COOKIE登录
INDEX页面判断是否登录来显示“登录”或“退出”按钮
// 1: 已登录: 显示出用户的登录信息, 显示退出按钮if (isset($_COOKIE['username'])) {
echo '<p align="center">';
echo '用户: ' . $_COOKIE['username'] . '已登录<br>';
echo '<a href="dispatch.php?action=logout">退出</a>';
echo '</p>';} else {
// 2. 未登录,就跳转到登录页面
echo '<p align="center"><a href="dispatch.php?action=login">请登录</a></p>';}dispatch.php 请求分发页面
// 连接数据库require '../require/pdo_config.php';// 获取请求参数$action = isset($_GET['action']) ? $_GET['action'] : 'login';$action = htmlentities(strtolower(trim($action)));// 请求分发switch ($action) {
// 1. 登录页面
case 'login':
// 加载登录表单
include __DIR__ . '/login.php';
break;
// 2. 验证登录
case 'check':
include __DIR__ . '/check.php';
break;
// 3. 退出登录
case 'logout':
include __DIR__ . '/logout.php';
break;
// 默认操作
default:
header('Location: index.php');
echo '<script>location.assign("index.php");</script>';}login登录页面判断是否已登录,防止用户重复登录
<?php
// 防止用户重复登录
if (isset($_COOKIE['username'])) {
echo '<script>alert("不要重复登录");location.assign("index.php");</script>';
}?>check判断用户登录,并把username存储到cookie,以此作为判断登录依据
$pdo = new PDO($dsn,$db['userName'],$db['userPwd']);if($_SERVER['REQUEST_METHOD']==='POST'){
$username = $_POST['username'];
$userpwd = md5($_POST['userpwd']);
$sql = 'SELECT `username`,`userpwd` FROM `user` WHERE `username` = :username AND `userpwd` = :userpwd LIMIT 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([':username'=>$username,':userpwd'=>$userpwd]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if(false === $user){
echo '<script>alert("登录失败");history.back();</script>';
}
else{
$stmt = $pdo->prepare('UPDATE `user` SET `logindate` =:logindate WHERE `username`=:username');
$stmt -> execute([':logindate'=>$time,':username'=>$user['username']]);
setcookie('username',$user['username']);
echo '<script>alert("登录成功");location.assign("index.php");</script>';
exit;
}}else{
die('请求错误');}unset($pdo);退出登录操作
<?phpif(isset($_COOKIE['username'])){
setcookie('username',null,time()-3600);
echo '<script>alert("退出成功");location.assign("index.php");</script>';}else{
echo '<script>alert("请先登录");location.assign("login.php");</script>';}SESSION登录
dispatch请求分发
<?phprequire_once 'require/pdo_config.php';session_start();$action = isset($_GET['action']) ? $_GET['action'] : 'login';$action = htmlentities(strtolower(trim($action)));switch($action){
case 'login' :
include __DIR__ . '/login.php';
break;
case 'check' :
include __DIR__ .'/check.php';
break;
case 'logout' :
include __DIR__ .'/logout.php';
break;
default :
header('location:index.php');
echo('<script>location.assign("index.php")</script>');}判断用户登录是否成功
if($_SERVER['REQUEST_METHOD']==='POST'){
$username = $_POST['username'];
$userpwd = md5($_POST['userpwd']);
$sql = 'SELECT `username`,`userpwd` FROM `user` WHERE `username` = :username AND `userpwd` = :userpwd LIMIT 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([':username'=>$username,':userpwd'=>$userpwd]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if(false === $user){
echo '<script>alert("登录失败");history.back();</script>';
}
else{
$stmt = $pdo->prepare('UPDATE `user` SET `logindate` =:logindate WHERE `username`=:username');
$stmt -> execute([':logindate'=>$time,':username'=>$user['username']]);
$_SESSION['username']=$user['username'];
echo '<script>alert("登录成功");location.assign("prepareInsert.php");</script>';
exit;
}}else{
die('请求错误');}unset($pdo);清空SESSION退出登录
if(isset($_SESSION['username'])){
session_destroy();
echo '<script>alert("退出成功");location.assign("index.php");</script>';}else{
echo '<script>alert("请先登录");location.assign("login.php");</script>';}总结
1.COOKIE与SESSION是php中非常有效的在多页面间跟踪用户的手段,其中COOKIE保存在客户端,SESSION保存在服务端,客户端COOKIE会被篡改,不应该保存敏感信息到COOKIE,相反SESSION可以存储用户密码等敏感信息,一些不必要的类似用户基础设置的信息可以保存在COOKIE中减少服务器压力。
2.使用$_COOKIE和$_SESSION超全局变量来访问COOKIE和SESSION,值都是以数组形式存储的,设置COOKIE值使用setcookie()函数,参数为(下标,值,存储时间),其中存储时间以秒为单位,设置为60,COOKIE有效期就是1分钟,60*60就是1小时,60*60*24就是一天,以此类推。
3.如果要销毁COOKIE,只需要把它的有效时长设置为负数或使用unset()函数即可。
4.在使用SESSION之前需要使用session_start()先打开会话,才能对SESSION的值进行读写,销毁SESSION使用session_destroy()函数。
