下面用实例来演示一下如何用cookie和session来实现用户登录:
一、cookie实现用户登录
网站根目录下面有个inc目录,是存放一些公共配置文件的
inc目录下的connect.php是数据库连接文件,代码如下:
<?php define('DB_HOST','localhost'); define('DB_USER','root'); define('DB_PASS','root'); define('DB_NAME','php'); define('DB_CHAR','utf8'); $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASS); if(mysqli_connect_errno($dbc)){ echo '连接失败'.mysqli_connect_error($dbc); } mysqli_select_db($dbc,DB_NAME); mysqli_set_charset($dbc,DB_CHAR);
inc目录下的function.php是公共函数库,封装了一些常用方法
<?php //公共函数库 /* *用户自定义跳转地址 */ function redirect_user($page = 'index.php') { $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); $url = rtrim($url,'/\\'); $url .= '/'.$page; header('Location:'.$url); exit(); } /* *验证用户登录 */ function check_login($dbc,$email='',$password='') { $errors = []; //验证邮箱 if(empty($email)){ $errors[]='邮箱地址不能为空'; }else{ $e = mysqli_real_escape_string($dbc,trim($email)); } //验证密码 if(empty($password)){ $errors[] = '密码不能为空'; }else{ $p = mysqli_real_escape_string($dbc,trim($password)); } //非空验证通过 if(empty($errors)){ $sql = "SELECT `user_id`,`user_name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p')"; $res = mysqli_query($dbc,$sql); if(mysqli_num_rows($res)==1){ $row = mysqli_fetch_array($res,MYSQLI_ASSOC); return[true,$row]; }else{ $errors[]='邮箱和密码不正确,请重新输入'; } } return[false,$errors]; }
inc目录下有个header.php,是网站的头部文件,代码如下:
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script type="text/javascript" src="http://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js"></script> <script src="https://cdn.bootcss.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <title><?php echo isset($page_title) ? $page_title : '默认标题'; ?></title> </head> <body> <nav class="navbar navbar-default"> <div> <!-- Brand and toggle get grouped for better mobile display --> <div> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span>Toggle navigation</span> <span></span> <span></span> <span></span> </button> <a href="#">Brand</a> </div> <!-- Collect the nav links, forms, and other content for toggling --> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <ul class="nav navbar-nav"> <li><a href="index.php">首页 <span>(current)</span></a></li> <li><a href="#">Link</a></li> </ul> <form class="navbar-form navbar-left"> <div> <input type="text" placeholder="Search"> </div> <button type="submit" class="btn btn-default">Submit</button> </form> <ul class="nav navbar-nav navbar-right"> <li><?php if((isset($_COOKIE['user_id']))&&basename($_SERVER['PHP_SELF'])!='logout.php'){ echo '<a href="logout.php">退出</a>'; }else{ echo '<a href="login.php">登录</a>'; } ?></li> </ul> </div><!-- /.navbar-collapse --> </div><!-- /.container-fluid --> </nav>
inc目录下的footer.php是网站底部文件,代码如下:
<div style="background-color:gray;color: white;text-align: center;width: 100%;height: 50px;position: fixed;bottom: 0;"><p>ALL Rights Reserved 版权所有:<a href="">php中文网</a></p>备案号:皖B2-20150071-9</div> </body> </html>
网站根目录下的index.php,是网站的首页文件,代码如下:
<?php $page_title = '首页'; include('inc/header.php'); echo '<div style="width:100%;height:825px;background-color:skyblue;">首页主体</div>'; include('inc/footer.php');
网站根目录下的login.php,是用户登录文件,代码如下:
<?php if($_SERVER['REQUEST_METHOD']=='POST'){ //加载公共函数库 require('inc/function.php'); //连接数据库 require('inc/connect.php'); //验证登录 list($check,$data) = check_login($dbc,$_POST['email'],$_POST['password']); //验证通过 if($check){ //设置cookies setcookie('user_id',$data['user_id']); setcookie('user_name',$data['user_name']); //跳转页面 redirect_user('loggedin.php'); }else{ //验证失败 $errors = $data; } //关闭数据库连接 mysqli_close($dbc); } //加载 include('login_page.php');
网站根目录下的login_page.php是用户登录文件,代码如下:
