ThinkPHP中利用SESSION实现用户登录验证的步骤
ThinkPHP中利用SESSION实现用户登录验证的方法
用户登上一个主页无非有这么两种状态,一种是类似于游客的身份登录,另一种是曾经已经登陆过的身份即经过服务器验证过的身份登录。
针对这两种登录,主要说一下:
我们在使用thinkphp的时候,首先,他是不提高登录验证功能的,仅仅是在路径方面做的相对比较安全,因为我们如果不对登录身份进行充足的验证,用户就完全可以去试着登录你的后台管理,那么这是非常可怕的,所以,首先要明白一个非常重要的业务逻辑。
如果按照正常的输入用户名密码的方式进行登录,在跳转之前我们就应该写入session数据,然后用数据进行登录,但是如果用户没有一输入密码的方式登录,那么它必然没有session数据,我们就判断session数据的存在与否,但是这个判断也应该是在跳转之前的。
所以,session数据的存入和读取是非常重要的,必须要灵活的运用才行:
下面是登录的实例代码,由于安全因素,并没有全部发布,仅作参考
class ManagerController extends Controller { public function login(){ //////这是登录验证模块 if(empty($_POST)||($_POST['username']=='请输入用户名')){ $this->display(); }else{ $info=D('userinfo'); $res=$info->select(); $username=$_POST['username']; $password=md5($_POST['password']); $ver=0; foreach($res as $key => $value){ if($res[$key]['username']==$username&&$res[$key]['password']==$password){ $ver++; } } if($ver){ S('username',$username); $this->assign('username',S('username')); $this->display('Index/index'); // $this->success("登录成功",U('Index/index')); }else{ // echo "<h5 id="用户名或密码错误">用户名或密码错误</h5>"; $this->assign("error_info","您的用户名或密码错误"); $this->display(); } } }
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to set session timeout in SpringBoot Session
May 15, 2023 pm 02:37 PM
The problem was found in the springboot project production session-out timeout. The problem is described below: In the test environment, the session-out was configured by changing the application.yaml. After setting different times to verify that the session-out configuration took effect, the expiration time was directly set to 8 hours for release. Arrived in production environment. However, I received feedback from customers at noon that the project expiration time was set to be short. If no operation is performed for half an hour, the session will expire and require repeated logins. Solve the problem of handling the development environment: the springboot project has built-in Tomcat, so the session-out configured in application.yaml in the project is effective. Production environment: Production environment release is
How to solve session failure
Oct 18, 2023 pm 05:19 PM
Session failure is usually caused by the session lifetime expiration or server shutdown. The solutions: 1. Extend the lifetime of the session; 2. Use persistent storage; 3. Use cookies; 4. Update the session asynchronously; 5. Use session management middleware.
Solution to PHP Session cross-domain problem
Oct 12, 2023 pm 03:00 PM
Solution to the cross-domain problem of PHPSession In the development of front-end and back-end separation, cross-domain requests have become the norm. When dealing with cross-domain issues, we usually involve the use and management of sessions. However, due to browser origin policy restrictions, sessions cannot be shared by default across domains. In order to solve this problem, we need to use some techniques and methods to achieve cross-domain sharing of sessions. 1. The most common use of cookies to share sessions across domains
What should I do if the php session disappears after refreshing?
Jan 18, 2023 pm 01:39 PM
Solution to the problem that the php session disappears after refreshing: 1. Open the session through "session_start();"; 2. Write all public configurations in a php file; 3. The variable name cannot be the same as the array subscript; 4. In Just check the storage path of the session data in phpinfo and check whether the sessio in the file directory is saved successfully.
What is the default expiration time of session php?
Nov 01, 2022 am 09:14 AM
The default expiration time of session PHP is 1440 seconds, which is 24 minutes, which means that if the client does not refresh for more than 24 minutes, the current session will expire; if the user closes the browser, the session will end and the Session will no longer exist.
How to solve the problem that the Springboot2 session timeout setting is invalid
May 22, 2023 pm 01:49 PM
Problem: Today, we encountered a setting timeout problem in our project, and changes to SpringBoot2’s application.properties never took effect. Solution: The server.* properties are used to control the embedded container used by SpringBoot. SpringBoot will create an instance of the servlet container using one of the ServletWebServerFactory instances. These classes use server.* properties to configure the controlled servlet container (tomcat, jetty, etc.). When the application is deployed as a war file to a Tomcat instance, the server.* properties do not apply. They do not apply,
How to correctly read and write Session data in multiple files with PHP
Mar 23, 2023 am 11:12 AM
When you are using a PHP session (Session), sometimes you will find that the Session can be read normally in one file, but cannot be read in another file. This may confuse you since session data is supposed to be shared across the entire application. This article will explain how to correctly read and write PHP session data in multiple files.
What are the differences between JavaScript and PHP cookies?
Sep 02, 2023 pm 12:29 PM
JavaScriptCookies Using JavaScript cookies is the most effective way to remember and track preferences, purchases, commissions and other information. Information needed for a better visitor experience or website statistics. PHPCookieCookies are text files that are stored on client computers and retained for tracking purposes. PHP transparently supports HTTP cookies. How do JavaScript cookies work? Your server sends some data to your visitor's browser in the form of a cookie. Browsers can accept cookies. If present, it will be stored on the visitor's hard drive as a plain text record. Now, when a visitor reaches another page on the site
