防止cookie欺騙,實現(xiàn)7天自動登錄
1.checkLogin.php:驗證登錄文件
<?phpheader('content-type:text/html;charset=utf-8');require './config.php';$username = $_POST['uname'];$password = md5($_POST['pwd']);$islogin = $_POST['islogin'];$sql = "SELECT * FROM `mu_user` WHERE `username`=? AND `password`=? ";$stm = $pdo -> prepare($sql);$stm ->bindParam(1,$username);$stm ->bindParam(2,$password);$stm ->execute();$res = $stm->fetch(PDO::FETCH_ASSOC);if($stm->rowCount() == 1){ //驗證成功 clearCookie(); if($islogin==1){ //記住密碼 setcookie("username",$res['username'],strtotime('+7 days')); $token = settoken($res['username'],$res['password'],$res['id']); setcookie("token",$token,strtotime('+7 days')); }else{ // 無記住密碼 setcookie("username",$res['username']); $token = settoken($res['username'],$res['password'],$res['id']); setcookie("token",$token); } exit(" <script> alert('登錄成功�����!'); location.href ='index.php'; </script> ");}else{ //驗證失敗 exit(" <script> alert('用戶名或密碼有誤�����!'); location.href ='login.php'; </script> ");}//清除cookiefunction clearCookie(){ setcookie("username",'',time()-1800); setcookie("token",'',time()-1800);}//設置tokenfunction settoken($username,$password,$id){ $salk = "czx"; $token = md5($salk.$username.$password)."*".$id; return $token;}
2.config.php:數(shù)據(jù)庫配置文件及連接
<?php//主機地址define("DB_HOST","localhost");//數(shù)據(jù)庫用戶名define("DB_USER","root");//數(shù)據(jù)庫密碼define("DB_PASSWORD","root123");// 數(shù)據(jù)庫型號define("DB_TYPE","mysql");// 數(shù)據(jù)庫名稱define("DB_NAME","my_user");//數(shù)據(jù)庫編碼define('DB_CHARSET', 'utf8');//數(shù)據(jù)庫端口號define('DB_PORT', '3306');//定義PDO的DSN,數(shù)據(jù)源名�,包括主機名,端口號和數(shù)據(jù)庫名稱���。define('DSN', DB_TYPE.":host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET);try{ //連接數(shù)據(jù)款 $pdo = new PDO(DSN,DB_USER,DB_PASSWORD);} catch(PDOException $e){ //捕捉特定于數(shù)據(jù)庫信息的PDOEXCEPTION 異常 echo $e->getMessage();} catch(Throwable $e){ //捕捉擁有Throwable接口的錯誤或者其他異常 echo $e->getMessage();}
3.login.php:登錄頁面文件
<?php if($_GET['act'] == 'out'){ setcookie("username",'',time()-1800); setcookie("token",'',time()-1800); } $token = $_COOKIE['token']; $username = $_COOKIE['username']; if(!empty($username) &&!empty($token)&& ($_GET['act'] != 'out')){ exit(" <script> alert('用戶已登錄�,請直接訪問���!'); location.href ='index.php'; </script> "); }?><!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>登錄</title></head><style> *{ margin: 0px; padding: 0; } .contater { border: 1px solid #000; width: 300px; display: flex; flex-direction: column; margin: auto; } .contater>div { margin-top: 20px; } h3 { text-align: center; } .contater > .submit >input{ margin: 15px 140px; font-size: 1.5rem; }</style><body><h3 >登錄</h3> <form action="checkLogin.php" method="post"> <div class="contater"> <div> <span>用戶名:</span> <input type="text" name="uname"> </div> <div> <span>密 碼:</span> <input type="password" name="pwd"> </div> <div> <input type="radio"" name="islogin" value="1"> <span>記住密碼</span> </div> <div class="submit"> <input type="submit" value="登錄"> </div> </div> </form></body></html>
4.index.php:首頁文件
<?php $token = $_COOKIE['token']; $token_arr = explode("*",$token); $uid = end($token_arr);//獲取用戶id require "./config.php"; $sql = "SELECT * FROM `mu_user` WHERE `id`=?"; $stm = $pdo ->prepare($sql); $stm ->bindParam(1,$uid); $stm ->execute(); $result =$stm->fetch(PDO::FETCH_ASSOC); if($stm->rowCount()==1){ $salk = "czx"; $token_res = md5($salk.$result['username'].$result['password']); if($token_res != $token_arr[0]){ exit(" <script> alert('請先登錄'); loction.href ='login.php'; </script> "); } }else{ exit(" <script> alert('請您先登錄'); location.href='login.php'; </script> "); }?><!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>首頁</title> </head> <style> * { margin: 0px; padding: 0px; box-sizing: border-box; } h1 { text-align: center; } a { text-decoration: none; font-size: 1.5rem; color: darkgray; } a:hover { background-color: lightskyblue; border-radius: 5%; /* font-size: 2rem; */ } li { list-style-type: none; color: darkgray; } span { color: darkgray; font-size: 1.5rem; margin-right: 15px; color:burlywood } .top { /* width: 960px; */ background-color: linen; display: flex; flex-flow: row nowrap; justify-content: space-between; } .top > div { margin: 10px 40px; } .column { /* width: 960px; */ display: flex; flex-flow: row nowrap; justify-content: space-around; } .column > li { margin-right: 65px; padding: 0px 20px; } </style> <body> <h1>陶轉轉首頁</h1> <div class="top"> <div> <ul class="column"> <li><a href="">LOGO</a></li> <li><a href="">首頁</a></li> <li><a href="">分類一</a></li> </ul> </div> <div> <span>歡迎您,<?php echo $result['username'];?></span> <a href="./login.php?act=out">退出</a> </div> </div> </body></html>
批改老師:
天蓬老師
批改狀態(tài):合格
老師批語:沒有絕對安全的登錄,但我們可以做到盡可能的安全
收藏
