PHP：会话控制，初试前后台数据交互实战 - PHP11学习

1.index01.php
<?php
// 判断是否在登录状态
if(isset($_COOKIE[‘user’])) $user = unserialize ($_COOKIE[‘user’]);
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>首页</title>
<link rel="stylesheet" type="text/css" href="../css/index01.css">
</head>
<body>
<nav>
<a href="index01.php">我的论坛</a>
<?php if(isset($user)): ?>
<a href="" id="logout01"><span style="color:red"><?php echo $user['name']?></span>  退出</a>
<?php else: ?>
<a href="login01.php">登录</a>
<?php endif ?>
</nav>
</body>
<script>
// 为退出按钮创建事件监听器
document.querySelector('#logout01').addEventListener('click', function(event) {
if (confirm('是否退出')) {
// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
event.preventDefault();
// 跳转到退出事件处理器
window.location.assign('handle01.php?action=logout01');
}
});
</script>
</html>

演示效果

2.login01.php
<?php
// 判断是否在登录状态
if(isset($_COOKIE[‘user’])) $user = unserialize ($_COOKIE[‘user’]);
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>首页</title>
<link rel="stylesheet" type="text/css" href="../css/index01.css">
</head>
<body>
<nav>
<a href="index01.php">我的论坛</a>
<?php if(isset($user)): ?>
<a href="" id="logout01"><span style="color:red"><?php echo $user['name']?></span>  退出</a>
<?php else: ?>
<a href="login01.php">登录</a>
<?php endif ?>
</nav>
</body>
<script>
// 为退出按钮创建事件监听器
document.querySelector('#logout01').addEventListener('click', function(event) {
if (confirm('是否退出')) {
// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
event.preventDefault();
// 跳转到退出事件处理器
window.location.assign('handle01.php?action=logout01');
}
});
</script>
</html>

3.register01.php
<?php
// 判断是否在登录状态
if(isset($_COOKIE[‘user’])) $user = unserialize ($_COOKIE[‘user’]);
?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>首页</title>
<link rel="stylesheet" type="text/css" href="../css/index01.css">
</head>
<body>
<nav>
<a href="index01.php">我的论坛</a>
<?php if(isset($user)): ?>
<a href="" id="logout01"><span style="color:red"><?php echo $user['name']?></span>  退出</a>
<?php else: ?>
<a href="login01.php">登录</a>
<?php endif ?>
</nav>
</body>
<script>
// 为退出按钮创建事件监听器
document.querySelector('#logout01').addEventListener('click', function(event) {
if (confirm('是否退出')) {
// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
event.preventDefault();
// 跳转到退出事件处理器
window.location.assign('handle01.php?action=logout01');
}
});
</script>
</html>

4.handle01.php
<?php
// 查询用户表中的数据
$pdo = new PDO(‘mysql:host=localhost;dbname=exe0507’,’exe’,’exE123’);
$stmt = $pdo->prepare(‘SELECT * from user1‘);
$stmt->execute();
$heros = $stmt->fetchAll(PDO::FETCH_ASSOC);

// 处理用户登录与注册
$action = $_GET['action'];
switch (strtolower($action)){
// 正常登录
case 'login01':
// 判断请求是否合法
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 获取需要验证的数据
$email = $_POST['email'];
$password = sha1($_POST['password']);
$results = array_filter($heros, function($user) use ($email, $password) {
return $user['email'] === $email && $user['password'] === $password;
});
if (count($results) === 1) {
setcookie('user', serialize(array_pop($results)));
exit('<script>alert("验证通过");location.href="index01.php"</script>');
} else {
exit('<script>alert("邮箱或密码错误,或者还没有帐号");location.href="login01.php";</script>');
}
} else {
die('请求类型错误');
}
break;
// 退出
case 'logout01':
if (isset($_COOKIE['user'])) {
setcookie('user', null , time()-3600);
exit('<script>alert("退出成功");location.assign("index01.php")</script>');
}
break;
// 用户注册
case 'register01':
// 1. 获取到所有新用户数据
$name = $_POST['name'];
$email = $_POST['email'];
$password = sha1($_POST['ps1']);
$reg_time = time();
// 2. 将新用户插入到表中
$sql = "INSERT `user1` SET `name`='{$name}',`email`='{$email}',`password`='{$password}',`reg_time`={$reg_time} ";
$stmt = $pdo->prepare($sql);
$stmt->execute();
if ($stmt->rowCount() === 1) exit('<script>alert("注册成功");location.assign("login01.php")</script>');
else exit('<script>alert("注册失败");location.assign("login01.php")</script>');
break;
// 未定义
default:
exit('未定义操作');
}

