cookie:
login.php
<?php header('content-type:text/html;charset=utf-8'); //屏蔽notice信息 error_reporting(E_ALL ^ E_NOTICE); if ($_SERVER['REQUEST_METHOD'] =='POST') { //对用户提交的数据进行初步检验 if (empty($_POST['name'])) {//对用户名进行判断 echo '<script>alert("用户名不能为空")</script>'; }else { $name = htmlspecialchars(trim($_POST['name']));//htmlspecialchars防止非法字符输入 如xss } if (empty($_POST['password'])) {//对密码进行非空判断 echo '<script>alert("用户密码不能为空")</script>'; }else { $password = htmlspecialchars(trim($_POST['password'])); } if ($name && $password) {//对用户提交的数据进行验证 //前端验证完成之后,进行服务器端的验证 try { $pdo = new PDO('mysql:dbname=demo','root','root'); $sql = "SELECT `name`,`password` FROM `user1` WHERE `name`=:name AND `password`=sha1(:password)"; $pdoStmt = $pdo->prepare($sql); $pdoStmt->bindParam(':name',$name,PDO::PARAM_STR); $pdoStmt->bindParam(':password',$password,PDO::PARAM_STR); $res = $pdoStmt->execute(); if (true == $res) { if ($pdoStmt->rowCount()==1) { setcookie('name',$name,time()+60*60,'php9/login'); setcookie('password',sha1($password),time()+60*60,'php9/login'); echo '<script>alert("登录成功");location.href="admin.php"</script>'; }else { echo '<script>alert("用户名或密码错误");history.back()</script>'; } }else { print_r($pdoStmt->errorInfo()); } }catch (PDOException $e) { echo $e->getMessage(); die(); } } } ?> <!doctype html> <html lang="en"> <head> <meta charset="UTF-8"> <link rel="stylesheet" href="../lib/dist/css/bootstrap.css"> <script src="../lib/jquery-3.2.1.js"></script> <script src="../lib/dist/js/bootstrap.js"></script> <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>用户登录</title> </head> <body> <div class="container"> <h3 align="center">用户登录</h3> <div class="row"> <div class="col-md-12"> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> <div class="form-group"> <label for="exampleInputEmail1">用户名</label> <input type="email" class="form-control" id="exampleInputEmail1" placeholder="用户名"> </div> <div class="form-group"> <label for="exampleInputPassword1">Password</label> <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password"> </div> <button type="submit" class="btn btn-success btn-block">登录</button> </form> </div> </div> </div> </body> </html>
admin.php
<?php header('content-type:text/html;charset=utf-8'); echo '<h3>登录成功</h3>'; if (isset($_COOKIE['name'])) { echo '欢迎管理员:'.$_COOKIE['name'].''; }else { //如果当前用户没有登录,那么禁止访问后台,并跳转回登录界面 echo '<script>alert("无权访问");location.href="login.php"</script>'; }
session
login.php
<?php header('content-type:text/html;charset=utf-8'); session_start(); //屏蔽notice信息 error_reporting(E_ALL ^ E_NOTICE); if ($_SERVER['REQUEST_METHOD'] =='POST') { //对用户提交的数据进行初步检验 if (empty($_POST['name'])) {//对用户名进行判断 echo '<script>alert("用户名不能为空")</script>'; }else { $name = htmlspecialchars(trim($_POST['name']));//htmlspecialchars防止非法字符输入 如xss } if (empty($_POST['password'])) {//对密码进行非空判断 echo '<script>alert("用户密码不能为空")</script>'; }else { $password = htmlspecialchars(trim($_POST['password'])); } if ($name && $password) {//对用户提交的数据进行验证 //前端验证完成之后,进行服务器端的验证 try { $pdo = new PDO('mysql:dbname=demo','root','root'); $sql = "SELECT `name`,`password` FROM `user1` WHERE `name`=:name AND `password`=sha1(:password)"; $pdoStmt = $pdo->prepare($sql); $pdoStmt->bindParam(':name',$name,PDO::PARAM_STR); $pdoStmt->bindParam(':password',$password,PDO::PARAM_STR); $res = $pdoStmt->execute(); if (true == $res) { if ($pdoStmt->rowCount()==1) { $_SESSION['name'] = $name; $_SESSION['password'] = sha1($password); echo '<script>alert("登录成功");location.href="admin.php"</script>'; }else { echo '<script>alert("用户名或密码错误");history.back()</script>'; } }else { print_r($pdoStmt->errorInfo()); } }catch (PDOException $e) { echo $e->getMessage(); die(); } } } ?> <!doctype html> <html lang="en"> <head> <meta charset="UTF-8"> <link rel="stylesheet" href="../lib/dist/css/bootstrap.css"> <script src="../lib/jquery-3.2.1.js"></script> <script src="../lib/dist/js/bootstrap.js"></script> <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>用户登录</title> </head> <body> <div class="container"> <h3 align="center">用户登录</h3> <div class="row"> <div class="col-md-12"> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> <div class="form-group"> <label for="exampleInputEmail1">用户名</label> <input type="email" class="form-control" id="exampleInputEmail1" placeholder="用户名"> </div> <div class="form-group"> <label for="exampleInputPassword1">Password</label> <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password"> </div> <button type="submit" class="btn btn-success btn-block">登录</button> </form> </div> </div> </div> <!--<h3>用户登录</h3>--> <!--<form action="--><?php //echo $_SERVER['PHP_SELF'] ?><!--" method="post">--> <!-- <p><label>用户:<input type="text" name="name" value="--><?php //echo isset($_POST['name'])?$_POST['name']:'' ?><!--"></label></p>--> <!-- <p><label>密码:<input type="password" name="password" value="--><?php //echo isset($_POST['password'])?$_POST['password']:'' ?><!--"></label></p>--> <!-- <p><button type="submit">提交</button></p>--> <!--</form>--> </body> </html>
admin.php文件
<?php header('content-type:text/html;charset=utf-8'); session_start(); echo '<h3>登录成功</h3>'; if (isset($_SESSION['name'])) { echo '欢迎管理员:'.$_SESSION['name'].''; }else { //如果当前用户没有登录,那么禁止访问后台,并跳转回登录界面 echo '<script>alert("无权访问");location.href="login.php"</script>'; }