以下代码ThinkPHP框架,实现检测用户的在线状态。
1.先新建一个tags.php文件,放在配置目录Conf下。
<?php
/*
* 添加行为
*
*/
return array(
'action_begin' => array('OnlineCheck'),
);
?>
2.定义具体的功能
<?php
/*
* 定义行为: 在线更新
*/
class OnlineCheckBehavior extends Behavior {
//行为参数
protected $options = array(
'ONLINE_CHECK' => true, // 默认进行在线
'ONLINE_CHECK_TIME' => 10, // 默认5分钟未活动,说明已下线
);
public function run(&$params) {
if (C('ONLINE_CHECK')) {
// 更新session
if ((session('?login_account')) && (time() - session('access_time') > 60)) {
session('access_time', time());
}
// 在线更新
$ip = ip2long(get_client_ip());
$online = M('Online');
// 先删除在线表中 超过5分钟未活动的记录
//$sql = ' delete from __TABLE__ where ';
$map['lasttime'] = array('lt', time() - C('ONLINE_CHECK_TIME') * 60);
$icount = $online->where($map)->delete();
if (session('?login_account')) { // 如果是登录用户
$map = array();
$map['uid'] = session('login_uid');
$map['lastip'] = $ip;
$id = $online->where($map)->getField('id');
if (empty($id)) { // 不存在在线记录,则清空session
session(null);
} else {
$map = array();
$map['id'] = array('eq', $id);
$data['lasttime'] = time();
$data['lastip'] = $ip;
$online->where($map)->save($data);
}
} else { // 不是登录用户 游客
unset($map);
$map['lastip'] = array('eq', $ip);
$id = $online->where($map)->getField('id');
//dump($id);
if (empty($id)) { // 不存在在线记录, 则添加
$data = array();
$data['uid'] = 0;
$data['account'] = 'Guest';
$data['nickname'] = '游客';
$data['lasttime'] = time();
$data['lastip'] = $ip;
$online->add($data);
} else {
$map = array();
$map['id'] = array('eq', $id);
$data['lasttime'] = time();
$data['lastip'] = $ip;
$online->where($map)->save($data);
}
}
}
}
}
?>
3,在具体登录的地方添加如下代码:
// 登录检测
public function checkLogin() {
// $this->redirect($url);
$username = strtolower($this->_param('usr'));
$pwd = $this->_param('pwd');
$url = $this->_param('url'); // 目标地址
$is_error = false;
if (empty($username) or empty($pwd)) {
$this->assign('error_msg', '用户名和口令不能为空');
$is_error = true;
}
if (!$is_error) {
$model = M('Usr');
$map['account'] = $username;
$map['upwd'] = strtoupper(md5($pwd));
$icount = $model->where($map)->count();
if ($icount == 1) {
$list = $model->where($map)->find();
// 检测用户是否在线
if ($this->isOnline($list['id'])) {
// <editor-fold defaultstate="collapsed" desc="if开始">
if ($list['status']) {
session('login_account', $username);
session('login_nickname', $list['nickname']);
session('last_time', toDate($list['last_time']));
if ($list['last_ip']) {
session('last_ip', long2ip($list['last_ip']));
} else {
session('last_ip', get_client_ip());
}
session('login_count', $list['login_count']);
session('login_uid', $list['id']);
session('login_pwd', $list['upwd']);
session('access_time', time()); //用户最后点击页面时间 session超时使用
///
$map['id'] = $list['id'];
$data['last_time'] = time();
$data['last_ip'] = ip2long(get_client_ip());
$model->where($map)->save($data);
$model->where($map)->setInc('login_count', 1);
// 检测是否有同一IP的记录,有更新,否则 添加
$online = M('Online');
$map = array();
$map['lastip'] = ip2long(get_client_ip());
$online_id = $online->where($map)->getField('id');
if (empty($online_id)) {
// 插入在线用户表
$data = array();
$data['uid'] = $list['id'];
$data['account'] = $list['account'];
$data['nickname'] = $list['nickname'];
$data['lasttime'] = time();
$data['lastip'] = ip2long(get_client_ip());
$online->add($data);
}else{
// 更新在线用户表
$data = array();
$data['uid'] = $list['id'];
$data['account'] = $list['account'];
$data['nickname'] = $list['nickname'];
$data['lasttime'] = time();
//$data['lastip'] = ip2long(get_client_ip());
$online->where($map)->save($data);
}
} else {
$is_error = true;
$this->assign('error_msg', '此用户已被禁止登录!');
}
// </editor-fold> if 结束
} else {
$is_error = true;
$this->assign('error_msg', '此用户名已在其他电脑登陆,请' . C('ONLINE_CHECK_TIME') .'分钟后再试!');
}
} else {
$is_error = true;
$this->assign('error_msg', '错误的用户名或口令!');
}
}
if ($is_error) {
$this->display('login');
} else {
$this->redirect('Index/index');
// if (empty($url)) {
// $this->redirect('Index/index');
// } else {
// $this->redirect($url);
// }
}
}
/**
* 检测用户是否在线
* @access private
* @param int $uid 用户ID
* @return Boolean true=不在线
*/
private function isOnline($uid) {
$ip = ip2long(get_client_ip());
$online = M('Online');
$map['uid'] = array('eq', $uid);
$list = $online->where($map)->find();
