authmain.php
<?php
/**身份验证应用程序的主体部分
* 脚本思路:围绕会话变量valid_user展开,如果有人成功登陆,该脚本将注册一个$_SESSION['valid_user']的会话变量,
* 该变量包含用户的ID;
*/
session_start();
if(isset($_POST['userid']) && isset($_POST['password'])){
$userid = $_POST['userid'];
$password = $_POST['password'];
$db = mysqli_connect('localhost','webauth','webauth','auth');
if(mysqli_connect_error()){
echo 'Error:The database cannot connect';
exit;
}
$query = "select * from authorized_users ".
"where name = \"$userid\""." and password = sha1(\"$password\")";
$result = mysqli_query($db,$query);
if(mysqli_num_rows($result)>0)
$_SESSION['valid_user'] = $userid; //查询账号密码成功时,注册一个会话变量
mysqli_close($db);
}
?>
<html>
<body>
<h1>Home Page</h1>
<?
if(isset($_SESSION['valid_user'])){
echo 'You are logged in as: '.$_SESSION['valid_user']."<br/>" ;
echo "<a href= \"logout.php\">Log out</a>";
}
else{
if(isset($userid))
echo "Could not log you in.<br/>";
else
echo "You are not logged in.<br/>";
echo "<form method=\"post\" action=\"authmain.php\">";
echo "<table>";
echo "<tr><td>UserId:</td>";
echo "<td><input type=\"text\" name=\"userid\"></td></tr>";
echo "<tr><td>Password:</td>";
echo "<td><input type=\"text\" name=\"password\"></td></tr>";
echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"Log in\"></td></tr>";
echo "</table></form>";
}
?>
<br />
<a href = "menbers_only.php">Members section</a>
</body>
</html>
menbers_only.php
<?php
/**authmain.php网站的有效用户检查部分,可以确定是否为有效成员
*/
session_start();
echo "<h1>Members only</h1>";
if(isset($_SESSION['valid_user'])){
echo "<p>You are logged in as ".$_SESSION['valid_user']."</p>";
echo "<p>Members only content goes here";
}
else{
echo "<p>You are not logged in</p>";
echo "<p>Only logged in members may see this page.</p>";
}
echo "<a href=\"authmain.php\">Back to main page</a>";
?>
logout.php
<?php
/**该脚本注销会话变量并销毁会话
*/
session_start(); //开启会话
$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']); //销毁会话变量
session_destroy(); //关闭会话
?>
<html>
<body>
<h1>Log out</h1>
<?php
if(!empty($old_user))
echo "Log out.<br/>";
else
echo "You weren't logged in,and so have not been logged out<br/>";
?>
<a href = "authmain.php">Back to main page</a>
</body>
</html