<?php $page_title = '用户登录'; //加载头部文件 include('inc/header.php'); //打印出错信息 if(isset($errors)&&!empty($errors)){ $errors_msg = '<p style="color:red">'; foreach ($errors as $msg) { $errors_msg .= $msg.'<br>'; } echo $errors_msg.'</p>'; } ?> <div style="text-align: center;margin-top: 200px;"> <h3 style="color: red">用户登录</h3> <form action="login.php" method="post"> <p> <label for="email">邮箱:</label> <input type="email" name="email" id="email" value="<?php echo isset($_POST['email'])?$_POST['email']:'';?>" style="width: 200px;height: 30px;"> </p> <p> <label for="password">密码:</label> <input type="password" name="password" id="password" value="<?php echo isset($_POST['password'])?$_POST['password']:'' ?>" style="width: 200px;height: 30px;"> </p> <p><button type="submit" name="submit" id="submit" style="background-color: lightgreen;color: white;width: 50px;height: 30px">登录</button></p> </form> </div> <?php include('inc/footer.php');?>
网站根目录下的loggedin.php是登录成功后的页面文件,代码如下:
<?php if(!isset($_COOKIE['user_id'])){ require('inc/function.php'); redirect_user(); } $page_title = '已经登录'; include('inc/header.php'); echo <<<"WELCOME" <h2 style="color:red">登录成功</h2> <p>欢迎您:{$_COOKIE['user_name']}</p> WELCOME; include('inc/footer.php');
网站根目录下的logout.php是退出登录文件,代码如下:
<?php if(!isset($_COOKIE['user_id'])){ require('inc/function.php'); redirect_user(); }else{ setcookie('user_id','',time()-3600); setcookie('user_name','',time()-3600); } $page_title = '已经登录'; include('inc/header.php'); echo <<<"WELCOME" <h2 style="color:red">退出成功</h2> <p><a href="login.php">登录</a></p> WELCOME; include('inc/footer.php');
运行结果:
二、用session实现用户登录
网站根目录下面有个inc目录,是存放一些公共配置文件的
inc目录下的connect.php是数据库连接文件,代码如下:
<?php //创建连接参数: 因为连接参数不会经常变化,所以推荐使用常量 define ('DB_HOST', 'localhost'); define ('DB_USER', 'root'); define ('DB_PASS', 'root'); define ('DB_NAME', 'php'); define ('DB_CHAR', 'utf8'); $dbc = @mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); //连接失败一定会返回错误编号,可以根据编号判断,也可用 $db是否为false进行判断 if (mysqli_connect_errno($dbc)) { echo '连接失败'.mysqli_connect_error($dbc); } mysqli_select_db($dbc, DB_NAME); //选择要操作的数据库 mysqli_set_charset($dbc, DB_CHAR); //设置客户端默认字符编码集
inc目录下的function.php是公共函数库,封装了一些常用方法
<?php //登录公共函数库 /** * 用户自定义跳转地址 * @param string $page */ function redirect_user($page = 'index.php') { //默认url格式 $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); //如果有,去掉url右侧的斜线 $url = rtrim($url, '/\\'); //添加上当前的脚本名称,默认为:index.php $url .= '/'.$page; //跳转到指定目标地址 header('Location:'. $url); //退出当前函数,这是一个好习惯,否则后面代码仍会执行,仅仅不会在当前页面输出罢了 exit(); } /** * 验证用户登录 * @param $dbc * @param string $email * @param string $password */ function check_login($dbc, $email='', $password='') { //初始化错误信息数组 $errors = []; //验证邮箱 if (empty($email)) { $errors[] = '邮箱地址不能为空'; } else { //mysqli_real_escape_string():转义字符串的特殊字符 $e = mysqli_real_escape_string($dbc, trim($email)); } //验证密码 if (empty($password)) { $errors[] = '密码不能为空'; } else { $p = mysqli_real_escape_string($dbc, trim($password)); } //非空验证通过,即$error数组为空 if (empty($errors)) { //根据邮箱与密码来查询用户id与用户名 $sql = "SELECT `user_id`,`user_name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p') "; //执行查询 $res = mysqli_query($dbc, $sql); //查询成功应该返回唯一一条记录 if (mysqli_num_rows($res) == 1) { //将查询结果解析到数组中 $row = mysqli_fetch_array($res, MYSQLI_ASSOC); //返回查询结果 // print_r($row);exit(); return [true, $row]; } else { //查询失败 $errors[] = '邮箱或密码不正确,请重新输入'; } } return [false, $errors]; }
inc目录下有个header.php,是网站的头部文件,代码如下:
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script type="text/javascript" src="http://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js"></script> <script src="https://cdn.bootcss.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <title><?php echo isset($page_title) ? $page_title : '默认标题'; ?></title> </head> <body> <nav class="navbar navbar-default"> <div> <!-- Brand and toggle get grouped for better mobile display --> <div> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false"> <span>Toggle navigation</span> <span></span> <span></span> <span></span> </button> <a href="#">Brand</a> </div> <!