search

博客列表 >使用session完成用户跟踪

使用session完成用户跟踪

ccc9112020
ccc9112020原创
2020年12月03日 18:58:04862浏览

cookie,session,token,是用户认证和跟踪的三个主要工具。
cookie存储在浏览器端,安全性比较低,由用户控制。
session存储在服务器端,主要基于cookie。
而token在现在的移动端非常常见。
下面简单演示session的用户跟踪。

一个网站下面有index.php,login.php,check.php三个文件。

check.php:

  1. <?php
  3. $pdo=new PDO('mysql:host=localhost;dbname=phplesson','root','root');
  4. $stmt=$pdo->prepare('SELECT username,password,id FROM adminuser');
  5. $stmt->execute();
  6. $users=$stmt->fetchAll(PDO::FETCH_ASSOC);
  7. extract($_POST);
  9. var_dump($_POST);
  11. $users=array_filter($users,function($user) use ($username,$password){
  12.     return $username===$user['username'] && $password === $user['password'];
  13. });
  15. // die($users);
  17. // print_r($users);
  19. // print_r($user);
  20. if(count($users)===1){
  21.     echo "成功登陆";
  22.     setcookie('username','',time()-3600);
  23.     setcookie('auth','',time()-3600);
  24.     if(!empty($auto_login)){
  25.         setcookie('username',$username,strtotime("+7days"));
  26.         $salt="phplesson";
  27.         $auth=md5($username.$password.$salt).",".$users[0]['id'];
  28.         setcookie('auth',$auth,strtotime("+7days"));
  29.     }else{
  30.         setcookie('username',$username);
  31.     }
  32.     exit("
  33.         <script>
  34.             alert('登陆成功');
  35.             location.href='index.php';
  36.         </script>
  37.     ");
  38. }else{
  39.     exit("
  40.         <script>
  41.             alert('登陆不成功');
  42.             location.href='login.php';
  43.         </script>
  44.     ");
  45. }

login.php

  1. <?php
  2.     if(isset($_GET['action'])&&$_GET['action']=='logout'){
  3.         setcookie("username",);
  4.         setcookie("auth","",time()-3600);
  5.     }
  6. ?>
  8. <!DOCTYPE html>
  9. <html lang="">
  10. <head>
  11.     <meta charset="UTF-8">
  12.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  13.     <title>后台登录</title>
  14.     <style>
  15.         *{
  16.             margin:0;
  17.             padding: 0;
  18.             box-sizing: border-box;
  19.         }
  20.         h2{
  21.             margin-top: 1em;
  22.             text-align: center;
  23.         }
  24.         h2>button{
  25.             background-color: lightgreen;
  26.             padding: 3px;
  27.             border:none;
  28.             border-radius: 3px;
  29.         }
  30.         form{
  31.             display: grid;
  32.             width: 20em;
  33.             /* auto可以自动占据空间实现居中 */
  34.             margin:2em auto;
  35.             background-color: lightblue;
  36.             padding: 1em;
  37.             grid-template-columns: 5em 10em;
  38.             place-content: center;
  39.             gap:1em 0;
  40.             border:3px solid #ccc;
  41.         }
  42.         form>.auto-login{
  43.             color:#333333;
  44.             font-size: 12px;
  45.             display: flex;
  46.             justify-content: space-evenly;
  47.             padding: 0.3em;
  48.             margin-left: -1em;
  49.             align-items: center;
  50.         }
  51.         form>button{
  52.             grid-area: auto/2/auto/span 1;
  53.             background-color: lightgreen;
  54.             border:none;
  55.             font-size: 1.2em;
  56.             letter-spacing: 0.5em;
  57.         }
  58.         form>button:hover{
  59.             color:#333334;
  60.             background-color: greenyellow;
  61.         }
  62.     </style>
  63. </head>
  64. <body>
  65.         <h2>后台用户登录&nbsp;&nbsp;&nbsp;<button>我要注册</button></h2>
  66.         <form action="check.php" method="post">
  67.             <label for="username">用户名:</label>
  68.             <input type="text" name="username" id="username" placeholder="用户名">
  69.             <label for="password">密码:</label>
  70.             <input type="password" name="password" id="password">
  71.             <div class="auto-login">
  72.                 <input type="checkbox" name="auto_login" id="auto-login">
  73.                 <label for="auto-login">自动登录</label>
  74.             </div>
  75.             <button>登录</button>
  76.         </form>
  77. </body>
  78. </html>

