COOKIE与SESSION实现用户登录、注册、验证

1.cookie与session

发送cookie

setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = ""
设置setcookie('user',serialize(array_pop($result)),time()+3600);
删除setcookie('user',null,time()-60);

session用法

//开始会话
session_start();
//销毁会话
session_destroy();

用户首页

<!DOCTYPE html>
<html lang="en">
<?php
if (isset($_COOKIE['user'])) $user=unserialize($_COOKIE['user']);
?>
<?php
//session用法
//session_start();
//if (isset($_SESSION['user'])) $user=unserialize($_SESSION['user']);
?>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>首页</title>
    <link rel="stylesheet" href="css/style.css">
</head>
<body>
    <nav>
        <a href="">我的首页</a>
        <?php if(isset($_COOKIE['user'])):?>
        //session的用法
        //<?php if(isset($_SESSION['user'])):?>
        <a href="" id=logout><span style="color: red"><?php echo $user['username'] ?></span>退出</a>
        <?php else: ?>
        <a href="login.php">登录</a>
        <?php endif ?>
    </nav>
</body>
<script>
//点击退出事件
document.querySelector('#logout').addEventListener('click', function(event) {
    if (confirm('是否退出')) {
        event.preventDefault();
        window.location.assign('handle.php?action=logout');
    }
});
</script>
</html>

登录页

<!DOCTYPE html>
<html lang="en">
<?php
//使用session
//session_start();
//if(isset($_SESSION['user']))
if(isset($_COOKIE['user']))
        exit('<script>alert("请不要重复登录");location.href="index.php";</script>'); 
?>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>登录</title>
</head>
<body>
    <form action="handle.php?action=login" method="POST">
        <fieldset>
            <legend>欢迎登录</legend>
            <div>
                <label for="email">邮箱：</label>
                <input type="email" name="email" id="email" autofocus placeholder="admin@php.com" required>
            </div>
            <div>
                <label for="password">密码：</label>
                <input type="password" name="password" id="password" placeholder="不少于4位不多于10位" required>
            </div>
            <div><button>登录</button><button><a href="register.php">去注册</a></button></div>
        </fieldset>
    </form>
</body>
</html>

注册页

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>注册</title>
</head>
<body>
    <form action="handle.php?action=register" method="POST">
        <fieldset>
            <legend>欢迎注册</legend>
            <div>
                <label for="username">用户名：</label>
                <input type="text" name="username" id="username" placeholder="不少于5位不多于10位" autofocus required>
            </div>
            <div>
                <label for="email">邮箱：</label>
                <input type="email" name="email" id="email" autofocus placeholder="admin@php.com" required>
            </div>
            <div>
                <label for="password1">密码：</label>
                <input type="password" name="password1" id="password1" placeholder="不少于4位不多于10位" required>
            </div>
            <div>
                <label for="password2">重复密码：</label>
                <input type="password" name="password2" id="password2" placeholder="不少于4位不多于10位" required>
            </div>
            <div><button>注册</button></div>
        </fieldset>
    </form>
</body>
</html>

控制器

<?php
//数据库查询
$pdo = new PDO('mysql:host=localhost;dbname=phpedu','root','root');
$sql = 'SELECT `*` FROM `users`';
$stmt = $pdo->prepare($sql);
$stmt->execute();
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
//session_start();
//////////////////////////////////////////
$action = $_GET['action'];
switch(strtolower($action)){
    case 'login':
        //判断请求是否合法
        if ($_SERVER['REQUEST_METHOD'] === 'POST'){
            $email = $_POST['email'];
            $password = sha1($_POST['password']);
            $result = array_filter($users,function($user) use($email,$password){
                return $user['email'] === $email && $user['password'] === $password;
            });
        if(count($result) === 1){
            //$_SESSION['user']=serialize(array_pop($result));
            setcookie('user',serialize(array_pop($result)),time()+3600);
            exit('<script>alert("验证通过");location.href="index.php"</script>');
        }else{
            exit('<script>alert("验证不通过");location.href="login.php"</script>');
        }
        }else{
            die('请求非法');
        }
        break;
        case 'logout':
            //if(isset($_SESSION['user'])){
                //session_destroy();
            if(isset($_COOKIE['user'])){
                setcookie('user',null,time()-60);
                exit('<script>alert("退出成功");location.assign("index.php")</script>');
            }
            break;
        case 'register':
            //获取数据
            $username =$_POST['username'];
            $email =$_POST['email'];
            $password =sha1($_POST['password1']);
            $register_time =time();
            //验证数据库有无该邮箱
            $stmt = $pdo->prepare("SELECT `email` FROM `users` WHERE `email`='{$email}'");
            $stmt->execute();
            $db_email = $stmt->fetchAll(PDO::FETCH_ASSOC);
            if(empty($db_email)===true){
                $sql = "INSERT `users` SET `username`='{$username}',`email`='{$email}',`password`='{$password}',`register_time`='{$register_time}'";
            $stmt=$pdo->prepare($sql);
            $stmt->execute();
            if ($stmt->rowCount()===1){
                exit('<script>alert("注册成功");location.assign("login.php")</script>');
            }else{
                exit('<script>alert("注册失败");location.assign("register.php")</script>');
            }
            }else{
                exit('<script>alert("邮箱已存在");location.assign("register.php")</script>');
            }
            break;
            default:
            exit('未定义错误');
}

感想

刚开始写的时候是在看了一遍视频以后，犯了很多的错误，各种漏写，之后一步一步验证错误，在结合老师的视频，又理了一遍，用户登录注册通过把控制处理代码统一写在一个模块，通过控制器来处理这些逻辑。