1.先来老夫创建过程手写图
2.页面的效果的实现图
主要是以下几个页面
1.未登录的首页
2.登录页面
3.注册页面
4.登录后效果
3.通过cookie实现的效果代码
主页代码
<?php// 判断是否已登录?if (filter_has_var(INPUT_COOKIE, 'user')) {$user = unserialize(filter_input(INPUT_COOKIE, 'user'));// print_r($user);}?><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>首页</title><link rel="stylesheet" type="text/css" href="../css/index.css"></head><body><nav><a href="">我的首页</a><?php if (isset($user)) : ?><a href="" id="logout"><span><?php echo $user['name'] ?></span>退出</a><?php else : ?><a href="login.php">登录</a><?php endif ?></nav><script>// 为退出按钮创建事件监听器if (document.querySelector('#logout') !== null) {document.querySelector('#logout').addEventListener('click', function(event) {if (confirm('是否退出')) {// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理event.preventDefault();// 跳转到退出事件处理器window.location.assign('handle.php?action=logout');}});}</script></body></html>
登录页面
<?php// 判断是否已登录if (filter_has_var(INPUT_COOKIE, 'user')) {exit('<script>alert("请不要重复登录");location.href="index.php"</script>');}?><!DOCTYPE html><html><head><title>用户登录</title><meta name="viewport" content="width=device-width, initial-scale=1"><meta charset="utf-8"><script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); } </script><meta name="keywords" content="Flat Dark Web Login Form Responsive Templates, Iphone Widget Template, Smartphone login forms,Login form, Widget Template, Responsive Templates, a Ipad 404 Templates, Flat Responsive Templates" /><link href="css/style.css" rel='stylesheet' type='text/css' /></head><body><script>// $(document).ready(function(c) {// $('.close').on('click', function(c){// $('.login-form').fadeOut('slow', function(c){// $('.login-form').remove();// });// });// });</script><!--SIGN UP--><h1>用户登录</h1><div class="login-form"><div class="close"> </div><div class="head-info"><label class="lbl-1"> </label><label class="lbl-2"> </label><label class="lbl-3"> </label></div><div class="clear"> </div><div class="avtar"><img src="images/avtar.png" /></div><form action="handle.php?action=login" method="post"><input type="text" class="text" name="name" id="name" value="Username" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'zhangheng';}" ><div class="key"><input type="password" name="password" id="password"value="Password" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = '';}"></div><div class="signin"><input type="submit" value="登录" ></div></form><a href="register.php">还没有帐号, 注册一个吧</a></div></body></html>
注册页面代码
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8" /><title>用户注册</title></head><body><h3>用户注册</h3><form action="handle.php?action=register" method="post" onsubmit="return compare()"><div><label for="name">账号名称:</label><input type="text" name="name" id="name" placeholder="不少于3个字符" required autofocus></div><div><label for="email">邮箱:</label><input type="email" name="email" id="email" placeholder="demo@email.com" required></div><div><label for="p1">密码:</label><input type="password" name="p1" id="p1" placeholder="不少于6位" required></div><div><label for="p2">重复:</label><input type="password" name="p2" id="p2" placeholder="必须与上面一致" required></div><div><button>提交</button><span id="tips" style="color: red"></span></div></form><a href="login.php">我有帐号,直接登录</a><script>// 验证二次密码是否相等?function compare() {if (document.forms[0].p1.value.trim() !== document.forms[0].p2.value.trim()) {document.querySelector('#tips').innerText = '二次密码不相等';return false;}}</script></body></html>
对话控制文件代码
