实现登录基本流程: 1.获取表单数据
2.对表单数据预处理 防止代码数据
3.链接数据库并执行查询
4.成功后写入session
5.后台先判断是否有session,没有跳转登录,有进入后台
<?php header("content-type:text/html;charset=utf-8"); //开启session会话 session_start(); //屏蔽NOTICE级别错误报告 error_reporting(E_ALL ^ E_NOTICE); //判断请求类型 if($_SERVER['REQUEST_METHOD'] == 'POST'){ // echo '123'; //判断不能为空 if(empty($_POST['name'])){ echo'<script>alert("用户名不能为空")</script>'; }else{ //htmlspecialchars函数将HTML代码实例化 trim 去除左右空格 $name = htmlspecialchars(trim($_POST['name'])); } if(empty($_POST['password'])){ echo'<script>alert("密码不能为空")</script>'; }else{ $password = htmlspecialchars(trim($_POST['password'])); } if($name && $password){ try{ //pdo链接数据库 $dsn = 'mysql:host=localhost;dbname=demo;charset=utf8'; $pdo = new PDO($dsn,'root','root'); //查询 $sql = "SELECT `name` `password` FROM user1 WHERE `name`=:name AND `password`=:password"; $pdoStmt = $pdo->prepare($sql); //绑定数据 $pdoStmt->bindParam('name',$name,PDO::PARAM_STR); $pdoStmt->bindParam('password',sha1($password),PDO::PARAM_STR); $res = $pdoStmt->execute(); if(true == $res){ if($pdoStmt->rowCount()==1){ //设置cookie 过期时间为 1小时,只在当前 www.php.io/demo/php目录有效 //setcookie('name',$name,time()+60*60,'/demo/php'); //写入session $_SESSION['name'] = $name; $_SESSION['password'] = $password; //跳转 echo '<script>alert("登录成功");location.href="admin.php"</script>'; }else{ echo '<script>alert("用户名或者密码错误,请检查")</script>'; } }else{ print_r($pdoStmt->errorInfo()); } }catch(PDOException $e){ echo $e->getMessage(); } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="" method="post"> <fieldset> <legend>用户登录</legend> <label>姓名:<input type="text" name="name"></label> <label>密码<input type="password" name="password"></label> <button>提交</button> </fieldset> </form> </body> </html>
后台代码:
//使用session前必须开启会话 session_start(); if(isset($_SESSION['name'])){ echo '<h1>后台首页</h1>'; echo '欢迎管理员'.$_SESSION['name'].'登录'; }else{ //未发现$_SESSION['name'] ;location.href 跳转 echo '<script>alert("请先登录");location.href="login.php"</script>'; }