简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

博客列表 >cookie和session实现登录验证(0114)

cookie和session实现登录验证(0114)

暴风战斧
暴风战斧原创
2020年02月06日 18:49:45559浏览

编程思路

1、我首先把登录验证整个流程画了出来;
2、考虑到请求验证分发页会花较多时间,将上次做的登录页拿来做了修改,快速完成了首页、登录、注册页;
3、然后写请求验证分发页,重点是将登录>注册>退出,挨个一边写一边查看效果修改代码!

作业总结

这次作业对过滤器的使用要顺心很多了,在两个地方有卡壳,一是:action=”handle.php?action=login”漏掉了action=,导致switch一直无法启用反复查看才发现;二是:array_filter()函数和里面的function($user)没理解,回看视频并结合手册解释“该函数把输入数组中的每个键值传给回调函数。如果回调函数返回 true,则把输入数组中的当前键值返回给结果数组。数组键名保持不变。”才顺利理解了!

  1. array_filter($users, function ($user) use ($email, $password) {
  2.                 return $email === $user['email'] && $password === $user['password'];
  3.             }

1.登录验证流程图

2.cookie实现验证登录

  • 首页代码
  1. <?php
  2. //首页
  3. //判断是否登录
  4. if (filter_has_var(INPUT_COOKIE,'user')) {
  5.     $user = unserialize(filter_input(INPUT_COOKIE,'user'));
  6. }
  7. //print_r($user);
  8. ?>
  10. <!doctype html>
  11. <html lang="en">
  12. <head>
  13.     <meta charset="UTF-8">
  14.     <title>首页</title>
  15.     <link rel="stylesheet" href="index.css">
  16. </head>
  17. <body>
  18. <div>
  19.     <a href="">在线商城</a>
  20.     <!--登录状态判断-->
  21.     <?php if (isset($user)) : ?>
  22.         <a href="" id="logout">
  23.             <span><?php echo $user['name'] ?></span>
  24.             退出
  25.         </a>
  26.     <?php else : ?>
  27.         <a href="login.php">登录</a>
  28.     <?php endif ?>
  29. </div>
  31. <script>
  32.     //        为退出按钮创建事件监听器
  33.     if (document.querySelector('#logout') !== null) {
  34.         document.querySelector('#logout').addEventListener('click', function(event) {
  35.             if (confirm('是否退出')) {
  36.                 // 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
  37.                 event.preventDefault();
  38.                 // 跳转到退出事件处理器
  39.                 window.location.assign('handle.php?action=logout');
  40.             }
  41.         });
  42.     }
  43. </script>
  44. </body>
  45. </html>
  • 登录页代码
  1. <?php
  2. //检查是否重复登录
  3. if (filter_input(INPUT_COOKIE, 'user')) {
  4.     exit('<script>alert("请不要重复登录")</script>');
  5. }
  6. ?>
  7. <!doctype html>
  8. <html lang="en">
  9. <head>
  10.     <meta charset="UTF-8">
  11.     <title>用户登录</title>
  12.     <link rel="stylesheet" href="style.css">
  13. </head>
  14. <body>
  15. <div class="container">
  16.     <h3>用户登录</h3>
  17.     <form action="handle.php?action=login" method="post">
  18.         <span>
  19.             <label for="email">邮箱:</label>
  20.             <input type="email" name="email" id="email" placeholder="demo@php.cn"  required autofocus>
  21.         </span>
  22.         <span>
  23.             <label for="password">密码:</label>
  24.             <input type="password" name="password" id="password" placeholder="请输入密码"  required autofocus>
  25.         </span>
  26.         <span>
  27.             <button>立即登录</button>
  28.         </span>
  29.     </form>
  30.     <div>
  31.         <a href="register.php">还没账号,注册一个!</a>
  32.     </div>
  33. </div>
  34. </body>
  35. </html>
  • 效果图

  • 注册页代码
  1. <!doctype html>
  2. <html lang="en">
  3. <head>
  4.     <meta charset="UTF-8">
  5.     <title>用户注册</title>
  6.     <link rel="stylesheet" href="style.css">
  7. </head>
  8. <body>
  9. <div class="container">
  10.     <h3>用户注册</h3>
  11.     <form action="handle.php?action=register" method="post" onsubmit="return compare()">
  12.         <span>
  13.             <label for="name">昵称:</label>
  14.             <input type="text" name="name" id="name" placeholder="昵称不少于3个字符"  required autofocus>
  15.         </span>
  16.         <span>
  17.             <label for="email">邮箱:</label>
  18.             <input type="email" name="email" id="email" placeholder="demo@php.cn"  required autofocus>
  19.         </span>
  20.         <span>
  21.             <label for="p1">密码:</label>
  22.             <input type="password" name="p1" id="p1" placeholder="请输入密码"  required>
  23.         </span>
  24.         <span>
  25.             <label for="p2">重复:</label>
  26.             <input type="password" name="p2" id="p2" placeholder="再次输入密码"  required>
  27.         </span>
  28.         <span>
  29.             <button>立即注册</button>
  30.             <span id="tips" style="color: red"></span>
  31.         </span>
  32.     </form>
  33.     <div>
  34.         <a href="login.php">我有账号,直接登录!</a>
  35.     </div>
  36. </div>
  37. <script>
  38.     // 验证二次密码是否相等?
  39.     function compare() {
  40.         if (document.forms[0].p1.value.trim() !== document.forms[0].p2.value.trim()) {
  41.             document.querySelector('#tips').innerText = '二次密码不相等';
  42.             return false;
  43.         }
  44.     }
  45. </script>
  46. </body>
  47. </html>
  • 效果图

