实现登录基本流程: 1.获取表单数据
2.对表单数据预处理 防止代码数据
3.链接数据库并执行查询
4.成功后写入session
5.后台先判断是否有session,没有跳转登录,有进入后台
<?php
header("content-type:text/html;charset=utf-8");
//开启session会话
session_start();
//屏蔽NOTICE级别错误报告
error_reporting(E_ALL ^ E_NOTICE);
//判断请求类型
if($_SERVER['REQUEST_METHOD'] == 'POST'){
// echo '123';
//判断不能为空
if(empty($_POST['name'])){
echo'<script>alert("用户名不能为空")</script>';
}else{
//htmlspecialchars函数将HTML代码实例化 trim 去除左右空格
$name = htmlspecialchars(trim($_POST['name']));
}
if(empty($_POST['password'])){
echo'<script>alert("密码不能为空")</script>';
}else{
$password = htmlspecialchars(trim($_POST['password']));
}
if($name && $password){
try{
//pdo链接数据库
$dsn = 'mysql:host=localhost;dbname=demo;charset=utf8';
$pdo = new PDO($dsn,'root','root');
//查询
$sql = "SELECT `name` `password` FROM user1 WHERE `name`=:name AND `password`=:password";
$pdoStmt = $pdo->prepare($sql);
//绑定数据
$pdoStmt->bindParam('name',$name,PDO::PARAM_STR);
$pdoStmt->bindParam('password',sha1($password),PDO::PARAM_STR);
$res = $pdoStmt->execute();
if(true == $res){
if($pdoStmt->rowCount()==1){
//设置cookie 过期时间为 1小时,只在当前 www.php.io/demo/php目录有效
//setcookie('name',$name,time()+60*60,'/demo/php');
//写入session
$_SESSION['name'] = $name;
$_SESSION['password'] = $password;
//跳转
echo '<script>alert("登录成功");location.href="admin.php"</script>';
}else{
echo '<script>alert("用户名或者密码错误,请检查")</script>';
}
}else{
print_r($pdoStmt->errorInfo());
}
}catch(PDOException $e){
echo $e->getMessage();
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="" method="post">
<fieldset>
<legend>用户登录</legend>
<label>姓名:<input type="text" name="name"></label>
<label>密码<input type="password" name="password"></label>
<button>提交</button>
</fieldset>
</form>
</body>
</html>后台代码:
//使用session前必须开启会话
session_start();
if(isset($_SESSION['name'])){
echo '<h1>后台首页</h1>';
echo '欢迎管理员'.$_SESSION['name'].'登录';
}else{
//未发现$_SESSION['name'] ;location.href 跳转
echo '<script>alert("请先登录");location.href="login.php"</script>';
}