if (empty($list)) { // 不存在
return true;
} else { // 存在,检测IP是否一致,否则,检测是否超过5分钟
if ($list['lastip'] == $ip) {
return true;
} else {
if ($list['lasttime'] < time() - C('ONLINE_CHECK_TIME') * 60) {
return true;
} else {
return false;
}
}
}
}
以上就是PHP在线状态检测的代码,同一时间只有一个用户可以存在。
暂时没有考虑到非正常掉线等,cookie,session意外的处理。
P3P是什么
P3P(Platform for Privacy Preferences)是W3C公布的一项隐私保护推荐标准,以为用户提供隐私保护。
P3P标准构想:Web 站点的隐私策略应该告之访问者该站点所收集的信息类型、信息将提供给哪些人、信息将被保留多少时间及其使用信息的方式,如站点应做诸如 “本网站将监测您所访问的页面以提高站点的使用率”或“本网站将尽可能为您提供更合适的广告”等申明。
访问支持P3P网站的用户有权查看站点隐私报告,以决定是否接受cookie 或是否使用该网站。
使用P3P实现跨域
页面中的IFRAME或者FRAME或JS跨域时,IE有安全策略限制页面不带cookie,若加上P3P,就没有这策略的限制。
这也是P3P来突破跨域的可行前提。
摘录的例子:
<?php setcookie("test", $_GET['id'], time()+3600, "/", ".a.com"); ?>
http://www.a.com/a_getcookie.php 文件内容:
<?php var_dump($_COOKIE); ?>
http://www.b.com/b_setcookie.php 文件内容:
<script src="http://www.a.com/a_setcookie.php?id=www.b.com"></script>
通过浏览器访问:
http://www.b.com/b_setcookie.php
http://www.a.com/a_getcookie.php
访问1 b.com域后,并没有在2 a.com域发现设置上cookie值。
将http://www.a.com/a_setcookie.php文件内容改为如下:
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
setcookie("test", $_GET['id'], time()+3600, "/", ".a.com");
?>
再次访问:
http://www.a.com/a_getcookie.php
在访问b.com域后,设置了a.com域的cookie值。
通过发送P3P头信息而实现的跨域。(在Firefox不发送P3P也能跨域成功)
PHP使用P3P协议
JS使用P3P协议
P3P的头部参数解释
P3P Header is present:
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Compact Policy token is present. A trailing 'o' means opt-out, a trailing 'i' means opt-in.
CURa
Information is used to complete the activity for which it was provided.
ADMa
Information may be used for the technical support of the Web site and its computer system.
DEVa
Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market.
PSAo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals.
PSDo
Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals.
OUR
We share information with ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.
BUS
Info is retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
UNI
Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include identifiers issued by a Web site or service.
PUR
Information actively generated by the purchase of a product or service, including information about the method of payment.
INT
Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity.
DEM
Data about an individual's characteristics -- such as gender, age, and income.
STA
Mechanisms for maintaining a stateful session with a user or automatically recognizing users who have visited a particular site or accessed particular content previously -- such as HTTP cookies.
PRE
Data about an individual's likes and dislikes -- such as favorite color or musical tastes.
COM
Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.
NAV
Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.
OTC
Other types of data not captured by the above definitions.
NOI
Web Site does not collected identified data.
DSP
The privacy policy contains DISPUTES elements.
COR
Errors or wrongful actions arising in connection with the privacy policy will be remedied by the service.
说明:
此处介绍的跨域主要是设置cookie的情况,如果是跨域读取cookie,要保证在对应设置cookie的时候设置了P3P,否则在读取的事情IE会屏蔽跨域cookie。
您可能感兴趣的文章:
PHP防止跨域提交表单的解决方法
http与https跨域共享session的解决方法
php借助P3P完成COOKIE跨域操作的方法分享
php中json的跨域实例分析
php session跨域跨服务器的解决方法分享
php 跨域、跨子域,跨服务器读取session的方法介绍
php的json格式和js跨域调用的代码
php JSON 跨域调用数据的例子
在php中,使用Copy-on write和引用计数来管理内存。
Copy-on-write又是简写为COW(写入时复制),是计算机编程中的一种优化策略。Copy-on-write在PHP中,可以认为多个变量都使用信息的同一份拷贝,也就是说这些变量都指向同一个内存地址。由于只是读取这些变量。没有必要为每个变量在内存中拷贝一份相同的值,这就节省了很多内存资源。
但是当一个变量需要修改值的时候,将真正的对象复制到新的内存地址中,并修改新对象的内存映射表指向这个新的位置,并在新的内存位置上执行写操作。
例如:
$a=array(1,4,5);
$b=$a;//数组并未被复制
$a[1]=10;//数组复制了,并且修改了值
print_r($a);
print_r($b);
?>
运行完毕后$a和$b的值是不相同的。
$a是1,10,5
$b是1,4,5
这有点类似C#中值类型的赋值。要使得$a和$b始终是同一份引用,则代码写为:
PHP中和Copy-on-write技术搭配的一个术语叫引用计数(reference count)。
在PHP中每一个变量都有2部分组成,一个是变量名,还有就是变量的值,他们存放在一个称为符号表的结构中,这个符号表是一个数组,它映射了变量名和值在内存中的位置。符号表中每一个值都有一个所谓的引用计数,记录了有多少种方法能够获得这个值,即有多少个变量名指向这个值。
在以上的代码中,当$a初始化后,$b=$a后,这个数组就有一个引用计数2(如果你通过C的API方法去查看引用计数,这个值实际上是3,但从用户角度来看,解释成2更好理解)。
这个内存中的值可以有2种方法获得,通过$a和$b.然后当$a[1]的值改变之后,则php为$a创建了一个新的内存空间,也就是出现2个数组了。
这两个数组的引用计数都为1。
当一个变量走出了作用域范围,比如函数中的本地变量,这个变量在函数运行完后就失效了,那么之前这个变量指向的值的引用计数就会减1。同样的,如果一个变量指向一个新的内存地址,那么这个老的地址的值上的引用计数也会减1。
当一个内存空间的引用计数为0的时候,就会被PHP释放掉。