  • 请求分发页代码
  1. <?php
  3. // 用户资料
  4. $users = [
  5.     [
  6.         'id' => 1,
  7.         'name' => 'admin',
  8.         'email' => 'admin@php.cn',
  9.         'password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
  10.     ],
  11.     [
  12.         'id' => 2,
  13.         'name' => 'peter',
  14.         'email' => 'peter@php.cn',
  15.         'password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
  16.     ],
  17. ];
  19. //1、验证请求来源合法性
  21. //合法的请求URL白名单
  22. $allowUrls = ['login.php', 'register.php', 'index.php'];
  24. //获取当前请求的入口地址
  25. $currentUrl = basename(filter_input(INPUT_SERVER, 'HTTP_REFERER'));
  26. //echo $currentUrl;
  28. //验证来源合法性
  29. if (!in_array($currentUrl, $allowUrls)) {
  30.     exit('非法来源');
  31. }
  33. //2、请求的分发处理
  35. //获取到当前请求类型
  37. $action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
  39. $action = strtolower($action);
  40. //echo $action;
  42. //分发处理
  44. switch ($action) {
  45. //登录
  46.     case 'login':
  47.         //(1)验证登录请求合法性
  48.         if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
  49.             //(2)获取当前请求数据
  50.             $email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);
  51.             $password = sha1(filter_input(INPUT_POST, 'password'));
  52. //            echo $email, $password;
  53.             $results = array_filter($users, function ($user) use ($email, $password) {
  54.                 return $email === $user['email'] && $password === $user['password'];
  55.             });
  56. //            print_r($results);
  57.             if (count($results) === 1) {
  58.                 setcookie('user', serialize(array_pop($results)));
  59.                 exit('<script>alert("登录成功");location.href="index.php"</script>');
  60.             } else {
  61.                 exit('<script>alert("邮箱或密码错误,或没有账号!");location.href="register.php"</script>');
  62.             }
  63.         } else {
  64.             exit('请求非法');
  65.         }
  66.         break;
  67. //退出
  68.     case 'logout':
  69.         //检查cookie中是否有该用户,有则删除cookie
  70.         if (filter_input(INPUT_COOKIE, 'user')) {
  71.             setcookie('user', null, time() - 3600);
  72.             exit('<script>alert("退出成功");location.href="index.php"</script>');
  73.         }
  74.         break;
  75. //注册
  76.     case 'register':
  77.         //处理注册信息
  78.         if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
  79.             //获取注册信息
  80.             $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
  81.             $email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);
  82.             $password = sha1(filter_input(INPUT_POST, 'password'));
  83.             $id = 3;
  84.             //打包注册信息
  85.             $data = compact($name, $email, $password, $id);
  86.             //注册信息写入资料库并提示
  87.             if (array_push($users, $data)) {
  88.                 exit('<script>alert("注册成功");location.assign("index.php")</script>');
  89.             }
  90.         }
  91.         break;
  92. //未定义操作
  93.     default:
  94.         exit('未定义的操作');
  95. }

