1. SESSION 登录实战
项目文件目录如下图:
首先请求派发器:dispatch.php (即定义index.php?action=xx)
<?php
session_start();
//在该脚本中打开会话,check,logout,login均无需再打开
// 连接数据库
require __DIR__ . '/connect.php';
// 获取请求参数
$action = isset($_GET['action']) ? $_GET['action'] : 'login';
$action = htmlentities(strtolower(trim($action)));
// 请求分发
switch ($action) {
// 1. 登录页面
case 'login':
// 加载登录表单
include __DIR__ . '/login.php';
break;
// 2. 验证登录
case 'check':
include __DIR__ . '/check.php';
break;
// 3. 退出登录
case 'logout':
include __DIR__ . '/logout.php';
break;
// 默认操作
default:
header('Location: index.php');
echo '<script>location.assign("index.php");</script>';
//默认跳到index页面
}
index.php主页页面:
<?php
//开启会话
session_start();
// // 为简化程序, 使用了一个中间层: 请求派发器,类似于框架的控制器, 对用户的请求进行集中处理
//
// // 1: 已登录: 显示出用户的登录信息, 显示退出按钮
if (isset($_SESSION['name']) && $_SESSION['name'] === 'admin') {
echo '用户: ' . $_SESSION['name'] . '已登录<br>';
echo '<a href="dispatch.php?action=logout">退出</a>';
} else {
// // 2. 未登录,就跳转到登录页面
echo '<a href="dispatch.php?action=login">请登录</a>';
}
login.php登陆页面定义了post:
<?php
// 防止用户重复登录
if (isset($_SESSION['name'])) {
echo '<script>alert("不要重复登录");location.assign("index.php");</script>';
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>用户登录</title>
</head>
<body>
<h3>用户登录</h3>
<form action="dispatch.php?action=check" method="post" onsubmit="return isEmpty();">
<p>
<label for="phone">手机:</label>
<input type="phone" name="phone" id="phone">
</p>
<p>
<label for="password">密码:</label>
<input type="password" name="password" id="password">
</p>
<p>
<button>提交</button>
</p>
</form>
<script>
function isEmpty() {
var phone = document.getElementById('phone').value;
var password = document.getElementById('password').value;
if (phone.length=== 0 || password.length===0) {
alert('手机和密码不能为空');
return false;
}
}
</script>
</body>
</html>
check.php post数据与数据库数据比对
<?php
// 1.判断用户的请求类型是否正确?
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 2.获取表单数据
$phone = $_POST['phone'];
$password = sha1($_POST['pwd']);
// 3. 用用户表user.dbf进行验证
$sql = 'SELECT * FROM `user` WHERE `phone` = :phone AND `pwd` = :pwd LIMIT 1';
$stmt = $pdo->prepare($sql);
$stmt->execute(['phone'=>$phone, 'pwd'=>$pwd]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
// 4. 判断验证的结果
if (false === $user) {
// 验证失败,返回上一下页面
echo '<script>alert("验证失败");history.back();</script>';
die;
}
// 验证成功,将用户的信息写到session
$_SESSION['name'] = $user['name'];
echo '<script>alert("登录成功");location.assign("index.php");</script>';
exit;
} else {
die('请求类型错误');
}
logout.php退出登陆:
<?php
// 必须在用户已经登录的情况下再退出
if (isset($_SESSION['name'])) {
session_destroy();
echo '<script>alert("退出成功");location.assign("index.php");</script>';
} else {
// 要求用户先登录
echo '<script>alert("请先登录");location.assign("login.php");</script>';
}
connect.php连接数据库:
<?php
$db = [
'type' => 'mysql',
'host' => 'localhost',
'dbname' => 'anguoguo',
'username' => 'root',
'password' => 'root'
];
$dsn = "{$db['type']}:host={$db['host']};dbname={$db['dbname']}";
$username = $db['username'];
$password = $db['password'];
try {
$pdo = new PDO($dsn, $username, $password);
} catch (PDOException $e) {
die('连接失败' . $e->getMessage());
}