session会话

// 判断是否在登录状态
if(isset($_SESSION['user'])) $user = unserialize ($_SESSION['user']);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>首页</title>
<link rel="stylesheet" type="text/css" href="../css/index01.css">
</head>
<body>
<nav>
<a href="index01.php">我的论坛</a>
<?php if(isset($user)): ?>
<a href="" id="logout01"><span style="color:red"><?php echo $user['name']?></span>  退出</a>
<?php else: ?>
<a href="login01.php">登录</a>
<?php endif ?>
</nav>
</body>
<script>
// 为退出按钮创建事件监听器
document.querySelector('#logout01').addEventListener('click', function(event) {
if (confirm('是否退出')) {
// 禁用默认行为, 其实就是禁用原<a>标签的点击跳转行为,使用事件中的自定义方法处理
event.preventDefault();
// 跳转到退出事件处理器
window.location.assign('handle01.php?action=logout01');
}
});
</script>
</html>

// 判断是否在登录状态
if(isset($_SESSION['user']))
exit('<script>alert("请不要重复登录");location.href="index01.php";</script>');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="../css/login01.css">
<title>用户登录</title>
</head>
<body>
<h3>用户登录</h3>
<form action="handle01.php?action=login01" method="post">
<div>
<label for="">邮箱：</label>
<input type="email" name="email" id="email" >
</div>
<div>
<label for="">密码：</label>
<input type="password" name="password" id="password" pla >
</div>
<div>
<button type="submit">提交</button>
</div>
</form>
<a href="register01.php">没注册的请点击这里注册吧</a>
</body>
</html>

// 查询用户表中的数据
$pdo = new PDO('mysql:host=localhost;dbname=exe0507','exe','exE123');
$stmt = $pdo->prepare('SELECT * from `user1`');
$stmt->execute();
$heros = $stmt->fetchAll(PDO::FETCH_ASSOC);
// 处理用户登录与注册
$action = $_GET['action'];
switch (strtolower($action)){
// 正常登录
case 'login01':
// 判断请求是否合法
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 获取需要验证的数据
$email = $_POST['email'];
$password = sha1($_POST['password']);
$results = array_filter($heros, function($user) use ($email, $password) {
return $user['email'] === $email && $user['password'] === $password;
});
if (count($results) === 1) {
$_SESSION['user'] = serialize(array_pop($results));
exit('<script>alert("验证通过");location.href="index01.php"</script>');
} else {
exit('<script>alert("邮箱或密码错误,或者还没有帐号");location.href="login01.php";</script>');
}
} else {
die('请求类型错误');
}
break;
// 退出
case 'logout01':
if (isset($_SESSION['user'])) {
session_destroy();
exit('<script>alert("退出成功");location.assign("index01.php")</script>');
}
break;
// 用户注册
case 'register01':
// 1. 获取到所有新用户数据
$name = $_POST['name'];
$email = $_POST['email'];
$password = sha1($_POST['ps1']);
$reg_time = time();
// 2. 将新用户插入到表中
$sql = "INSERT `user1` SET `name`='{$name}',`email`='{$email}',`password`='{$password}',`reg_time`={$reg_time} ";
$stmt = $pdo->prepare($sql);
$stmt->execute();
if ($stmt->rowCount() === 1) exit('<script>alert("注册成功");location.assign("login01.php")</script>');
else exit('<script>alert("注册失败");location.assign("login01.php")</script>');
break;
// 未定义
default:
exit('未定义操作');
}

register01.php没改动就不贴出代码了。

总结：
1.第一次尝试前后台数据传输，心情激动，期待顺利通过！
理想与现实的差别：经过一星期的仿照编码和查错，今天才通过cookie会话整个流程。期间出现编码写错、数据库password选择sha1加密输入出错、数据库重装、phpstudy重装等种种折腾。
2.session会话于cookie会话的区别：
—首先要启动会话session_start();
—变量$_COOKIE改为$_SESSION
—setcookie改为$_SESSION[..]=
—setcookie(‘user’, null , time()-3600);改为session_destroy();
—所以只改动了index01.php、login01.php、handle01.php三个文件。

Correcting teacher：

天蓬老师

Correction status：qualified

Teacher's comments：会话检测的流程和思想很重要, 多做总结

会话控制

COOKIE会话控制

session会话

register01.php没改动就不贴出代码了。