1.先来老夫创建过程手写图
2.页面的效果的实现图
主要是以下几个页面
1.未登录的首页
2.登录页面
3.注册页面
4.登录后效果
3.通过cookie实现的效果代码
主页代码
<?php
// 判断是否已登录?
if (filter_has_var(INPUT_COOKIE, 'user')) {
$user = unserialize(filter_input(INPUT_COOKIE, 'user'));
// print_r($user);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>首页</title>
<link rel="stylesheet" type="text/css" href="../css/index.css">
</head>
<body>
<nav>
<a href="">我的首页</a>
<?php if (isset($user)) : ?>
<a href="" id="logout">
<span><?php echo $user['name'] ?></span>
退出
</a>
<?php else : ?>
<a href="login.php">登录</a>
<?php endif ?>
</nav>
<script>
// 为退出按钮创建事件监听器
if (document.querySelector('#logout') !== null) {
document.querySelector('#logout').addEventListener('click', function(event) {
if (confirm('是否退出')) {
// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
event.preventDefault();
// 跳转到退出事件处理器
window.location.assign('handle.php?action=logout');
}
});
}
</script>
</body>
</html>
登录页面
<?php
// 判断是否已登录
if (filter_has_var(INPUT_COOKIE, 'user')) {
exit('<script>alert("请不要重复登录");location.href="index.php"</script>');
}
?>
<!DOCTYPE html>
<html>
<head>
<title>用户登录</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); } </script>
<meta name="keywords" content="Flat Dark Web Login Form Responsive Templates, Iphone Widget Template, Smartphone login forms,Login form, Widget Template, Responsive Templates, a Ipad 404 Templates, Flat Responsive Templates" />
<link href="css/style.css" rel='stylesheet' type='text/css' />
</head>
<body>
<script>
// $(document).ready(function(c) {
// $('.close').on('click', function(c){
// $('.login-form').fadeOut('slow', function(c){
// $('.login-form').remove();
// });
// });
// });
</script>
<!--SIGN UP-->
<h1>用户登录</h1>
<div class="login-form">
<div class="close"> </div>
<div class="head-info">
<label class="lbl-1"> </label>
<label class="lbl-2"> </label>
<label class="lbl-3"> </label>
</div>
<div class="clear"> </div>
<div class="avtar">
<img src="images/avtar.png" />
</div>
<form action="handle.php?action=login" method="post">
<input type="text" class="text" name="name" id="name" value="Username" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'zhangheng';}" >
<div class="key">
<input type="password" name="password" id="password"value="Password" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = '';}">
</div>
<div class="signin">
<input type="submit" value="登录" >
</div>
</form>
<a href="register.php">还没有帐号, 注册一个吧</a>
</div>
</body>
</html>
注册页面代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>用户注册</title>
</head>
<body>
<h3>用户注册</h3>
<form action="handle.php?action=register" method="post" onsubmit="return compare()">
<div>
<label for="name">账号名称:</label>
<input type="text" name="name" id="name" placeholder="不少于3个字符" required autofocus>
</div>
<div>
<label for="email">邮箱:</label>
<input type="email" name="email" id="email" placeholder="demo@email.com" required>
</div>
<div>
<label for="p1">密码:</label>
<input type="password" name="p1" id="p1" placeholder="不少于6位" required>
</div>
<div>
<label for="p2">重复:</label>
<input type="password" name="p2" id="p2" placeholder="必须与上面一致" required>
</div>
<div>
<button>提交</button><span id="tips" style="color: red"></span>
</div>
</form>
<a href="login.php">我有帐号,直接登录</a>
<script>
// 验证二次密码是否相等?
