1、登錄時(shí)對(duì)用戶輸入的用戶名、密碼進(jìn)行驗(yàn)證

<?php /** * Validator for Login. */final class LoginValidator {     private function __construct() {             }     /**     * Validate the given username and password.     * @param $username and $password to be validated     * @return array array of {@link Error} s     */    public static function validate($username, $password) {        $errors = array();        $username = trim($username);        if (!$username) {            $errors[] = new Error('username', '用戶名不能為空。');        } elseif (strlen($username)<3) {            $errors[] = new Error('username', '用戶名長(zhǎng)度不能小于3個(gè)字符。');        } elseif (strlen($username)>30) {            $errors[] = new Error('username', '用戶名長(zhǎng)度不能超過30個(gè)字符。');        } elseif (!preg_match('/^[A-Za-z]+$/',substr($username, 0, 1))) {            $errors[] = new Error('username', '用戶名必須以字母開頭。');        } elseif (!preg_match('/^[A-Za-z0-9_]+$/', $username)) {            $errors[] = new Error('username', '用戶名只能是字母、數(shù)字以及下劃線( _ )的組合。');        } elseif (!trim($password)) {            $errors[] = new Error('password', '密碼不能為空。');        } else {            // check whether use exists or not            $dao = new UserDao();            $user = $dao->findByName($username);             if ($user) {                if (!($user->getPassword() == sha1($user->getSalt() . $password))) {                    $errors[] = new Error('password', '用戶名或密碼錯(cuò)誤。');                }            } else {                $errors[] = new Error('username', '用戶名不存在。');            }        }        return $errors;    }} ?>

Error是自己寫的一個(gè)類：

<?php /** * Validation error. */final class Error {     private $source;    private $message;      /**     * Create new error.     * @param mixed $source source of the error     * @param string $message error message     */    function __construct($source, $message) {        $this->source = $source;        $this->message = $message;    }     /**     * Get source of the error.     * @return mixed source of the error     */    public function getSource() {        return $this->source;    }     /**     * Get error message.     * @return string error message     */    public function getMessage() {        return $this->message;    } } ?>

2、調(diào)用驗(yàn)證器進(jìn)行驗(yàn)證

$username = null;$password = null; $msg = ""; if (isset($_POST['username']) && isset($_POST['password'])) {    $username = addslashes(trim(stripslashes($_POST ['username'])));    $password = addslashes(trim(stripslashes($_POST ['password'])));    // validate    $errors = LoginValidator::validate($username, $password);         if (empty($errors)) {        // save the latest ip or login time into database, then processing page forwarding        $dao = new UserDao();        $user = $dao->findByName($username);        $last_login_ip = Utils::getIpAddress();        $user->setLastLoginIp($last_login_ip);        $now = new DateTime();        $user->setLastLoginTime($now);        $dao->save($user);        UserLogin::setUserInfo($user);        Flash::addFlash('登錄成功！');        Utils::redirect('welcome');    }         foreach ($errors as $e) {        $msg .= $e->getMessage()."<br>";    }