前言
- 因为有要求会话控制,所以利用cookies来实现让无状态的HTTP协议保持了状态,利用session是为了后面让留言板检测登录
- 非常的不安全!!啥都在cookies里面,也没有进行加密啥的(主要是太菜了也不会写什么加密函数QWQ)
代码实现
<?php
header("Content-type: text/html; charset=utf-8");
session_start();
//第一次登陆
if ( ( $_POST['username'] != null ) && ( $_POST['password'] != null ) ) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if ($conn->connect_error){
echo '数据库连接失败!';
exit(0);
}else{
if ($username === ''){
echo '<script>alert("请输入用户名!");history.go(-1);</script>';
exit(0);
}
if ($password === ''){
echo '<script>alert("请输入密码!");history.go(-1);</script>';
exit(0);
}
$conn = new mysqli('localhost','root','root','message');
$sql = "select username,password from user where username = '$_POST[username]' and password = '$_POST[password]'";
$res=mysqli_query($conn,$sql);
$row=mysqli_fetch_assoc($res);
if ($row['password' == $password]) {
//密码验证通过,设置cookies,把用户名和密码保存在客户端
setcookie('username',$username,time()+60*60*24);
setcookie('password',$password,time()+60*60*24);
$_SESSION['username'] = $username;
echo '<script>window.location="message.html";</script>';
} else {
echo '<script>alert("用户名或密码错误!");history.go(-1);</script>';
}
}
}
if( ($_COOKIE['username'] != null) && ($_COOKIE['password'] != null) ) {
$username = $_COOKIE['username'];
$password = $_COOKIE['password'];
$conn = mysqli_connect('localhost','root','root','message');
$sql = "select username,password from user where username = '$_POST[username]' and password = '$_POST[password]'";
$res=mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($res);
if ($row['password'] == $password) {
//验证通过后跳转到登录后的欢迎页面
echo '<script>window.location="message.html";</script>';
}
}
?>
参考资料