目录
一:cookie
1.cookie的作用:判断用户的身份
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>后台登录</title> <style> body { font-family: Arial, sans-serif; background-color: #f1f1f1; } .container { width: 300px; margin: 0 auto; padding: 20px; background-color: #fff; border-radius: 5px; box-shadow: 0 2px 5px rgba(0, 0, 0, 0.3); text-align: center; } h2 { margin-bottom: 20px; color: #333; } input[type="text"], input[type="password"] { width: 100%; padding: 10px; margin-bottom: 15px; border: 1px solid #ccc; border-radius: 4px; box-sizing: border-box; } button { width: 100%; padding: 10px; background-color: #4CAF50; color: #fff; border: none; border-radius: 4px; cursor: pointer; font-size: 16px; } button:hover { background-color: #45a049; } </style> </head> <body> <div class="container"> <h2>后台登录</h2> <form action="" method="POST"> <input type="text" name="username" placeholder="用户名" required> <input type="password" name="password" placeholder="密码" required> <button type="submit">登录</button> </form> </div> </body> </html> <?php include '../config.php'; //登录文件 $name=@$_POST[username]; $pass=@$_POST[password]; $sql="select * from admin where username='$name' and password='$pass'"; $data=mysqli_query($con,$sql); if(mysqli_num_rows($data)) { // echo "<script>alert('恭喜登录成功')</script>script>"; $expire=time()+60*60*24*30;//设置一个月过期 setcookie('username',$name,$expire,'/'); setcookie('password',$pass,$expire,'/'); header('Location:index-c.php'); }else{ echo 'no ok'; } ?>
登录窗口
<?php //登录成功首页 if($_COOKIE['username']=='admin' and $_COOKIE['password']='123456'){ }else{ echo "用户名或密码错误"; header('Location:admin-c.php'); } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>后台首页</title> </head> <body> <h1> 后台首页 </h1> <p>欢迎你,<?php echo $_COOKIE['username']; ?>!</p> <p><a href="logout-c.php">退出</a></p> </body> </html>
<?php //退出 setcookie('username','',time(),'/');//删除cookie,将cookie值置空 setcookie('password','',time(),'/'); header('Location:admin-c.php'); exit; ?>
2.输入用户名和密码判断正确登录成功后会得到cookie值
3.拿到cookie后再浏览器存储中加入cookie值便能绕过登录界面访问登录成功首页
二:session
session:存储在服务端,更安全;在浏览器关闭后过期
与cookie代码类似,session文件存储位置:\phpstudy\phpstudy_pro\Extensions\tmp\tmp
<?php //登录文件,采用session验证 include '../config.php'; //登录文件 $name=@$_POST['username']; $pass=@$_POST['password']; $sql="select * from admin where username='$name' and password='$pass';"; $data=mysqli_query($con,$sql); if($_SERVER["REQUEST_METHOD"]=="POST"){ if(mysqli_num_rows($data)>0){ session_start(); $_SESSION['username']=$name; $_SESSION['password']=$pass; header('Location:index-s.php'); exit(); } else { echo '<script>alert("错误")</script>'; //header('Location:admin-s.php'); } }
三:token
token:判断数据包的唯一性,随机产生,防止暴力攻击;随机产生的token与session[token]比较,一致才能登录成功,在网站上登录session[token]会自动刷新。而抓包后暴力破解用户密码,session[token]不会改变,token一直改变不正确登录不成功。