会话机制
1. cookie
http协议的无状态问题
服务器对用户访问的跟踪手段
$_COOKIE: 超全局变量数组
setcookie(): 设置客户端cookie
常用操作: 创建/读取/更新/删除
2. session
session_start(): 启动新会话或者重用现有会话
session_id(): 获取/设置当前会话 ID
session_save_path(): 读取/设置当前会话的保存路径
session_encode(): 将当前会话数据编码为一个字符串
session_decode: 解码会话数据
session_destroy(): 销毁一个会话中的全部数据,仅清空而已
session_unset(): 释放所有的会话变量
session_reset(): 回滚到上一次的会话
注意: 必须先执行session_start()开启会话才生效,且之前不能有输出
使用session的好处:能提高安全性,因为本地的cookie只存储服务session的ID,通过ID跟服务器交互获取存储再服务器的session的信息
login.php
<?php session_start(); //判断是否重复登录 if (isset($_SESSION['user_name'])){ header('location:index.php'); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>用户登录</title> <style> h3 { text-align: center; } div { width: 300px; height: 150px; /*background-color: lightblue;*/ margin: 0 auto; text-align: center; padding: 20px; border: 1px dashed #888; border-radius: 5%; } div input { border: none; border-bottom: 1px solid #333; } button:hover { cursor: pointer; background-color: lightblue; } .success { color: green; } .error { color: red; } </style> </head> <body> <h3>用户登录</h3> <div> <form name="user"> <p> <label>邮 箱: <input type="email" name="email" placeholder="name@example.com"> </label> </p> <p> <label>密 码: <input type="password" name="password" placeholder="******"> </label> </p> <p> <button type="button" onclick="check(this.form)">登录</button> </p> <!-- 提示信息占位符--> <p></p> </form> </div> <script> // 获取表单 var user = document.forms.namedItem('user'); var tips = user.lastElementChild; function addEvent(ele,tips,msg) { ele.addEventListener('blur', function (){ if (this.value.trim().length === 0) { tips.classList.add('error'); tips.innerHTML = msg; this.focus(); } },false); ele.addEventListener('keydown', function () { tips.innerText = ''; },false); } // 给邮箱和密码元素添加事件 addEvent(user.email, tips, '邮箱不能为空'); addEvent(user.password, tips, '密码不能为空'); // 邮箱与密码需要到数据表中验证,我们通过"Ajax"异步操作实现 function check(form) { var request = new XMLHttpRequest(); request.onreadystatechange = function () { if (request.readyState === 4 && request.status === 200) { // console.log(request.responseText); var data = JSON.parse(request.responseText); // 根据返回的状态,添加适当的class样式 if (data.status === 1) { // 移除之前的样式,确保现有样式有效,如果之前没有样式也不会报错的 tips.classList.remove('error'); // 为成功添加特殊样式,即绿色 tips.classList.add('success'); tips.innerText = data.message; // 2秒后跳转到上一个页面,即用户列表页 setTimeout(function (){ // 跳转到员工管理后台首页 location.href = 'index.php'; },2000); } // 没有更新或更新错误采用同一个样式 else { tips.classList.add('error'); tips.innerText = data.message; } } }; request.open('POST', 'check.php', true); request.setRequestHeader('content-type','application/x-www-form-urlencoded'); var data = 'email='+form.email.value.trim()+'&password='+form.password.value.trim(); request.send(data); } </script> </body> </html>
check.php
<?php session_start(); $status = 0;//默认为0,0为错误 $message = ''; if (empty($_POST['email'])){ $message = '邮箱不能为空'; exit(json_encode(['status'=>$status,'message'=>$message])); }else{ $email = strtolower(trim($_POST['email'])); } if (empty($_POST['password'])){ $message = '密码不能为空'; exit(json_encode(['status'=>$status,'message'=>$message])); }else{ $password = trim($_POST['password']); } if ($email && $password){ $pdo = new PDO('mysql:host=127.0.0.1;dbname=php','root','root'); $stmt = $pdo->prepare('SELECT COUNT(*) FROM `user` WHERE `email`=:email AND `password`=:password'); if($stmt->execute(['email'=>$email,'password'=>$password])){ if($stmt->fetchColumn(0)>0 ){ $stmt= $pdo->prepare('SELECT `id`,`name` FROM `user` WHERE `email`=:email AND `password`=:password'); $stmt->execute(['email'=>$email,'password'=>$password]); $user = $stmt->fetch(PDO::FETCH_ASSOC); $_SESSION['user_id'] = $user['id']; $_SESSION['user_name'] = $user['name']; //修改状态码 $status = 1; $message = '登录成功..'; exit(json_encode(['status'=>$status,'message'=>$message])); } else{ $message = '邮箱或密码错误'; exit(json_encode(['status'=>$status, 'message'=>$message])); } }else{ die(print_r($stmt->errorInfo()));//项目上线需隐藏报错信息 } }
logout.php
<?php session_start(); if (isset($_SESSION['user_name'])){ session_destroy();//销毁存放在服务器的一个会话中的全部数据 setcookie('PHPSESSID','',time()-3600,'/');//清空客户端cookie数据 header('location:login.php');//跳转函数header() }
Copyright 2014-2024 https://www.php.cn/ All Rights Reserved | php.cn | 湘ICP备2023035733号