-- Collect the nav links, forms, and other content for toggling --> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <ul class="nav navbar-nav"> <li><a href="index.php">首页 <span>(current)</span></a></li> <li><a href="#">Link</a></li> </ul> <form class="navbar-form navbar-left"> <div> <input type="text" placeholder="Search"> </div> <button type="submit" class="btn btn-default">Submit</button> </form> <ul class="nav navbar-nav navbar-right"> <li> <?php if ((isset($_SESSION['user_id'])) && basename($_SERVER['PHP_SELF']) != 'logout.php') { echo '<a href="logout.php">退出</a>'; } else { echo '<a href="login.php">登录</a>'; } ?> </li> </ul> </div><!-- /.navbar-collapse --> </div><!-- /.container-fluid --> </nav>
inc目录下的footer.php是网站底部文件,代码如下:
<div style="background-color:gray;color: white;text-align: center;width: 100%;height: 50px;position: fixed;bottom: 0;"><p>ALL Rights Reserved 版权所有:<a href="">php中文网</a></p>备案号:皖B2-20150071-9</div> </body> </html>
网站根目录下的index.php,是网站的首页文件,代码如下:
<?php session_start(); //开启会话 $page_title = '首页'; include ('inc/header.php'); echo '<div style="width:100%;height:825px;background-color:skyblue;">首页主体</div>'; include ('inc/footer.php');
网站根目录下的login.php,是用户登录文件,代码如下:
<?php //开启会话 session_start(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { //加载公共函数库 require ('inc/function.php'); //连接数据库 require ('inc/connect.php'); //验证登录 //$check=true/false; $data=['user_id'=>$user_id, 'user_name'=>$user_name]; list($check, $data) = check_login($dbc, $_POST['email'], $_POST['password']); //验证通过 if ($check) { //设置cookies // setcookie('user_id', $data['user_id']); // setcookie('user_name', $data['user_name']); //设置session会话 $_SESSION['user_id'] = $data['user_id']; $_SESSION['user_name'] = $data['user_name']; //跳转页面 redirect_user('loggedin.php'); } else { //验证失败 $errors = $data; } //关闭数据库连接 mysqli_close($dbc); } //加载 include('login_page.php');
网站根目录下的login_page.php是用户登录文件,代码如下:
<?php /** * 登录页面并报告错误 * 设置当前页面的标题 * 在login.php中调用 */ $page_title = '用户登录'; //加载头部文件 include('inc/header.php'); //打印错误信息 if (isset($errors) && !empty($errors)) { $errors_msg = '<p style="color:red">'; foreach ($errors as $msg) { $errors_msg .= $msg.'<br>'; } echo $errors_msg.'</p>'; } ?> <div style="text-align: center;margin-top: 200px;"> <h3 style="color:red">用户登录</h3> <form action="login.php" method="post"> <p> <label for="email">邮箱:</label> <!--使用粘性表单技术在文本框中显示用户之前输入的内容,提升用户体验--> <input type="email" name="email" id="email" value="<?php echo isset($_POST['email'])?$_POST['email']:'' ?>"> </p> <p> <label for="password">密码:</label> <input type="password" name="password" id="password" value="<?php echo isset($_POST['password'])?$_POST['password']:'' ?>"> </p> <p><button type="submit" name="submit" id="submit">登录</button></p> </form> </div> <?php include ('inc/footer.php'); //加载底部 ?>
网站根目录下的loggedin.php是登录成功后的页面文件,代码如下:
<?php //开启会话 session_start(); //if (!isset($_COOKIE['user_id'])) { if (!isset($_SESSION['user_id'])) { require ('inc/function.php'); //跳转到默认首页 redirect_user(); } //如果已经登录 //设置页面标题 $page_title = '已经登录'; include ('inc/header.php'); //打印欢迎信息,并提供退出功能 echo <<< "WELCOME" <h2 style="color:red">登陆成功</h2> <p>欢迎您: {$_SESSION['user_name']}</p> WELCOME; //加载底部 include ('inc/footer.php');
网站根目录下的logout.php是退出登录文件,代码如下:
<?php //开启会话 session_start(); if (!isset($_SESSION['user_id'])) { require ('inc/function.php'); //跳转到默认首页 redirect_user(); } else { //删除cookies // setcookie('user_id', '', time()-3600); // setcookie('user_name','', time()-3600); //删除会话 $_SESSION = []; session_destroy(); setcookie('PHPSESSID', '', time()-3600); } //设置页面标题 $page_title = '已经登录'; include ('inc/header.php'); //打印退出信息,并提供登录功能 echo <<< "WELCOME" <h2 style="color:red">退出成功</h2> <p><a href="login.php">登录</a></p> WELCOME; include ('inc/footer.php');
运行结果和上面cookie登录一样,就不一一截图了。