<?php// 用户资料库, 实际项目中,应该用数据库$users = [['id' => 1,'name' => '1','email' => 'admin@php.cn','password' => '123456',],['id' => 2,'name' => 'peter','email' => 'peter@php.cn','password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',],];// 1. 验证请求来源的合法性// 设置合法请求地址的白名单$allowUrls = ['index.php', 'login.php', 'register.php'];// 获取当前的请求入口地址$currentUrl = basename(filter_input(INPUT_SERVER, 'HTTP_REFERER'));if (!in_array($currentUrl, $allowUrls)) {exit('非法来源');}// 2. 请求的分发处理// 获取到当前的请求$action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);$action = strtolower($action);switch ($action) {// 1. 登录case 'login':// (1) 判断请求的合法性if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {// (2)获取到当前请求的数据$name = filter_input(INPUT_POST, 'name');// echo $name;// 密码不要过滤$password = filter_input(INPUT_POST, 'password');// echo $email, $password;$results = array_filter($users, function ($user) use ($name, $password) {return $name === $user['name'] && $password === $user['password'];});print_r(count($results));if (count($results) === 1) {// setcookie('user', serialize($results[0]));setcookie('user', serialize(array_pop($results)));// print_r(unserialize($_COOKIE['user']));exit('<script>alert("验证通过");location.href="index.php"</script>');} else {exit('<script>alert("用户名或密码错误,或没有帐号");location.href="register.php"</script>');}} else {exit('非法请求');}break;// 2. 退出case 'logout':if (filter_input(INPUT_COOKIE, 'user')) {setcookie('user', null, time()-3600);exit('<script>alert("退出成功");location.href="index.php"</script>');}break;// 3.注册case 'register':$name = filter_var(filter_input(INPUT_POST, 'name'), FILTER_SANITIZE_SPECIAL_CHARS);$email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);$password = filter_input(INPUT_POST, 'p1');$id = 3;$data = compact('id', 'name', 'password');// $users[] = $data;// 这下面的弹窗没有if (array_push($users, $data) == 1) {exit('<script>alert("注册成功");location.assign("index.php");</script>');}print_r($users);break;// 未定义操作default:exit('未定义操作');}
对css效果代码,此处省略100行,蟹蟹。
4.通过session实现会话控制
主页面代码
<?phpsession_start();if (isset($_SESSION['user'])) {$user = $_SESSION['user'];}?><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>首页</title><link rel="stylesheet" type="text/css" href="../css/index.css"></head><body><nav><a href="">我的首页</a><?php if (isset($user)) : ?><a href="" id="logout"><span><?php echo $user['name'] ?></span>退出</a><?php else : ?><a href="logins.php">登录</a><?php endif ?></nav><script>// 为退出按钮创建事件监听器if (document.querySelector('#logout') !== null) {document.querySelector('#logout').addEventListener('click', function(event) {if (confirm('是否退出')) {// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理event.preventDefault();// 跳转到退出事件处理器window.location.assign('handles.php?action=logout');}});}</script></body></html>
登录页面代码
<?php// 开启会话session_start();// 判断是否已登录if (isset($_SESSION['user'])) {exit('<script>alert("请不要重复登录");location.href="indexs.php"</script>');}?><!DOCTYPE html><html><head><title>用户登录</title><meta name="viewport" content="width=device-width, initial-scale=1"><meta charset="utf-8"><script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); } </script><meta name="keywords" content="Flat Dark Web Login Form Responsive Templates, Iphone Widget Template, Smartphone login forms,Login form, Widget Template, Responsive Templates, a Ipad 404 Templates, Flat Responsive Templates" /><link href="css/style.css" rel='stylesheet' type='text/css' /></head><body><script>// $(document).ready(function(c) {// $('.close').on('click', function(c){// $('.login-form').fadeOut('slow', function(c){// $('.login-form').remove();// });// });// });</script><!--SIGN UP--><h1>用户登录</h1><div class="login-form"><div class="close"> </div><div class="head-info"><label class="lbl-1"> </label><label class="lbl-2"> </label><label class="lbl-3"> </label></div><div class="clear"> </div><div class="avtar"><img src="images/avtar.png" /></div><form action="handles.php?action=login" method="post"><input type="text" class="text" name="name" id="name" value="Username" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'zhangheng';}" ><div class="key"><input type="password" name="password" id="password"value="Password" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = '';}"></div><div class="signin"><input type="submit" value="登录" ></div></form><a href="registers.php">还没有帐号, 注册一个吧</a></div></body></html>