index.php

  1. <?php
  3. if(!isset($_COOKIE['username'])){
  4.     exit("
  5.     <Script>
  6.         alert('请先登录');
  7.         location.href='login.php';
  8.     </Script>
  9.     ");
  10. }
  12. if(isset($_COOKIE['auth'])){
  13.    $auth=$_COOKIE['auth'];
  14.    $authArr=explode(",",$auth);
  15.    $is_auth=$authArr[0];
  16.    $id=end($authArr);
  18.    $pdo=new PDO('mysql:host=localhost;dbname=phplesson','root','root');
  19.    $stmt=$pdo->prepare('SELECT username,password,id FROM adminuser WHERE id=?');
  20.    $stmt->execute([$id]);
  21.    $user=$stmt->fetch(PDO::FETCH_ASSOC);
  22.    if($stmt->rowCount()==1){
  23.         $username=$user['username'];
  24.         $password=$user['password'];
  25.         $salt='phplesson';
  26.         $auth=md5($username.$password.$salt);
  28.         if($auth!=$is_auth){
  29.             exit("
  30.             <Script>
  31.                 alert('请您先登录');
  32.                 location.href='login.php';
  33.             </Script>
  34.             ");
  35.         }
  37.    }else{
  38.         exit("
  39.         <Script>
  40.             alert('请您先登录');
  41.             location.href='login.php';
  42.         </Script>
  43.         ");
  44.    }
  45. }
  47. ?>
  49. <!DOCTYPE html>
  50. <html lang="">
  51. <head>
  52.     <meta charset="UTF-8">
  53.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  54.     <title>后台管理系统</title>
  55.     <style>
  56.         header{
  57.             width: 100%;
  58.             height: 4em;
  59.             display: flex;
  60.             justify-content: space-between;
  61.             background-color: lightblue;
  62.             padding-right:1em;
  63.         }
  64.         header>.logo{
  65.             padding: 1em 1em;
  66.         }
  68.         header>.user-status{
  69.             width: 6em;
  70.             padding: 1em;
  71.             position: relative;
  72.         }
  73.         header>.user-status>.islogin{
  74.             position: absolute;
  75.             width: 100%;
  76.             height: 100%;
  77.         }
  78.         header>.user-status>.unlogin{
  79.             width: 100%;
  80.             height: 100%;
  81.             position: absolute;
  82.         }
  83.         header>.user-status>*{
  84.             display: flex;
  85.             justify-content: space-evenly;
  86.         }
  87.         header>.user-status>*.unactive{
  88.             display: none;
  89.         }
  90.         .container{
  91.             text-align: center;
  92.             margin:2em;
  93.             font-size: 3em;
  94.         }
  95.     </style>
  96. </head>
  97. <body>
  98.     <header class="header">
  99.         <div class="logo">
  100.             简书后台
  101.         </div>
  102.         <div class="user-status">
  104.             <div class="islogin">
  105.                 <div class="username">
  106.                 <?php  echo $_COOKIE['username']; ?>
  107.                 </div>
  108.                 <div class="logout" id="logout">
  109.                     退出
  110.                 </div>  
  111.             </div>
  112.         </div>
  113.     </header>
  115.     <div class="container">
  116.         hello,欢迎你啊,<?php  echo $_COOKIE['username']; ?>同学!   
  117.     </div>
  119.     <script>
  120.     document.querySelector('#logout').addEventListener('click',(ev)=>{
  121.         if(confirm('是否退出')){
  122.             window.location.assign("login.php?action=logout");
  123.         }
  124.     },false);
  125.     </script>
  126. </body>
  127. </html>

效果图:

但是并没有看到老师界面的PHPSESSID,这不是很明白。当然了,基本功能并没有受影响。

上一条:通熟易懂的PHP案例,搞会OOP中这3个关键字,明天找‘对象’不再难...下一条:会话跟踪cookie与session学习和令牌自动登录实战
声明:本文内容转载自脚本之家,由网友自发贡献,版权归原作者所有,如您发现涉嫌抄袭侵权,请联系admin@php.cn 核实处理。
全部评论
文明上网理性发言,请遵守新闻评论服务协议
灭绝师太2020-12-04 14:29:051楼
1. isset($_COOKIE['auth'])&&!empty($_COOKIE['auth']),这样判断auth是否存在就更严谨了,有且不为空 2. PHPSESSID需要启用session才有~