一、cookie会话会员登陆验证
网站页面实例
<?php //公共头部 $page_title="网站首页"; include 'inc/header.php'; echo '<h3 style="color:goldenrod;"> 首页</h3>'; //判定用户登陆 if (isset($_COOKIE['id']) && $_SERVER['PHP_SELF'] != 'logout.php'){ echo '<a href="logout.php">退出</a>'; echo basename($_SERVER['PHP_SELF']); }else { echo '<a href="login.php">登陆</a>'; } //导入页面的公共底部 include 'inc/footer.php';
运行实例 »点击 "运行实例" 按钮查看在线实例
登陆页login.php实例
<?php if($_SERVER['REQUEST_METHOD'] == 'POST'){ //加载函数库 require 'inc/function.php'; //链接数据库 require 'inc/conncet.php'; //验证登陆 list($check, $data) = check_login($dbc,$_POST['email'],$_POST['password']); //检测是否通过验证 if($check) { //设置cookie setcookie('id',$data['id']); setcookie('name',$data['name']); //跳转 redirect_user('loggedin.php'); }else{ $errors = $data; } //关闭 mysqli_close($dbc); } include "login_page.php"; ?>
运行实例 »点击 "运行实例" 按钮查看在线实例
login_page.php实例
<?php $page_title="用户登陆"; include "inc/header.php"; //错误提示 if (isset($errors) && !empty($errors)){ $errors_msg = '<p style="color: red">'; foreach ($errors as $msg) { $errors_msg .=$msg .'<br>'; } echo $errors_msg.'</p>'; } ?> <h2 style="color:#ff00ff">用户登陆</h2> <form action="login.php" method="post"> <p> <label for="email">邮箱:</label> <input type="email" name="email" id="email" value="<?php echo isset($_POST['email']) ? $_POST['email'] : '';?>"> </p> <p> <label for="password">密码:</label> <input type="password" name="password" id="password" value="<?php echo isset($_POST['password']) ? $_POST['password'] : '';?>"> </p> <p> <button type="submit" name="submit" id="submit">登陆</button> </p> </form> <?php include "inc/footer.php"; ?>
运行实例 »点击 "运行实例" 按钮查看在线实例
登陆成功后的页面loggedin.php实例
<?php
//登陆成功页
if(!isset($_COOKIE['id'])) {
require_once 'inc/function.php';
redirect_user();
}
$page_title='登陆成功';
include 'inc/header.php';
//heredoc
echo <<<"EILCOME"
<h2 style="color: #0388f1">登陆成功</h2>
<p>hello {$_COOKIE['name']}</p>
<a href="logout.php">退出</a>
EILCOME;
include 'inc/footer.php';运行实例 »
点击 "运行实例" 按钮查看在线实例
logout退出页实例
<?php
//退出登陆 页
if(!isset($_COOKIE['id'])) {
require_once 'inc/function.php';
redirect_user();
}else{
//退出登陆,删除cookie
setcookie('id','',time()-3600);
setcookie('name','',time()-3600);
}
$page_title='登陆成功';
include 'inc/header.php';
//heredoc
echo <<<"EILCOME"
<h2 style="color: #0388f1">退出成功</h2>
<a href="login.php">登陆</a>
EILCOME;
include 'inc/footer.php';运行实例 »
点击 "运行实例" 按钮查看在线实例
inc目录下的公共文件
1.数据库连接 conncet.php 页面主要实现数据库连接和检测
<?php
//链接数据库
$dbc = mysqli_connect('127.0.0.1','root','admin','php');
//判断连接是否成功
if(mysqli_connect_errno()){
die('连接失败'.mysqli_connect_error());
}
2.会员登陆所用的公共函数文件function.php
<?php
/**公共函数库 */
//用户登陆成功后的跳转
function redirect_user($page='index.php'){
//默认url
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
//去掉URL右侧的斜线
$url = rtrim($url,'/\\');
// windows \ linux mac /
//i增加当前脚本名称
$url .= '/'.$page;
//跳转到指定的地址
header('Location:'.$url);
exit();
}
function check_login($dbc, $email='', $password)
{
// print_r($_POST);
//初始一个保存错误信息的数组
$error = [];
// 非空难验证
if (empty($email)) {
$errors[] = '邮箱不能为空';
}else{
$e = mysqli_real_escape_string($dbc,trim($email)); //mysqli_real_escape_string 特殊字符转义 trim 清除空格
}
if (empty($password)) {
$errors[] = '密码不能为空';
}else{
$p = mysqli_real_escape_string($dbc,trim($password)); //mysqli_real_escape_string 特殊字符转义 trim 清除空格
}
//到表中进行数据验证
if(empty($errors)) {
// 根据邮箱和密码进行验证,并返回ID,NAME
$sql = "SELECT `id`,`name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p')";
$res=mysqli_query($dbc,$sql);
if(mysqli_num_rows($res) == 1){
$row=mysqli_fetch_array($res,MYSQLI_ASSOC);
//返回查询结果
return [true, $row];
}else{
$errors[] = '邮箱或密码不对';
}
}
return [false, $errors];
}
3.公共头部header.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title><?php
isset($page_title) ? $page_title : '默认标题';
?></title>
</head>
<body>
<h2 style="color: #0388f1 ">我是公共头部</h2>
4.公共尾部footer.php
<h2 style="color: #0388f1">我是公共尾部</h2>
</body>
</html>二、session会话 会员登陆验证
会员登陆首页
<?php
session_start();//开启session会话
//公共头部
$page_title="网站首页";
include 'inc/header.php';
echo '<h3 style="color:goldenrod;"> 首页</h3>';
//判定用户登陆
