, $message) { $this->source = $source; $this->message = $message; } /** * Get source of the error. * @return mixed source of the error */ public function getSource() { return $this->source; } /** * Get error message. * @return string error message */ public function getMessage() { return $this->message; } } ?>
2、调用验证器进行验证
$username = null; $password = null; $msg = ""; if (isset($_POST['username']) && isset($_POST['password'])) { $username = addslashes(trim(stripslashes($_POST ['username']))); $password = addslashes(trim(stripslashes($_POST ['password']))); // validate $errors = LoginValidator::validate($username, $password); if (empty($errors)) { // save the latest ip or login time into database, then processing page forwarding $dao = new UserDao(); $user = $dao->findByName($username); $last_login_ip = Utils::getIpAddress(); $user->setLastLoginIp($last_login_ip); $now = new DateTime(); $user->setLastLoginTime($now); $dao->save($user); UserLogin::setUserInfo($user); Flash::addFlash('登录成功!'); Utils::redirect('welcome'); } foreach ($errors as $e) { $msg .= $e->getMessage()."<br>"; }
推荐一个自己业余时间开发的网盘搜索引擎,360盘搜(www.360panso.com)