cookie:
login.php
<?php
header('content-type:text/html;charset=utf-8');
//屏蔽notice信息
error_reporting(E_ALL ^ E_NOTICE);
if ($_SERVER['REQUEST_METHOD'] =='POST') {
//对用户提交的数据进行初步检验
if (empty($_POST['name'])) {//对用户名进行判断
echo '<script>alert("用户名不能为空")</script>';
}else {
$name = htmlspecialchars(trim($_POST['name']));//htmlspecialchars防止非法字符输入 如xss
}
if (empty($_POST['password'])) {//对密码进行非空判断
echo '<script>alert("用户密码不能为空")</script>';
}else {
$password = htmlspecialchars(trim($_POST['password']));
}
if ($name && $password) {//对用户提交的数据进行验证
//前端验证完成之后,进行服务器端的验证
try {
$pdo = new PDO('mysql:dbname=demo','root','root');
$sql = "SELECT `name`,`password` FROM `user1` WHERE `name`=:name AND `password`=sha1(:password)";
$pdoStmt = $pdo->prepare($sql);
$pdoStmt->bindParam(':name',$name,PDO::PARAM_STR);
$pdoStmt->bindParam(':password',$password,PDO::PARAM_STR);
$res = $pdoStmt->execute();
if (true == $res) {
if ($pdoStmt->rowCount()==1) {
setcookie('name',$name,time()+60*60,'php9/login');
setcookie('password',sha1($password),time()+60*60,'php9/login');
echo '<script>alert("登录成功");location.href="admin.php"</script>';
}else {
echo '<script>alert("用户名或密码错误");history.back()</script>';
}
}else {
print_r($pdoStmt->errorInfo());
}
}catch (PDOException $e) {
echo $e->getMessage();
die();
}
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="../lib/dist/css/bootstrap.css">
<script src="../lib/jquery-3.2.1.js"></script>
<script src="../lib/dist/js/bootstrap.js"></script>
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>用户登录</title>
</head>
<body>
<div class="container">
<h3 align="center">用户登录</h3>
<div class="row">
<div class="col-md-12">
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<div class="form-group">
<label for="exampleInputEmail1">用户名</label>
<input type="email" class="form-control" id="exampleInputEmail1" placeholder="用户名">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
</div>
<button type="submit" class="btn btn-success btn-block">登录</button>
</form>
</div>
</div>
</div>
</body>
</html>admin.php
<?php
header('content-type:text/html;charset=utf-8');
echo '<h3>登录成功</h3>';
if (isset($_COOKIE['name'])) {
echo '欢迎管理员:'.$_COOKIE['name'].'';
}else {
//如果当前用户没有登录,那么禁止访问后台,并跳转回登录界面
echo '<script>alert("无权访问");location.href="login.php"</script>';
}session
login.php
<?php
header('content-type:text/html;charset=utf-8');
session_start();
//屏蔽notice信息
error_reporting(E_ALL ^ E_NOTICE);
if ($_SERVER['REQUEST_METHOD'] =='POST') {
//对用户提交的数据进行初步检验
if (empty($_POST['name'])) {//对用户名进行判断
echo '<script>alert("用户名不能为空")</script>';
}else {
$name = htmlspecialchars(trim($_POST['name']));//htmlspecialchars防止非法字符输入 如xss
}
if (empty($_POST['password'])) {//对密码进行非空判断
echo '<script>alert("用户密码不能为空")</script>';
}else {
$password = htmlspecialchars(trim($_POST['password']));
}
if ($name && $password) {//对用户提交的数据进行验证
//前端验证完成之后,进行服务器端的验证
try {
$pdo = new PDO('mysql:dbname=demo','root','root');
$sql = "SELECT `name`,`password` FROM `user1` WHERE `name`=:name AND `password`=sha1(:password)";
$pdoStmt = $pdo->prepare($sql);
$pdoStmt->bindParam(':name',$name,PDO::PARAM_STR);
$pdoStmt->bindParam(':password',$password,PDO::PARAM_STR);
$res = $pdoStmt->execute();
if (true == $res) {
if ($pdoStmt->rowCount()==1) {
$_SESSION['name'] = $name;
$_SESSION['password'] = sha1($password);
echo '<script>alert("登录成功");location.href="admin.php"</script>';
}else {
echo '<script>alert("用户名或密码错误");history.back()</script>';
}
}else {
print_r($pdoStmt->errorInfo());
}
}catch (PDOException $e) {
echo $e->getMessage();
die();
}
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="../lib/dist/css/bootstrap.css">
<script src="../lib/jquery-3.2.1.js"></script>
<script src="../lib/dist/js/bootstrap.js"></script>
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>用户登录</title>
</head>
<body>
<div class="container">
<h3 align="center">用户登录</h3>
<div class="row">
<div class="col-md-12">
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<div class="form-group">
<label for="exampleInputEmail1">用户名</label>
<input type="email" class="form-control" id="exampleInputEmail1" placeholder="用户名">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
</div>
<button type="submit" class="btn btn-success btn-block">登录</button>
</form>
</div>
</div>
</div>
<!--<h3>用户登录</h3>-->
<!--<form action="--><?php //echo $_SERVER['PHP_SELF'] ?><!--" method="post">-->
<!-- <p><label>用户:<input type="text" name="name" value="--><?php //echo isset($_POST['name'])?$_POST['name']:'' ?><!--"></label></p>-->
<!-- <p><label>密码:<input type="password" name="password" value="--><?php //echo isset($_POST['password'])?$_POST['password']:'' ?><!--"></label></p>-->
<!-- <p><button type="submit">提交</button></p>-->
<!--</form>-->
</body>
</html>admin.php文件
<?php
header('content-type:text/html;charset=utf-8');
session_start();
echo '<h3>登录成功</h3>';
if (isset($_SESSION['name'])) {
echo '欢迎管理员:'.$_SESSION['name'].'';
}else {
//如果当前用户没有登录,那么禁止访问后台,并跳转回登录界面
echo '<script>alert("无权访问");location.href="login.php"</script>';
}