function compare() {
if (document.forms[0].p1.value.trim() !== document.forms[0].p2.value.trim()) {
document.querySelector('#tips').innerText = '二次密码不相等';
return false;
}
}
</script>
</body>
</html>
对话控制文件代码
<?php
// 用户资料库, 实际项目中,应该用数据库
$users = [
[
'id' => 1,
'name' => '1',
'email' => 'admin@php.cn',
'password' => '123456',
],
[
'id' => 2,
'name' => 'peter',
'email' => 'peter@php.cn',
'password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
],
];
// 1. 验证请求来源的合法性
// 设置合法请求地址的白名单
$allowUrls = ['index.php', 'login.php', 'register.php'];
// 获取当前的请求入口地址
$currentUrl = basename(filter_input(INPUT_SERVER, 'HTTP_REFERER'));
if (!in_array($currentUrl, $allowUrls)) {
exit('非法来源');
}
// 2. 请求的分发处理
// 获取到当前的请求
$action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
$action = strtolower($action);
switch ($action) {
// 1. 登录
case 'login':
// (1) 判断请求的合法性
if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
// (2)获取到当前请求的数据
$name = filter_input(INPUT_POST, 'name');
// echo $name;
// 密码不要过滤
$password = filter_input(INPUT_POST, 'password');
// echo $email, $password;
$results = array_filter($users, function ($user) use ($name, $password) {
return $name === $user['name'] && $password === $user['password'];
});
print_r(count($results));
if (count($results) === 1) {
// setcookie('user', serialize($results[0]));
setcookie('user', serialize(array_pop($results)));
// print_r(unserialize($_COOKIE['user']));
exit('<script>alert("验证通过");location.href="index.php"</script>');
} else {
exit('<script>alert("用户名或密码错误,或没有帐号");location.href="register.php"</script>');
}
} else {
exit('非法请求');
}
break;
// 2. 退出
case 'logout':
if (filter_input(INPUT_COOKIE, 'user')) {
setcookie('user', null, time()-3600);
exit('<script>alert("退出成功");location.href="index.php"</script>');
}
break;
// 3.注册
case 'register':
$name = filter_var(filter_input(INPUT_POST, 'name'), FILTER_SANITIZE_SPECIAL_CHARS);
$email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);
$password = filter_input(INPUT_POST, 'p1');
$id = 3;
$data = compact('id', 'name', 'password');
// $users[] = $data;
// 这下面的弹窗没有
if (array_push($users, $data) == 1) {
exit('<script>alert("注册成功");location.assign("index.php");</script>');
}
print_r($users);
break;
// 未定义操作
default:
exit('未定义操作');
}
对css效果代码,此处省略100行,蟹蟹。
4.通过session实现会话控制
主页面代码
<?php
session_start();
if (isset($_SESSION['user'])) {
$user = $_SESSION['user'];
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>首页</title>
<link rel="stylesheet" type="text/css" href="../css/index.css">
</head>
<body>
<nav>
<a href="">我的首页</a>
<?php if (isset($user)) : ?>
<a href="" id="logout">
<span><?php echo $user['name'] ?></span>
退出
</a>
<?php else : ?>
<a href="logins.php">登录</a>
<?php endif ?>
</nav>
<script>
// 为退出按钮创建事件监听器
if (document.querySelector('#logout') !== null) {
document.querySelector('#logout').addEventListener('click', function(event) {
if (confirm('是否退出')) {
// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
event.preventDefault();
// 跳转到退出事件处理器
window.location.assign('handles.php?action=logout');
}
});
}
</script>
</body>
</html>
登录页面代码
<?php
// 开启会话
session_start();
// 判断是否已登录
if (isset($_SESSION['user'])) {
exit('<script>alert("请不要重复登录");location.href="indexs.php"</script>');
}
?>
<!DOCTYPE html>
<html>
<head>
<title>用户登录</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="utf-8">
<script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); } </script>
<meta name="keywords" content="Flat Dark Web Login Form Responsive Templates, Iphone Widget Template, Smartphone login forms,Login form, Widget Template, Responsive Templates, a Ipad 404 Templates, Flat Responsive Templates" />
<link href="css/style.css" rel='stylesheet' type='text/css' />
</head>
<body>
<script>
// $(document).ready(function(c) {
// $('.close').on('click', function(c){
// $('.login-form').fadeOut('slow', function(c){
// $('.login-form').remove();
// });
// });
// });
</script>
<!--SIGN UP-->
<h1>用户登录</h1>
<div class="login-form">
<div class="close"> </div>
<div class="head-info">
<label class="lbl-1"> </label>
<label class="lbl-2"> </label>
<label class="lbl-3"> </label>
</div>
<div class="clear"> </div>
<div class="avtar">
<img src="images/avtar.png" />
</div>
<form action="handles.php?action=login" method="post">
<input type="text" class="text" name="name" id="name" value="Username" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'zhangheng';}" >
<div class="key">
<input type="password" name="password" id="password"value="Password" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = '';}">
</div>
<div class="signin">
<input type="submit" value="登录" >
</div>
</form>
<a href="registers.php">还没有帐号, 注册一个吧</a>
</div>
</body>
</html>
注册页面代码
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>用户注册</title>
</head>
<body>
<h3>用户注册</h3>
<form action="handle.php?action=registers" method="post" onsubmit="return compare()">
<div>
<label for="name">账号名称:</label>
<input type="text" name="name" id="name" placeholder="不少于3个字符" required autofocus>
</div>
<div>
<label for="email">邮箱:</label>
<input type="email" name="email" id="email" placeholder="demo@email.com" required>
</div>
<div>
<label for="p1">密码:</label>
<input type="password" name="p1" id="p1" placeholder="不少于6位" required>
</div>
<div>
<label for="p2">重复:</label>
<input type="password" name="p2" id="p2" placeholder="必须与上面一致" required>
</div>
<div>
<button>提交</button><span id="tips" style="color: red"></span>
</div>
</form>
<a href="login.php">我有帐号,直接登录</a>
<script>
// 验证二次密码是否相等?
