[英]PHP Login session with cookie
請看一下這段代碼。 是否可以通過cookies注冊用戶
if (isset($_COOKIE['rand_nm']) && isset($_COOKIE['token'])) {
$start_date = date("Y-m-d h:i:sa");
$stmt = $con->prepare("SELECT * From tbl_token Where username = ? AND selector_hash = ?");
$stmt->execute(array($_COOKIE['rand_nm'], $_COOKIE['token']));
$row = $stmt->fetch();
$count = $stmt->rowCount();
if($row["expiry_date"] >= $start_date) {
$isExpiryDareVerified = true;
}
if ($_COOKIE['rand_nm'] == $row['username'] && $_COOKIE['token'] == $row['selector_hash'] && $isExpiryDareVerified) {
if ($count > 0) {
$_SESSION['userName'] = $row['username'];
$_SESSION['id'] = $row['id'];
}
}
}
提交表單時處理表單數據並更新數據庫表
然后存儲cookies信息。 數據庫中的令牌 [隨機數] 和用戶名。 登錄后...
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['login'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$hashPass = sha1($pass);
if (empty($_POST['username']) || empty($_POST['password'])) {
header('Location: signup.php?error=fieldsempty');
exit();
} else {
$stmt = $con->prepare("SELECT * From tbl_token Where username = ? AND password_hash = ?");
$stmt->execute(array($user, $hashPass));
$count = $stmt->rowCount();
if ($count > 0) {
if ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
if ($hashPass == $row['password_hash']) {
if (isset($_POST['remember']) == 'POST') {
if ($_POST['remember'] == 'on') {
$validation = uniqid(true);
$start_date = date("Y-m-d h:i:sa");
$date = strtotime($start_date);
$date = strtotime("+1 day", $date);
setcookie('rand_nm', $_POST['username'], time()+ 86400, '/');
setcookie('token', $validation, time()+ 86400, '/');
$stmt = $con->prepare("UPDATE tbl_token SET selector_hash = ?, is_expired = ?, expiry_date = ? WHERE username = ?");
$stmt->execute(array($validation, 1, date('Y-m-d h:i:sa', $date), $_POST['username']));
}
}
$_SESSION['userName'] = $user;
$_SESSION['id'] = $row['id'];
} else {
echo 'password not correct';
}
}
} else {
echo 'the username is not exist';
}
}
}
}
這是 html 登錄表單
<form id="contact-form" class "login" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
<div class="container">
<label><b>Username</b></label>
<input class="form-control" type="text" placeholder="Enter Username" name="username"><br>
<label><b>Password</b></label>
<input class="form-control" type="password" placeholder="Enter Password" name="password" ><br>
<button class="btn" name="login" type="submit">Login</button>
<label>
<input type="checkbox" checked="checked" name="remember"> Remember me
</label>
</div>
<div class="container">
<span class="psw">Forgot <a href="#">password?</a></span>
</div>
</form>
這是可能的,但我不建議你這樣做。 尤其是在 cookie 中存儲可能未加密的密碼。
您可以在 cookie 中存儲 session id,並將該代碼存儲在數據庫中。 通過這種方式,您可以“記住”誰通過該特定瀏覽器使用了您的網站,以及用戶是否已注銷。 現在,您無需將未加密的敏感信息存儲在易於訪問的 cookies 中。
if(isset($_COOKIE['sessionid']) {
//looking for that session id in the database here... your object is $session filled data from the database.
if($session->stillLogged()) {
//Authenticate the user..
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.