1/cookie&session
cookie保存在客户端
setcookie()设置,$_COOKIE[]读取,通过设置setcookie()内的第三个参数为之前的时间来删除cookie
session保存在服务端,更加安全
session_start()开启会话,$_SESSINO[]读取会话,设置$_SESSINO = []来删除会话,session_destroy()来删除服务端会话产生的临时文件,然后通过设置setcookie()内第三个参数为之前时间来删除客户端的cookie=PHPSESSID
2/通过cookie或者session来制作用户登陆的基本思路
1->登陆页面+公共头部和底部
2->登陆验证设计
3->制作自定义公公函数库
4->链接数据库
5->登陆验证
6->退出登陆
7->客户登陆状态判断,添加登陆或者退出链接
cookie
1/index.php
实例
<?php
$page_title = '首页';
include ('inc/header.php');
echo '<h3>我是首页</h3>';
if ((isset($_COOKIE['user_id'])) && $_SERVER['PHP_SELF'] != 'logout.php'){
echo '<a href="logout.php">退出</a>';
}else{
echo '<a href="login.php">登陆</a>';
}
include ('inc/footer.php');运行实例 »
点击 "运行实例" 按钮查看在线实例
2/login_page.php
实例
<?php
$page_title = '用户登陆';
include ('inc/header.php');
?>
<h3>用户登陆</h3>
<form action="login.php" method="post">
<p>
<label for="email">邮箱:</label>
<input type="email" name="email" id="email" value="">
</p>
<p>
<label for="password">密码:</label>
<input type="password" name="password" id="password" value="">
</p>
<p>
<button type="submit" name="submit" id="submit">登陆</button>
</p>
</form>
<?php
include ('inc/footer.php');
?>运行实例 »
点击 "运行实例" 按钮查看在线实例
3/login.php
实例
<?php
//未找出错误的代码
// if ($_SERVER['REQUEST_METHOD'] == 'POST'){
// require ('inc/function.php');
// require ('inc/connect.php');
// list($check, $data) = check_login($dbc,$_POST['email'], $_POST['password']);
// if ($check){
// setcookie('user_id',$data['user_id']);
// setcookie('user_name',$data['user_name']);
// redirect_user('loggedin.php');
// }else{
// $errors = $data;
// }
// mysqli_close($dbc);
// }
// include('login_page.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//加载公共函数库
require ('inc/function.php');
//连接数据库
require ('inc/connect.php');
//验证登录
//$check=true/false; $data=['user_id'=>$user_id, 'user_name'=>$user_name];
list($check, $data) = check_login($dbc, $_POST['email'], $_POST['password']);
//验证通过
if ($check) {
//设置cookies
setcookie('user_id', $data['user_id']);
setcookie('user_name', $data['user_name']);
//跳转页面
redirect_user('loggedin.php');
} else {
//验证失败
$errors = $data;
}
//关闭数据库连接
mysqli_close($dbc);
}
//加载
include('login_page.php');运行实例 »
点击 "运行实例" 按钮查看在线实例
4/loggedin.php
实例
<?php
if (!isset($_COOKIE['user_id'])) {
require ('inc/function.php');
//跳转到默认首页
redirect_user();
}
//如果已经登录
//设置页面标题
$page_title = '已经登录';
include ('inc/header.php');
//打印欢迎信息,并提供退出功能
echo <<< "WELCOME"
<h2 style="color:red">登陆成功</h2>
<p>欢迎您: {$_COOKIE['user_name']}</p>
<p><a href="logout.php">退出</a></p>
WELCOME;
//加载底部
include ('inc/footer.php');运行实例 »
点击 "运行实例" 按钮查看在线实例
5/logout.php
实例
<?php
if (!isset($_COOKIE['user_id'])){
require ('inc/function.php');
redirect_user();
}else {
setcookie('user_id','',time()-1);
setcookie('user_name','',time()-1);
}
$page_title = '已经登陆';
include ('inc/header.php');
echo <<< "WELCOME"
<h2 style="color:red">退出成功</h2>
<p><a href="login.php">登录</a></p>
WELCOME;
include ('inc/footer.php');运行实例 »
点击 "运行实例" 按钮查看在线实例
6/function.php
实例
<?php
// 自定义地址跳转
function redirect_user($page = 'index.php')
{
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url = rtrim($url,'/\\');
$url .='/'.$page;
header('Location:'. $url);
exit();
}
function check_login($dbc, $email='', $password='')
{
//初始化错误信息数组
$errors = [];
//验证邮箱
if (empty($email)) {
$errors[] = '邮箱地址不能为空';
} else {
//mysqli_real_escape_string():转义字符串的特殊字符
$e = mysqli_real_escape_string($dbc, trim($email));
}
//验证密码
if (empty($password)) {
$errors[] = '密码不能为空';
} else {
$p = mysqli_real_escape_string($dbc, trim($password));
}
//非空验证通过,即$error数组为空
if (empty($errors)) {
//根据邮箱与密码来查询用户id与用户名
$sql = "SELECT `user_id`,`user_name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p') ";
//执行查询
$res = mysqli_query($dbc, $sql);
//查询成功应该返回唯一一条记录
if (mysqli_num_rows($res) == 1) {
//将查询结果解析到数组中
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
//返回查询结果
// print_r($row);exit();
return [true, $row];
} else { //查询失败
$errors[] = '邮箱或密码不正确,请重新输入';
}
}
return [false, $errors];
}
// 验证用户登陆
// function check_login($dbc, $email='', $password='')
// {
// $errors = [];
// if(empty($email)){
// $errors[] = '邮箱不能为空';
// }else {
// $e = mysqli_real_escape_string($dbc,trim($email));
// }
// if(empty($password)){
// $errors[] = '密码不能为空';
// }else {
// $p = mysqli_real_escape_string($dbc,trim($password));
// }
// if (empty($errors)){
// $sql = "SELECT `user_id`,`user_name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p')";
// $res = mysqli_query($dbc, $sql);
// if(mysqli_num_row($res) == 1){
// $row = mysqli_fetch_array($res,MYSQLI_ASSOC);
// return [true, $row];
// }else{
// $errors[] = '邮箱或密码不正确,请重新输入';
// }
// }
// return [false, $errors];
// }运行实例 »
点击 "运行实例" 按钮查看在线实例
7/connect.php
实例
<?php
//因为测试本页有错误,检查多次后直接引用了老师的代码
//创建连接参数: 因为连接参数不会经常变化,所以推荐使用常量
define ('DB_HOST', 'localhost');
define ('DB_USER', 'root');
define ('DB_PASS', 'root');
define ('DB_NAME', 'php');
define ('DB_CHAR', 'utf8');
$dbc = @mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
//连接失败一定会返回错误编号,可以根据编号判断,也可用 $db是否为false进行判断
if (mysqli_connect_errno($dbc)) {
echo '连接失败'.mysqli_connect_error($dbc);
}
mysqli_select_db($dbc, DB_NAME); //选择要操作的数据库
mysqli_set_charset($dbc, DB_CHAR); //设置客户端默认字符编码集运行实例 »
点击 "运行实例" 按钮查看在线实例
8/header.php
实例
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title> <?php echo isset($page_title) ? $page_title : '默认标题'; ?> </title> </head> <body> <h3>我是头部</h3> <hr>
运行实例 »
点击 "运行实例" 按钮查看在线实例
9/footer.php
session
对index.php login.php loggedin.php logout.php 四个页面的cookie进行了修改