function compare() {
if (document.forms[0].p1.value.trim() !== document.forms[0].p2.value.trim()) {
document.querySelector('#tips').innerText = '二次密码不相等';
return false;
}
}
</script>
</body>
</html>
会话控制文件代码
<?php
// 开启会话
session_start();
// 用户资料库, 实际项目中,应该用数据库
$users = [
[
'id' => 1,
'name' => '1',
'email' => 'admin@php.cn',
'password' => '123456',
],
[
'id' => 2,
'name' => 'peter',
'email' => 'peter@php.cn',
'password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
],
];
// 1. 验证请求来源的合法性
// 设置合法请求地址的白名单
$allowUrls = ['indexs.php', 'logins.php', 'registers.php'];
// 获取当前的请求入口地址
$currentUrl = basename(filter_input(INPUT_SERVER, 'HTTP_REFERER'));
if (!in_array($currentUrl, $allowUrls)) {
exit('非法来源');
}
// 2. 请求的分发处理
// 获取到当前的请求
$action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
$action = strtolower($action);
switch ($action) {
// 1. 登录
case 'login':
// (1) 判断请求的合法性
if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
// (2)获取到当前请求的数据
$name = filter_input(INPUT_POST, 'name');
// echo $name;
// 密码不要过滤
$password = filter_input(INPUT_POST, 'password');
// echo $email, $password;
$results = array_filter($users, function ($user) use ($name, $password) {
return $name === $user['name'] && $password === $user['password'];
});
print_r(count($results));
if (count($results) === 1) {
// setcookie('user', serialize($results[0]));
// setcookie('user', serialize(array_pop($results)));
// print_r(unserialize($_COOKIE['user']));
$_SESSION['user'] = array_pop($results);
exit('<script>alert("验证通过");location.href="indexs.php"</script>');
} else {
exit('<script>alert("用户名或密码错误,或没有帐号");location.href="registers.php"</script>');
}
} else {
exit('非法请求');
}
break;
// 2. 退出
case 'logout':
if (isset($_SESSION['user'])) {
// setcookie('user', null, time()-3600);
session_destroy();
exit('<script>alert("退出成功");location.href="indexs.php"</script>');
}
break;
// 3.注册
case 'register':
$name = filter_var(filter_input(INPUT_POST, 'name'), FILTER_SANITIZE_SPECIAL_CHARS);
$email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);
$password = filter_input(INPUT_POST, 'p1');
$id = 3;
$data = compact('id', 'email', 'name', 'password');
// $users[] = $data;
// array_push($users, $data);
if (array_push($users, $data) == 1) {
exit('<script>alert("注册成功");location.assign("indexs.php");</script>');
}
print_r($users);
break;
// 未定义操作
default:
exit('未定义操作');
}
5.小结
通过这次实战,我对过滤器、cookie、session,有了进一步的了解,两者相差不大,主要是数据存储的地方不同,获取传输的数据方式基本相同,如果做好了通过cookie验证的文件,只要对此文件稍加修改就可以实现,值得注意的是session要开启会话。做个验证的时候,过程基本都正确,就是登录的时候总是密码不对,通过尝试才发现,密码是对的,但是控制会话文件对文件进行了加密,两个密码(库中的密码与传过来的密码),就不一样了,为了简单一点我就直接不加密了。最后,就基本没什么问题了。