下面用实例来演示一下如何用cookie和session来实现用户登录:
一、cookie实现用户登录
网站根目录下面有个inc目录,是存放一些公共配置文件的
inc目录下的connect.php是数据库连接文件,代码如下:
<?php
define('DB_HOST','localhost');
define('DB_USER','root');
define('DB_PASS','root');
define('DB_NAME','php');
define('DB_CHAR','utf8');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASS);
if(mysqli_connect_errno($dbc)){
echo '连接失败'.mysqli_connect_error($dbc);
}
mysqli_select_db($dbc,DB_NAME);
mysqli_set_charset($dbc,DB_CHAR);inc目录下的function.php是公共函数库,封装了一些常用方法
<?php
//公共函数库
/*
*用户自定义跳转地址
*/
function redirect_user($page = 'index.php')
{
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url = rtrim($url,'/\\');
$url .= '/'.$page;
header('Location:'.$url);
exit();
}
/*
*验证用户登录
*/
function check_login($dbc,$email='',$password='')
{
$errors = [];
//验证邮箱
if(empty($email)){
$errors[]='邮箱地址不能为空';
}else{
$e = mysqli_real_escape_string($dbc,trim($email));
}
//验证密码
if(empty($password)){
$errors[] = '密码不能为空';
}else{
$p = mysqli_real_escape_string($dbc,trim($password));
}
//非空验证通过
if(empty($errors)){
$sql = "SELECT `user_id`,`user_name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p')";
$res = mysqli_query($dbc,$sql);
if(mysqli_num_rows($res)==1){
$row = mysqli_fetch_array($res,MYSQLI_ASSOC);
return[true,$row];
}else{
$errors[]='邮箱和密码不正确,请重新输入';
}
}
return[false,$errors];
}inc目录下有个header.php,是网站的头部文件,代码如下:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script type="text/javascript" src="http://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js"></script>
<script src="https://cdn.bootcss.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<title><?php echo isset($page_title) ? $page_title : '默认标题'; ?></title>
</head>
<body>
<nav class="navbar navbar-default">
<div>
<!-- Brand and toggle get grouped for better mobile display -->
<div>
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span>Toggle navigation</span>
<span></span>
<span></span>
<span></span>
</button>
<a href="#">Brand</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="index.php">首页 <span>(current)</span></a></li>
<li><a href="#">Link</a></li>
</ul>
<form class="navbar-form navbar-left">
<div>
<input type="text" placeholder="Search">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
<ul class="nav navbar-nav navbar-right">
<li><?php if((isset($_COOKIE['user_id']))&&basename($_SERVER['PHP_SELF'])!='logout.php'){
echo '<a href="logout.php">退出</a>';
}else{
echo '<a href="login.php">登录</a>';
} ?></li>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</nav>inc目录下的footer.php是网站底部文件,代码如下:
<div style="background-color:gray;color: white;text-align: center;width: 100%;height: 50px;position: fixed;bottom: 0;"><p>ALL Rights Reserved 版权所有:<a href="">php中文网</a></p>备案号:皖B2-20150071-9</div> </body> </html>
网站根目录下的index.php,是网站的首页文件,代码如下:
<?php
$page_title = '首页';
include('inc/header.php');
echo '<div style="width:100%;height:825px;background-color:skyblue;">首页主体</div>';
include('inc/footer.php');网站根目录下的login.php,是用户登录文件,代码如下:
<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
//加载公共函数库
require('inc/function.php');
//连接数据库
require('inc/connect.php');
//验证登录
list($check,$data) = check_login($dbc,$_POST['email'],$_POST['password']);
//验证通过
if($check){
//设置cookies
setcookie('user_id',$data['user_id']);
setcookie('user_name',$data['user_name']);
//跳转页面
redirect_user('loggedin.php');
}else{
//验证失败
$errors = $data;
}
//关闭数据库连接
mysqli_close($dbc);
}
//加载
include('login_page.php');网站根目录下的login_page.php是用户登录文件,代码如下:
<?php
$page_title = '用户登录';
//加载头部文件
include('inc/header.php');
//打印出错信息
if(isset($errors)&&!empty($errors)){
$errors_msg = '<p style="color:red">';
foreach ($errors as $msg) {
$errors_msg .= $msg.'<br>';
}
echo $errors_msg.'</p>';
}
?>
