说明:
使用cookie及session保存用户登录信息
运行效果:
登录页面 login.php
后台页面admin.php
示例源码:
login.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<!--本地引用-->
<link rel="stylesheet" href="bootstrap-3.3.7-dist/css/bootstrap.css">
<script src="jquery-3.2.1.min.js"></script>
<script src="bootstrap-3.3.7-dist/js/bootstrap.js"></script>
<!--CDN/远程引用-->
<!--<link rel="stylesheet" href="http://apps.bdimg.com/libs/bootstrap/3.3.4/css/bootstrap.css">-->
<!--<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>-->
<!--<script src="http://apps.bdimg.com/libs/bootstrap/3.3.4/js/bootstrap.js"></script>-->
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-12">
<h3>登录</h3>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<div class="form-group">
<label for="userName">用户名</label>
<input type="text" class="form-control" name="userName" id="userName" placeholder="用户名" value="<?php echo isset($_POST['userName'])?$_POST['userName']:''; ?>">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" name="password" id="password" placeholder="密码" value="<?php echo isset($_POST['password'])?$_POST['password']:''; ?>">
</div>
<button type="submit" class="btn btn-primary">登录</button>
</form>
</div>
</div>
</div>
</body>
</html>
<?php
//连接数据库
require 'inc/connect.php';
//用户登录验证
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//初始化
$userName = '';
$password = '';
//1、前端验证
if (empty($_POST['userName'])) { //用户名是否为空
echo '<script>alert("用户名不能为空~~")</script>';
} else { //去掉左右空格并将html字符转义为实体
$userName = htmlspecialchars(trim($_POST['userName']));
}
if (empty($_POST['password'])) {
echo '<script>alert("密码不能为空~~");</script>';
} else { //去掉左右空格并将html字符转义为实体
$password = htmlspecialchars(trim($_POST['password']));
}
if ($userName && $password) {
//2、后端的数据库验证
try{
$sql = "SELECT `name`,`password` FROM user WHERE name=:name AND password=sha1(:password)";
$pdoStmt = $pdo->prepare($sql);
$pdoStmt->bindParam(':name',$userName,PDO::PARAM_STR);
$pdoStmt->bindParam(':password',$password,PDO::PARAM_STR);
$res = $pdoStmt->execute();
if (true == $res) {
if ($pdoStmt->rowCount() === 1) {
//如果验证通过,把用户信息写入cookie
setcookie('userName', $userName,time()+60*60,'/L31/');
setcookie('password', $password,time()+60*60,'/L31/');
echo '<script>alert("登录成功~~");location.href="admin.php"</script>';
} else {
echo '<script>alert("用户名或密码错误,请重新输入~~");history.back()</script>';
}
} else {
print_r($pdoStmt->errorInfo());
}
}catch (PDOException $e) {
echo $e->getMessage();
die('数据库连接失败,强制退出~~');
}
} else {
echo '<script>alert("输入有误,请检查~~")</script>';
}
}
?>admin.php
<?php
echo '<h2>PHP中文网管理后台</h2>';
if (isset($_COOKIE['userName'])) { //判断当前用户是否登录?
echo '<p>欢迎管理员:<span style="color:red">'.$_COOKIE['userName'].'</span></p>';
} else {
echo '<script>alert("请登录~~");location.href="login.php"</script>';
}以上使用的是cookie,改为session需要修改:
login.php 第71、72行
$_SESSION['userName'] = $userName; $_SESSION['password'] = $password;
admin.php
<?php
echo '<h2>PHP中文网管理后台</h2>';
if (isset($_SESSION['userName'])) { //判断当前用户是否登录?
echo '<p>欢迎管理员:<span style="color:red">'.$_SESSION['userName'].'</span></p>';
} else {
echo '<script>alert("请登录~~");location.href="login.php"</script>';
}cookie 和 session的区别:
cookie机制是在客户端保持登录状态,而session机制是在服务器端保存。