3.session实现登录验证

  • 首页代码
  1. <?php
  2. //开启会话
  3. session_start();
  5. //判断是否登录
  6. //if (filter_has_var(INPUT_COOKIE,'user')) {
  7. //    $user = unserialize(filter_input(INPUT_COOKIE,'user'));
  8. //}
  9. //print_r($user);
  10. if (isset($_SESSION['user'])) {
  11.     $user = $_SESSION['user'];
  12. }
  14. ?>
  16. <!doctype html>
  17. <html lang="en">
  18. <head>
  19.     <meta charset="UTF-8">
  20.     <title>首页</title>
  21.     <link rel="stylesheet" href="../index.css">
  22. </head>
  23. <body>
  24. <div>
  25.     <a href="">在线商城</a>
  26.     <!--登录状态判断-->
  27.     <?php if (isset($user)) : ?>
  28.         <a href="" id="logout">
  29.             <span><?php echo $user['name'] ?></span>
  30.             退出
  31.         </a>
  32.     <?php else : ?>
  33.         <a href="login.php">登录</a>
  34.     <?php endif ?>
  35. </div>
  37. <script>
  38.     //        为退出按钮创建事件监听器
  39.     if (document.querySelector('#logout') !== null) {
  40.         document.querySelector('#logout').addEventListener('click', function(event) {
  41.             if (confirm('是否退出')) {
  42.                 // 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
  43.                 event.preventDefault();
  44.                 // 跳转到退出事件处理器
  45.                 window.location.assign('handle.php?action=logout');
  46.             }
  47.         });
  48.     }
  49. </script>
  50. </body>
  51. </html>
  • 登录页代码
  1. <?php
  2. //开启会话
  3. session_start();
  5. //检查是否重复登录
  6. if (isset($_SESSION['user'])) {
  7.     exit('<script>alert("请不要重复登录")</script>');
  8. }
  9. ?>
  10. <!doctype html>
  11. <html lang="en">
  12. <head>
  13.     <meta charset="UTF-8">
  14.     <title>用户登录</title>
  15.     <link rel="stylesheet" href="../style.css">
  16. </head>
  17. <body>
  18. <div class="container">
  19.     <h3>用户登录</h3>
  20.     <form action="handle.php?action=login" method="post">
  21.         <span>
  22.             <label for="email">邮箱:</label>
  23.             <input type="email" name="email" id="email" placeholder="demo@php.cn"  required autofocus>
  24.         </span>
  25.         <span>
  26.             <label for="password">密码:</label>
  27.             <input type="password" name="password" id="password" placeholder="请输入密码"  required autofocus>
  28.         </span>
  29.         <span>
  30.             <button>立即登录</button>
  31.         </span>
  32.     </form>
  33.     <div>
  34.         <a href="register.php">还没账号,注册一个!</a>
  35.     </div>
  36. </div>
  37. </body>
  38. </html>
  • 请求分发页代码
  1. <?php
  2. //开启会话
  3. session_start();
  5. // 用户资料
  6. $users = [
  7.     [
  8.         'id' => 1,
  9.         'name' => 'admin',
  10.         'email' => 'admin@php.cn',
  11.         'password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
  12.     ],
  13.     [
  14.         'id' => 2,
  15.         'name' => 'peter',
  16.         'email' => 'peter@php.cn',
  17.         'password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
  18.     ],
  19.     [
  20.         'id' => 4,
  21.         'name' => 'wener',
  22.         'email' => 'wener@php.cn',
  23.         'password' => '7c4a8d09ca3762af61e59520943dc26494f8941b',
  24.     ]
  25. ];
  27. //1、验证请求来源合法性
  29. //合法的请求URL白名单
  30. $allowUrls = ['login.php', 'register.php', 'index.php'];
  32. //获取当前请求的入口地址
  33. $currentUrl = basename(filter_input(INPUT_SERVER, 'HTTP_REFERER'));
  34. //echo $currentUrl;
  36. //验证来源合法性
  37. if (!in_array($currentUrl, $allowUrls)) {
  38.     exit('非法来源');
  39. }
  41. //2、请求的分发处理
  43. //获取到当前请求类型
  45. $action = filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
  47. $action = strtolower($action);
  48. //echo $action;
  50. //分发处理
  52. switch ($action) {
  53. //登录
  54.     case 'login':
  55.         //(1)验证登录请求合法性
  56.         if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
  57.             //(2)获取当前请求数据
  58.             $email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);
  59.             $password = sha1(filter_input(INPUT_POST, 'password'));
  60. //            echo $email, $password;
  61.             $results = array_filter($users, function ($user) use ($email, $password) {
  62.                 return $email === $user['email'] && $password === $user['password'];
  63.             });
  64. //            print_r($results);
  65.             if (count($results) === 1) {
  66.                 $_SESSION['user'] = array_pop($results);
  67.                 exit('<script>alert("登录成功");location.href="index.php"</script>');
  68.             } else {
  69.                 exit('<script>alert("邮箱或密码错误,或没有账号!");location.href="register.php"</script>');
  70.             }
  71.         } else {
  72.             exit('请求非法');
  73.         }
  74.         break;
  75. //退出
  76.     case 'logout':
  77.         //检查是否有该用户,有则删除
  78.         if (isset($_SESSION['user'])) {
  79.             session_destroy();
  80.             exit('<script>alert("退出成功");location.href="index.php"</script>');
  81.         }
  82.         break;
  83. //注册
  84.     case 'register':
  85.         //处理注册信息
  86.         if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
  87.             //获取注册信息
  88.             $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
  89.             $email = filter_var(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL), FILTER_SANITIZE_EMAIL);
  90.             $password = sha1(filter_input(INPUT_POST, 'password'));
  91.             $id = 3;
  92.             //打包注册信息
  93.             $data = compact($name, $email, $password, $id);
  94.             //注册信息写入资料库并提示
  95.             if (array_push($users, $data)) {
  96.                 exit('<script>alert("注册成功");location.assign("index.php")</script>');
  97.             }
  98.         }
  99.         break;
  100. //未定义操作
  101.     default:
  102.         exit('未定义的操作');
  103. }
上一条:织梦整站迁移换空间该如何操作?下一条:mysql 储存过程,procedure
声明:本文内容转载自脚本之家,由网友自发贡献,版权归原作者所有,如您发现涉嫌抄袭侵权,请联系admin@php.cn 核实处理。
全部评论
文明上网理性发言,请遵守新闻评论服务协议

相关文章

查看更多