if (isset($_SESSION['id']) && $_SERVER['PHP_SELF'] != 'logout.php'){
echo '<a href="logout.php">退出</a>';
//echo basename($_SERVER['PHP_SELF']);
}else
{
echo '<a href="login.php">登陆</a>';
}
//导入页面的公共底部
include 'inc/footer.php';运行实例 »
点击 "运行实例" 按钮查看在线实例
登陆成功后的页面loggedin.php
<?php
session_start();
//登陆成功页
if(!isset($_SESSION['id'])) {
require_once 'inc/function.php';
redirect_user();
}
$page_title='登陆成功';
include 'inc/header.php';
//heredoc
echo <<<"EILCOME"
<h2 style="color: #0388f1">登陆成功</h2>
<p>hello {$_SESSION['name']}</p>
<a href="logout.php">退出</a>
EILCOME;
include 'inc/footer.php';运行实例 »
点击 "运行实例" 按钮查看在线实例
会员登陆页login.php
<?php
session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST'){
//加载函数库
require 'inc/function.php';
//链接数据库
require 'inc/conncet.php';
//验证登陆
list($check, $data) = check_login($dbc,$_POST['email'],$_POST['password']);
//检测是否通过验证
if($check) {
//设置session
$_SESSION['id']=$data['id'];
$_SESSION['name']=$data['name'];
//跳转
redirect_user('loggedin.php');
}else{
$errors = $data;
}
//关闭
mysqli_close($dbc);
}
include "login_page.php";
?>运行实例 »
点击 "运行实例" 按钮查看在线实例
login_page.php实际的会员登陆表单提交页
<?php
$page_title="用户登陆";
include "inc/header.php";
//错误提示
if (isset($errors) && !empty($errors)){
$errors_msg = '<p style="color: red">';
foreach ($errors as $msg) {
$errors_msg .=$msg .'<br>';
}
echo $errors_msg.'</p>';
}
?>
<h2 style="color:#ff00ff">用户登陆</h2>
<form action="login.php" method="post">
<p>
<label for="email">邮箱:</label>
<input type="email" name="email" id="email" value="<?php echo isset($_POST['email']) ? $_POST['email'] : '';?>">
</p>
<p>
<label for="password">密码:</label>
<input type="password" name="password" id="password" value="<?php echo isset($_POST['password']) ? $_POST['password'] : '';?>">
</p>
<p>
<button type="submit" name="submit" id="submit">登陆</button>
</p>
</form>
<?php
include "inc/footer.php";
?>运行实例 »
点击 "运行实例" 按钮查看在线实例
登陆退出页logout.php
<?php
//退出登陆 页
session_start();
if(!isset($_SESSION['id'])) {
require_once 'inc/function.php';
redirect_user();
}else{
//退出登陆,删除session
// setcookie('id','',time()-3600);
// setcookie('name','',time()-3600);
session_destroy();
setcookie('PHPSESSID','',time()-3600);
}
$page_title='退出成功';
include 'inc/header.php';
//heredoc
echo <<<"EILCOME"
<h2 style="color: #0388f1">退出成功</h2>
<a href="login.php">登陆</a>
EILCOME;
include 'inc/footer.php';运行实例 »
点击 "运行实例" 按钮查看在线实例
inc/目录下的公共调用文件
1.connect.php 数据库连接页
<?php
//链接数据库
$dbc = mysqli_connect('127.0.0.1','root','admin','php');
//判断连接是否成功
if(mysqli_connect_errno()){
die('连接失败'.mysqli_connect_error());
}
<?php
/**公共函数库 */
//用户登陆成功后的跳转
function redirect_user($page='index.php'){
//默认url
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
//去掉URL右侧的斜线
$url = rtrim($url,'/\\');
// windows \ linux mac /
//i增加当前脚本名称
$url .= '/'.$page;
//跳转到指定的地址
header('Location:'.$url);
exit();
}
function check_login($dbc, $email='', $password)
{
// print_r($_POST);
//初始一个保存错误信息的数组
$error = [];
// 非空难验证
if (empty($email)) {
$errors[] = '邮箱不能为空';
}else{
$e = mysqli_real_escape_string($dbc,trim($email)); //mysqli_real_escape_string 特殊字符转义 trim 清除空格
}
if (empty($password)) {
$errors[] = '密码不能为空';
}else{
$p = mysqli_real_escape_string($dbc,trim($password)); //mysqli_real_escape_string 特殊字符转义 trim 清除空格
}
//到表中进行数据验证
if(empty($errors)) {
// 根据邮箱和密码进行验证,并返回ID,NAME
$sql = "SELECT `id`,`name` FROM `user` WHERE `email`='$e' AND `password`=sha1('$p')";
$res=mysqli_query($dbc,$sql);
if(mysqli_num_rows($res) == 1){
$row=mysqli_fetch_array($res,MYSQLI_ASSOC);
//返回查询结果
return [true, $row];
}else{
$errors[] = '邮箱或密码不对';
}
}
return [false, $errors];
}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title><?php
isset($page_title) ? $page_title : '默认标题';
?></title>
</head>
<body>
<h2 style="color: #0388f1 ">我是公共头部</h2>
<h2 style="color: #0388f1">我是公共尾部</h2>
</body>
</html>运行实例 »
点击 "运行实例" 按钮查看在线实例
cookie和session会话优缺点
总结:会员登陆验证通过cookie和session都可以实现,cookie是保存在用户端,session保存在服务器端。
1.cookie如果没有设置有效期默认 页面关闭时当前的cookie就将结束,凡知如果设置了有效期则在不清空cookie的情况下,下次再打开会自动调用。
2.session是保存在服务器相比cookie更加安全一些,默认有效期是29分钟可以php.ini中修改过期时间和session的保存目录。
