使用cookie控制会话:
总共7个文件:
1.con_sql.php 目录 public/con_sql.php 连接sql :
<?php $host="localhost"; $user="abc"; $pwd="abc"; $db_name="test"; $conn= new mysqli($host,$user,$pwd,$db_name); !$conn->connect_error or die("数据库连接错误!!"); $conn->set_charset("utf8"); ?>
运行实例 »点击 "运行实例" 按钮查看在线实例
2.public/header.php和public/footer.php 引用的头部和底部:
<!DOCTYPE html> <head> <meta charset="utf-8"> <title><?php echo isset($page_title) ? $page_title : "登录模块"; ?></title> </head> <body> <header>我是头部</header><hr> --------------------------------------------------------------------- <hr><footer> 我是底部 </footer> </body>
运行实例 »点击 "运行实例" 按钮查看在线实例
3.index.php 首页:只有两个链接:
<?php $page_title = "首页";include "./public/header.php"?> <main> <?php if(@empty($_COOKIE['id']) || @empty($_COOKIE['name'])){ echo "<a href='./login.php'>登录</a>"; }else{ echo "<a href='./lgout.php'>退出</a>"; } ?> </main> <?php include "./public/footer.php"?>
运行实例 »点击 "运行实例" 按钮查看在线实例
4.login.php 登录页:
<?php $page_title = "登录页面";include "./public/header.php"?> <main> <form action="./handle.php" method="post"> 用户名:<input type="text" name="username" value="<?php echo isset($_GET['rename'])?$_GET['rename']:""?>" placeholder="请输入用户名"> <!-- 通过get获取传过来的name不用再次输入 --> 密码:<input type="password" name="pwd"> <input type="submit" value="登录"> <input type="reset" value="重置"> </form> </main> <?php include "./public/footer.php"?>
运行实例 »点击 "运行实例" 按钮查看在线实例
5.handle.php 处理登录的脚本:
<?php
//引入sql连接文件
require "./public/con_sql.php";
header("Content-type: text/html; charset=utf8");
//判断是不是post传值,判断username和pwd是否为空,若空则警告跳转
if($_SERVER['REQUEST_METHOD'] != "POST" || empty($_POST['username']) || empty($_POST['pwd'])){
echo "填写错误,请重新填写!";
header("Refresh:1;url=login.php");exit();
}
//处理name和pwd,防止sql注入
$name= mysqli_real_escape_string($conn,trim($_POST['username']));
$pwd= mysqli_real_escape_string($conn,trim($_POST['pwd']));
//使用预处理查询
$sql ="SELECT `id`,`password` FROM user WHERE `name`=? LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s',$name);
$res = $stmt->execute();
$stmt->bind_result($id,$password);
if($stmt->fetch()){$id;$password;}
//通过提交的name值去数据库中查出数据,在用查出的密码和传过来的pwd对比
//对比成功则设置cookie提示登录成功,若失败则跳转到登录页
if($pwd==$password){
echo "登录成功";
setcookie('name',$name,time()+3600);
setcookie('id',$id,time()+3600);
header("Refresh:1;url=index.php");
}else{
echo "登录失败,请重新登录!";
header("Refresh:1;url=login.php?rename=".urlencode($name));
}
$stmt->close();
$conn->close();
?>运行实例 »
点击 "运行实例" 按钮查看在线实例
6.lgout.php 退出登录,销毁cookie:
实例
<?php
//判断是否登录,未登录则跳转到登录页面
if(@empty($_COOKIE['id']) || @empty($_COOKIE['name'])){
echo "请先登录";
header("Refresh:1;url=login.php");exit();
}
//设置cookie失效
setcookie('name','',time()-60);
setcookie('id','',time()-60);
echo "退出登录,返回首页";
header("Refresh:1;url=index.php");
?>运行实例 »
点击 "运行实例" 按钮查看在线实例
2.使用session控制:
public中的内容不用变
首页index.php:
<?php $page_title = "首页";include "./public/header.php"?>
<main>
<?php
session_start();//开启session
if(!isset($_SESSION['id']) || !isset($_SESSION['name'])){
echo "<a href='./login.php'>登录</a>";
}else{
echo "<a href='./lgout.php'>退出</a>";
}
?>
</main>
<?php include "./public/footer.php"?>运行实例 »
登录页面也不用变
登录处理页面handle.php:
实例
<?php
//引入sql连接文件
require "./public/con_sql.php";
session_start();
header("Content-type: text/html; charset=utf8");
//判断是不是post传值,判断username和pwd是否为空,若空则警告跳转
if($_SERVER['REQUEST_METHOD'] != "POST" || empty($_POST['username']) || empty($_POST['pwd'])){
echo "填写错误,请重新填写!";
header("Refresh:1;url=login.php");exit();
}
//处理name和pwd,防止sql注入
$name= mysqli_real_escape_string($conn,trim($_POST['username']));
$pwd= mysqli_real_escape_string($conn,trim($_POST['pwd']));
//使用预处理查询
$sql ="SELECT `id`,`password` FROM user WHERE `name`=? LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s',$name);
$res = $stmt->execute();
$stmt->bind_result($id,$password);
if($stmt->fetch()){$id;$password;}
//通过提交的name值去数据库中查出数据,在用查出的密码和传过来的pwd对比
//对比成功则设置cookie提示登录成功,若失败则跳转到登录页
if($pwd==$password){
echo "登录成功";
$_SESSION['name']=$name;//设置session
$_SESSION['id']=$id;//设置session
header("Refresh:1;url=index.php");
}else{
echo "登录失败,请重新登录!";
header("Refresh:1;url=login.php?rename=".urlencode($name));
}
$stmt->close();
$conn->close();
?>运行实例 »
点击 "运行实例" 按钮查看在线实例
登出脚本 lgout.php:
实例
<?php
//判断是否登录,未登录则跳转到登录页面
session_start();
if(!isset($_SESSION['id']) || !isset($_SESSION['name'])){
echo "请先登录";
header("Refresh:1;url=login.php");exit();
}
//销毁session
session_destroy();
echo "退出登录,返回首页";
header("Refresh:1;url=index.php");
?>运行实例 »
点击 "运行实例" 按钮查看在线实例
3.cookie和session的区别:
cookie是存放在客 户的浏览器里的不占用服务器的内存,但安全性低,客 户可以伪造cookie。
session存储在服务器里的,安全性高,但session会占用服务器的内存,如果访问人数多,session存储的数据也多,服务器负载会很大。