<div style="text-align: center;margin-top: 200px;">
<h3 style="color: red">用户登录</h3>
<form action="login.php" method="post">
<p>
<label for="email">邮箱:</label>
<input type="email" name="email" id="email" value="<?php echo isset($_POST['email'])?$_POST['email']:'';?>" style="width: 200px;height: 30px;">
</p>
<p>
<label for="password">密码:</label>
<input type="password" name="password" id="password" value="<?php echo isset($_POST['password'])?$_POST['password']:'' ?>" style="width: 200px;height: 30px;">
</p>
<p><button type="submit" name="submit" id="submit" style="background-color: lightgreen;color: white;width: 50px;height: 30px">登录</button></p>
</form>
</div>
<?php include('inc/footer.php');?>网站根目录下的loggedin.php是登录成功后的页面文件,代码如下:
<?php
if(!isset($_COOKIE['user_id'])){
require('inc/function.php');
redirect_user();
}
$page_title = '已经登录';
include('inc/header.php');
echo <<<"WELCOME"
<h2 style="color:red">登录成功</h2>
<p>欢迎您:{$_COOKIE['user_name']}</p>
WELCOME;
include('inc/footer.php');网站根目录下的logout.php是退出登录文件,代码如下:
<?php
if(!isset($_COOKIE['user_id'])){
require('inc/function.php');
redirect_user();
}else{
setcookie('user_id','',time()-3600);
setcookie('user_name','',time()-3600);
}
$page_title = '已经登录';
include('inc/header.php');
echo <<<"WELCOME"
<h2 style="color:red">退出成功</h2>
<p><a href="login.php">登录</a></p>
WELCOME;
include('inc/footer.php');运行结果:
二、用session实现用户登录
网站根目录下面有个inc目录,是存放一些公共配置文件的
inc目录下的connect.php是数据库连接文件,代码如下:
<?php
//创建连接参数: 因为连接参数不会经常变化,所以推荐使用常量
define ('DB_HOST', 'localhost');
define ('DB_USER', 'root');
define ('DB_PASS', 'root');
define ('DB_NAME', 'php');
define ('DB_CHAR', 'utf8');
$dbc = @mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
//连接失败一定会返回错误编号,可以根据编号判断,也可用 $db是否为false进行判断
if (mysqli_connect_errno($dbc)) {
echo '连接失败'.mysqli_connect_error($dbc);
}
mysqli_select_db($dbc, DB_NAME); //选择要操作的数据库
mysqli_set_charset($dbc, DB_CHAR); //设置客户端默认字符编码集inc目录下的function.php是公共函数库,封装了一些常用方法
<?php
//登录公共函数库
/**
* 用户自定义跳转地址
* @param string $page
*/
function redirect_user($page = 'index.php')
{
//默认url格式
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
//如果有,去掉url右侧的斜线
$url = rtrim($url, '/\\');
//添加上当前的脚本名称,默认为:index.php
$url .= '/'.$page;
//跳转到指定目标地址
header('Location:'. $url);
//退出当前函数,这是一个好习惯,否则后面代码仍会执行,仅仅不会在当前页面输出罢了
exit();
}
/**
* 验证用户登录
* @param $dbc
* @param string $email
* @param string $password
*/
function check_login($dbc, $email='', $password='')
{
//初始化错误信息数组
$errors = [];
//验证邮箱
if (empty($email)) {
$errors[] = '邮箱地址不能为空';
} else {
//mysqli_real_escape_string():转义字符串的特殊字符
$e = mysqli_real_escape_string($dbc, trim($email));
}
//验证密码
if (empty($password)) {
$errors[] = '密码不能为空';
} else {
$p = mysqli_real_escape_string($dbc, trim($password));
}
//非空验证通过,即$error数组为空
if (empty($errors)) {
//根据邮箱与密码来查询用户id与用户名
$sql = "SELECT `user_id`,`user_name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p') ";
//执行查询
$res = mysqli_query($dbc, $sql);
//查询成功应该返回唯一一条记录
if (mysqli_num_rows($res) == 1) {
//将查询结果解析到数组中
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
//返回查询结果
// print_r($row);exit();
return [true, $row];
} else { //查询失败
$errors[] = '邮箱或密码不正确,请重新输入';
}
}
return [false, $errors];
}inc目录下有个header.php,是网站的头部文件,代码如下:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script type="text/javascript" src="http://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js"></script>
<script src="https://cdn.bootcss.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<title><?php echo isset($page_title) ? $page_title : '默认标题'; ?></title>
</head>
<body>
<nav class="navbar navbar-default">
<div>
<!-- Brand and toggle get grouped for better mobile display -->
<div>
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span>Toggle navigation</span>
