There are only two states when a user logs on to a homepage, one is to log in with an identity similar to that of a visitor, and the other is to log in with an identity that has been logged in before, that is, an identity that has been verified by the server.
For these two logins, let’s talk about:
When we use thinkphp, first of all, it does not improve the login verification function. It only makes it relatively safe in terms of paths, because if we do not fully verify the login identity, users can try it. Logging in to your backend management is very scary, so you must first understand a very important business logic.
If you log in by entering the username and password normally, we should write the session data before jumping, and then use the data to log in. However, if the user does not log in by entering the password, then it must not have a session. Data, we will judge whether the session data exists, but this judgment should also be made before the jump.
Therefore, the storage and reading of session data is very important and must be used flexibly:
The following is the login example code. Due to security reasons, not all of it has been released. It is for reference only
class ManagerController extends Controller { public function login(){ //////这是登录验证模块 if(empty($_POST)||($_POST['username']=='请输入用户名')){ $this->display(); }else{ $info=D('userinfo'); $res=$info->select(); $username=$_POST['username']; $password=md5($_POST['password']); $ver=0; foreach($res as $key => $value){ if($res[$key]['username']==$username&&$res[$key]['password']==$password){ $ver++; } } if($ver){ S('username',$username); $this->assign('username',S('username')); $this->display('Index/index'); // $this->success("登录成功",U('Index/index')); }else{ // echo "<h5 style='color: black;'>用户名或密码错误</h5>"; $this->assign("error_info","您的用户名或密码错误"); $this->display(); } } }