1. User login status operation class UserLogin
<?php
final class UserLogin {
public function __construct() {
}
public static function getUserInfo() {
if (isset($_COOKIE["user_id"])&&$_COOKIE["user_id"]&&(trim($_COOKIE["user_id"])!="")) {
if (isset($_SESSION["USER_INFO"]))
return $_SESSION["USER_INFO"];
$dao = new UserDao();
$user = $dao->find($_COOKIE["user_id"]);
if ($user) {
$_SESSION["USER_INFO"] = $user;
setcookie("docloud_sid", session_id(), time() + 36000);
setcookie("user_id", $_COOKIE["user_id"], time() + 36000);
if (array_key_exists("selected_prj_id", $_COOKIE))
setcookie("selected_prj_id", $_COOKIE["selected_prj_id"], time() + 36000);
if (array_key_exists("selected_class_id", $_COOKIE))
setcookie("selected_class_id", $_COOKIE["selected_class_id"], time() + 36000);
if (array_key_exists("selected_image_id", $_COOKIE))
setcookie("selected_image_id", $_COOKIE["selected_image_id"], time() + 36000);
if (array_key_exists("test_image_ids", $_COOKIE))
setcookie("test_image_ids", $_COOKIE["test_image_ids"], time() + 36000);
if (array_key_exists("upload_image_ids", $_COOKIE))
setcookie("upload_image_ids", $_COOKIE["upload_image_ids"], time() + 36000);
return $user;
}
}
self::clearCookie();
return null;
}
public static function setUserInfo($userInfo) {
$_SESSION["USER_INFO"] = $userInfo;
setcookie("docloud_sid", session_id(), time() + 36000);
setcookie("user_id", $userInfo->getId(), time() + 36000);
}
public static function isLogin() {
if (self::getUserInfo()) {
return true;
}
return false;
}
public static function delUserInfo() {
self::clearCookie();
session_destroy();
}
private static function clearCookie() {
setcookie("docloud_sid", "", time() - 36000);
setcookie("user_id", "", time() - 36000);
setcookie("selected_prj_id", "", time() - 36000);
setcookie("selected_class_id", "", time() - 36000);
setcookie("selected_image_id", "", time() - 36000);
setcookie("test_image_ids", "", time() - 36000);
setcookie("upload_image_ids", "", time() - 36000);
}
}
?>2. Call when the user enters the username and password to make relevant judgments
<?php
require_once 'Init.php';
// if logged in, logout
if (UserLogin::isLogin() && $_COOKIE["user_id"]==1) {
UserLogin::delUserInfo();
}
else if (UserLogin::isLogin()){
Utils::redirect('welcome');
}
$username = null;
$password = null;
$msg = "";
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = addslashes(trim(stripslashes($_POST ['username'])));
$password = addslashes(trim(stripslashes($_POST ['password'])));
// validate
$errors = LoginValidator::validate($username, $password);
if (empty($errors)) {
// save
$dao = new UserDao();
$user = $dao->findByName($username);
$last_login_ip = Utils::getIpAddress();
$user->setLastLoginIp($last_login_ip);
$now = new DateTime();
$user->setLastLoginTime($now);
$dao->save($user);
UserLogin::setUserInfo($user);
Flash::addFlash('登录成功!');
Utils::redirect('welcome');
}
foreach ($errors as $e) {
$msg .= $e->getMessage()."<br>";
}
}
?>A code that introduces you to the relevant knowledge of PHP operations based on session and cookie user login status.
Let me add some knowledge to you, the difference between Cookies and Session
1. A cookie is a text string handle sent to the client's browser and stored on the client's hard drive. It can be used to persist data between sessions of a WEB site.
2. Session actually refers to the period of time from when a visitor arrives at a specific homepage to when he leaves. Session actually uses cookies for information processing. When the user first makes a request, the server creates a cookie on the user's browser. When the session ends, it actually means that the cookie has expired.
Note: The name of the cookie created for this user is assessionid. The only purpose of this cookie is to provide different identity authentication for each user.
3. What cookies and sessions have in common is that both cookies and sessions are session methods used to track the identity of browser users.
4. The difference between cookie and session is: cookie data is stored on the client side, and session data is stored on the server side.
Simply put, when you log in to a website,
· If the web server uses session, then all data is stored on the server. Every time the client requests the server, it will send the sessionid of the current session. The server determines the corresponding user data flag based on the current sessionid. Determine if the user is logged in or has certain permissions. Since the data is stored on the server, you cannot forge it, but if you can obtain the sessionid of a logged-in user, you can also successfully forge the user's request using a special browser. The sessionid is randomly assigned when the server and client are connected. Generally speaking, there will be no duplication. However, if there are a large number of concurrent requests, the possibility of duplication is not impossible.
· If the browser uses cookies, then all data is saved on the browser side. For example, after you log in, the server sets a cookie username. Then when you request the server again, the browser will save the username. A block is sent to the server, and these variables have certain special markings. The server will interpret it as a cookie variable, so as long as the browser is not closed, the cookie variable will always be valid, so it can ensure that it will not be disconnected for a long time. If you can intercept a user's cookie variable and then forge a data packet and send it over, the server will still think you are legitimate. Therefore, the possibility of being attacked using cookies is relatively high. If the validity time is set, then it will save the cookie on the client's hard drive. The next time you visit the website, the browser will first check whether there is a cookie. If there is, it will read the cookie and then send it to server. If you save a forum cookie on your machine, the validity period is one year. If someone invades your machine, copies your cookie, and puts it in the directory of his browser, then when he logs in to the website, it will be Log in with your identity. So cookies can be forged. Of course, you need ideas when forging, just copy
The browser will not recognize the cookie file in the cookie directory. It has an index.dat file, which stores the creation time of the cookie file and whether it has been modified, so you must first have the cookie file of the website, and To deceive the browser from the guaranteed time
5. Both can be used to store private things. They also have validity periods. The difference is that the session is placed on the server. Whether it expires or not depends on the setting of the service period. Cookies are stored on the client. , whether it is past or not can be set when the cookie is generated.
(1) Cookie data is stored on the client’s browser, and session data is stored on the server
(2) Cookies are not very safe. Others can analyze the cookies stored locally and deceive them. If security is the main concern, session should be used
(3) The session will be saved on the server for a certain period of time. When access increases, it will take up more of your server's performance. If you mainly consider reducing server performance, you should use COOKIE
(4) The limit of a single cookie on the client is 3K, which means that a site cannot store 3K COOKIES on the client.
(5)So: Store important information such as login information as SESSION; if other information needs to be retained, it can be placed in COOKIE
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
