cookie,session,token����,是用戶認(rèn)證和跟蹤的三個(gè)主要工具�。
cookie存儲(chǔ)在瀏覽器端���,安全性比較低�,由用戶控制����。
session存儲(chǔ)在服務(wù)器端,主要基于cookie�。
而token在現(xiàn)在的移動(dòng)端非常常見(jiàn)。
下面簡(jiǎn)單演示session的用戶跟蹤�。
一個(gè)網(wǎng)站下面有index.php,login.php,check.php三個(gè)文件�。
check.php:
<?php$pdo=new PDO('mysql:host=localhost;dbname=phplesson','root','root');$stmt=$pdo->prepare('SELECT username,password,id FROM adminuser');$stmt->execute();$users=$stmt->fetchAll(PDO::FETCH_ASSOC);extract($_POST);var_dump($_POST);$users=array_filter($users,function($user) use ($username,$password){ return $username===$user['username'] && $password === $user['password'];});// die($users);// print_r($users);// print_r($user);if(count($users)===1){ echo "成功登陸"; setcookie('username','',time()-3600); setcookie('auth','',time()-3600); if(!empty($auto_login)){ setcookie('username',$username,strtotime("+7days")); $salt="phplesson"; $auth=md5($username.$password.$salt).",".$users[0]['id']; setcookie('auth',$auth,strtotime("+7days")); }else{ setcookie('username',$username); } exit(" <script> alert('登陸成功'); location.href='index.php'; </script> ");}else{ exit(" <script> alert('登陸不成功'); location.href='login.php'; </script> ");}
login.php
<?php if(isset($_GET['action'])&&$_GET['action']=='logout'){ setcookie("username",); setcookie("auth","",time()-3600); }?><!DOCTYPE html><html lang=""><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>后臺(tái)登錄</title> <style> *{ margin:0; padding: 0; box-sizing: border-box; } h2{ margin-top: 1em; text-align: center; } h2>button{ background-color: lightgreen; padding: 3px; border:none; border-radius: 3px; } form{ display: grid; width: 20em; /* auto可以自動(dòng)占據(jù)空間實(shí)現(xiàn)居中 */ margin:2em auto; background-color: lightblue; padding: 1em; grid-template-columns: 5em 10em; place-content: center; gap:1em 0; border:3px solid #ccc; } form>.auto-login{ color:#333333; font-size: 12px; display: flex; justify-content: space-evenly; padding: 0.3em; margin-left: -1em; align-items: center; } form>button{ grid-area: auto/2/auto/span 1; background-color: lightgreen; border:none; font-size: 1.2em; letter-spacing: 0.5em; } form>button:hover{ color:#333334; background-color: greenyellow; } </style></head><body> <h2>后臺(tái)用戶登錄 <button>我要注冊(cè)</button></h2> <form action="check.php" method="post"> <label for="username">用戶名:</label> <input type="text" name="username" id="username" placeholder="用戶名"> <label for="password">密碼:</label> <input type="password" name="password" id="password"> <div class="auto-login"> <input type="checkbox" name="auto_login" id="auto-login"> <label for="auto-login">自動(dòng)登錄</label> </div> <button>登錄</button> </form></body></html>
index.php
<?phpif(!isset($_COOKIE['username'])){ exit(" <Script> alert('請(qǐng)先登錄'); location.href='login.php'; </Script> ");}if(isset($_COOKIE['auth'])){ $auth=$_COOKIE['auth']; $authArr=explode(",",$auth); $is_auth=$authArr[0]; $id=end($authArr); $pdo=new PDO('mysql:host=localhost;dbname=phplesson','root','root'); $stmt=$pdo->prepare('SELECT username,password,id FROM adminuser WHERE id=?'); $stmt->execute([$id]); $user=$stmt->fetch(PDO::FETCH_ASSOC); if($stmt->rowCount()==1){ $username=$user['username']; $password=$user['password']; $salt='phplesson'; $auth=md5($username.$password.$salt); if($auth!=$is_auth){ exit(" <Script> alert('請(qǐng)您先登錄'); location.href='login.php'; </Script> "); } }else{ exit(" <Script> alert('請(qǐng)您先登錄'); location.href='login.php'; </Script> "); }}?><!DOCTYPE html><html lang=""><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>后臺(tái)管理系統(tǒng)</title> <style> header{ width: 100%; height: 4em; display: flex; justify-content: space-between; background-color: lightblue; padding-right:1em; } header>.logo{ padding: 1em 1em; } header>.user-status{ width: 6em; padding: 1em; position: relative; } header>.user-status>.islogin{ position: absolute; width: 100%; height: 100%; } header>.user-status>.unlogin{ width: 100%; height: 100%; position: absolute; } header>.user-status>*{ display: flex; justify-content: space-evenly; } header>.user-status>*.unactive{ display: none; } .container{ text-align: center; margin:2em; font-size: 3em; } </style></head><body> <header class="header"> <div class="logo"> 簡(jiǎn)書(shū)后臺(tái) </div> <div class="user-status"> <div class="islogin"> <div class="username"> <?php echo $_COOKIE['username']; ?> </div> <div class="logout" id="logout"> 退出 </div> </div> </div> </header> <div class="container"> hello,歡迎你啊���,<?php echo $_COOKIE['username']; ?>同學(xué)�����! </div> <script> document.querySelector('#logout').addEventListener('click',(ev)=>{ if(confirm('是否退出')){ window.location.assign("login.php?action=logout"); } },false); </script></body></html>
效果圖:
但是并沒(méi)有看到老師界面的PHPSESSID,這不是很明白�。當(dāng)然了��,基本功能并沒(méi)有受影響�。
批改老師:
滅絕師太
批改狀態(tài):合格
老師批語(yǔ):
收藏