注册页面代码
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8" /><title>用户注册</title></head><body><h3>用户注册</h3><form action="handle.php?action=registers" method="post" onsubmit="return compare()"><div><label for="name">账号名称:</label><input type="text" name="name" id="name" placeholder="不少于3个字符" required autofocus></div><div><label for="email">邮箱:</label><input type="email" name="email" id="email" placeholder="demo@email.com" required></div><div><label for="p1">密码:</label><input type="password" name="p1" id="p1" placeholder="不少于6位" required></div><div><label for="p2">重复:</label><input type="password" name="p2" id="p2" placeholder="必须与上面一致" required></div><div><button>提交</button><span id="tips" style="color: red"></span></div></form><a href="login.php">我有帐号,直接登录</a><script>// 验证二次密码是否相等?function compare() {if (document.forms[0].p1.value.trim() !== document.forms[0].p2.value.trim()) {document.querySelector('#tips').innerText = '二次密码不相等';return false;}}</script></body></html>
会话控制文件代码
<?php// 开启会话session_start();// 用户资料库, 实际项目中,应该用数据库$users = [['id' => 1,'name' => '1','email' => 'admin@php.cn','password' => '123456',],['id' => 2,'name' => 'peter','email' => 'peter@php.cn','password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',],];// 1. 验证请求来源的合法性// 设置合法请求地址的白名单$allowUrls = ['indexs.php', 'logins.php', 'registers.php'];// 获取当前的请求入口地址$currentUrl = basename(filter_input(INPUT_SERVER, 'HTTP_REFERER'));if (!in_array($currentUrl, $allowUrls)) {exit('非法来源');}// 2. 请求的分发处理// 获取到当前的请求$action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);$action = strtolower($action);switch ($action) {// 1. 登录case 'login':// (1) 判断请求的合法性if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {// (2)获取到当前请求的数据$name = filter_input(INPUT_POST, 'name');// echo $name;// 密码不要过滤$password = filter_input(INPUT_POST, 'password');// echo $email, $password;$results = array_filter($users, function ($user) use ($name, $password) {return $name === $user['name'] && $password === $user['password'];});print_r(count($results));if (count($results) === 1) {// setcookie('user', serialize($results[0]));// setcookie('user', serialize(array_pop($results)));// print_r(unserialize($_COOKIE['user']));$_SESSION['user'] = array_pop($results);exit('<script>alert("验证通过");location.href="indexs.php"</script>');} else {exit('<script>alert("用户名或密码错误,或没有帐号");location.href="registers.php"</script>');}} else {exit('非法请求');}break;// 2. 退出case 'logout':if (isset($_SESSION['user'])) {// setcookie('user', null, time()-3600);session_destroy();exit('<script>alert("退出成功");location.href="indexs.php"</script>');}break;// 3.注册case 'register':$name = filter_var(filter_input(INPUT_POST, 'name'), FILTER_SANITIZE_SPECIAL_CHARS);$email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);$password = filter_input(INPUT_POST, 'p1');$id = 3;$data = compact('id', 'email', 'name', 'password');// $users[] = $data;// array_push($users, $data);if (array_push($users, $data) == 1) {exit('<script>alert("注册成功");location.assign("indexs.php");</script>');}print_r($users);break;// 未定义操作default:exit('未定义操作');}
5.小结
通过这次实战,我对过滤器、cookie、session,有了进一步的了解,两者相差不大,主要是数据存储的地方不同,获取传输的数据方式基本相同,如果做好了通过cookie验证的文件,只要对此文件稍加修改就可以实现,值得注意的是session要开启会话。做个验证的时候,过程基本都正确,就是登录的时候总是密码不对,通过尝试才发现,密码是对的,但是控制会话文件对文件进行了加密,两个密码(库中的密码与传过来的密码),就不一样了,为了简单一点我就直接不加密了。最后,就基本没什么问题了。