<span></span>
<span></span>
<span></span>
</button>
<a href="#">Brand</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="index.php">首页 <span>(current)</span></a></li>
<li><a href="#">Link</a></li>
</ul>
<form class="navbar-form navbar-left">
<div>
<input type="text" placeholder="Search">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
<ul class="nav navbar-nav navbar-right">
<li>
<?php
if ((isset($_SESSION['user_id'])) && basename($_SERVER['PHP_SELF']) != 'logout.php') {
echo '<a href="logout.php">退出</a>';
} else {
echo '<a href="login.php">登录</a>';
}
?>
</li>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</nav>inc目录下的footer.php是网站底部文件,代码如下:
<div style="background-color:gray;color: white;text-align: center;width: 100%;height: 50px;position: fixed;bottom: 0;"><p>ALL Rights Reserved 版权所有:<a href="">php中文网</a></p>备案号:皖B2-20150071-9</div> </body> </html>
网站根目录下的index.php,是网站的首页文件,代码如下:
<?php
session_start(); //开启会话
$page_title = '首页';
include ('inc/header.php');
echo '<div style="width:100%;height:825px;background-color:skyblue;">首页主体</div>';
include ('inc/footer.php');网站根目录下的login.php,是用户登录文件,代码如下:
<?php
//开启会话
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//加载公共函数库
require ('inc/function.php');
//连接数据库
require ('inc/connect.php');
//验证登录
//$check=true/false; $data=['user_id'=>$user_id, 'user_name'=>$user_name];
list($check, $data) = check_login($dbc, $_POST['email'], $_POST['password']);
//验证通过
if ($check) {
//设置cookies
// setcookie('user_id', $data['user_id']);
// setcookie('user_name', $data['user_name']);
//设置session会话
$_SESSION['user_id'] = $data['user_id'];
$_SESSION['user_name'] = $data['user_name'];
//跳转页面
redirect_user('loggedin.php');
} else {
//验证失败
$errors = $data;
}
//关闭数据库连接
mysqli_close($dbc);
}
//加载
include('login_page.php');网站根目录下的login_page.php是用户登录文件,代码如下:
<?php
/**
* 登录页面并报告错误
* 设置当前页面的标题
* 在login.php中调用
*/
$page_title = '用户登录';
//加载头部文件
include('inc/header.php');
//打印错误信息
if (isset($errors) && !empty($errors)) {
$errors_msg = '<p style="color:red">';
foreach ($errors as $msg) {
$errors_msg .= $msg.'<br>';
}
echo $errors_msg.'</p>';
}
?>
<div style="text-align: center;margin-top: 200px;">
<h3 style="color:red">用户登录</h3>
<form action="login.php" method="post">
<p>
<label for="email">邮箱:</label>
<!--使用粘性表单技术在文本框中显示用户之前输入的内容,提升用户体验-->
<input type="email" name="email" id="email" value="<?php echo isset($_POST['email'])?$_POST['email']:'' ?>">
</p>
<p>
<label for="password">密码:</label>
<input type="password" name="password" id="password" value="<?php echo isset($_POST['password'])?$_POST['password']:'' ?>">
</p>
<p><button type="submit" name="submit" id="submit">登录</button></p>
</form>
</div>
<?php include ('inc/footer.php'); //加载底部 ?>网站根目录下的loggedin.php是登录成功后的页面文件,代码如下:
<?php
//开启会话
session_start();
//if (!isset($_COOKIE['user_id'])) {
if (!isset($_SESSION['user_id'])) {
require ('inc/function.php');
//跳转到默认首页
redirect_user();
}
//如果已经登录
//设置页面标题
$page_title = '已经登录';
include ('inc/header.php');
//打印欢迎信息,并提供退出功能
echo <<< "WELCOME"
<h2 style="color:red">登陆成功</h2>
<p>欢迎您: {$_SESSION['user_name']}</p>
WELCOME;
//加载底部
include ('inc/footer.php');网站根目录下的logout.php是退出登录文件,代码如下:
<?php
//开启会话
session_start();
if (!isset($_SESSION['user_id'])) {
require ('inc/function.php');
//跳转到默认首页
redirect_user();
} else {
//删除cookies
// setcookie('user_id', '', time()-3600);
// setcookie('user_name','', time()-3600);
//删除会话
$_SESSION = [];
session_destroy();
setcookie('PHPSESSID', '', time()-3600);
}
//设置页面标题
$page_title = '已经登录';
include ('inc/header.php');
//打印退出信息,并提供登录功能
echo <<< "WELCOME"
<h2 style="color:red">退出成功</h2>
<p><a href="login.php">登录</a></p>
WELCOME;
include ('inc/footer.php');运行结果和上面cookie登录一样,就不一一截图了。
