PHP登录系统示例代码-2
为了创建一个使用PHP实现的完整的登录系统,我们需要考虑几个关键组件,包括用户注册、登录表单、验证过程、密码哈希、会话管理和注销功能。以下是一个简化版的示例,展示了如何实现这些功能。
首先,我们需要一个数据库来存储用户信息。这里假设我们使用MySQL数据库,并且已经创建了一个名为users的表,结构如下:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL UNIQUE,
email VARCHAR(255) NOT NULL UNIQUE,
password_hash CHAR(60) NOT NULL
);
接下来,我们将创建以下PHP文件:
register.php- 用户注册表单和处理注册请求。login.php- 用户登录表单和处理登录请求。db_connect.php- 数据库连接配置。logout.php- 处理用户注销请求。dashboard.php- 用户登录后访问的仪表板页面。
db_connect.php
<?php
$host = 'localhost';
$db = 'your_database';
$user = 'your_username';
$pass = 'your_password';
$charset = 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
PDO::ATTR_ERRMODE => PDO::ATTR_ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::ATTR_FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
try {
$pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
?>
register.php
<?php
require 'db_connect.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
// 密码哈希
$password_hash = password_hash($password, PASSWORD_BCRYPT);
// 插入用户数据
$stmt = $pdo->prepare("INSERT INTO users (username, email, password_hash) VALUES (:username, :email, :password_hash)");
$stmt->execute(['username' => $username, 'email' => $email, 'password_hash' => $password_hash]);
// 注册成功,跳转到登录页面
header('Location: login.php');
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Register</title>
</head>
<body>
<h2>Register</h2>
<form action="register.php" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required><br>
<label for="email">Email:</label>
<input type="email" id="email" name="email" required><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required><br>
<input type="submit" value="Register">
</form>
<p>Already have an account? <a href="login.php">Login here</a>.</p>
</body>
</html>
login.php
<?php
require 'db_connect.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
// 查询用户
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->execute(['username' => $username]);
$user = $stmt->fetch();
// 验证密码
if ($user && password_verify($password, $user['password_hash'])) {
// 登录成功,设置会话
session_start();
$_SESSION['user_id'] = $user['id'];
header('Location: dashboard.php');
exit;
} else {
$error = "Invalid username or password.";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<?php if (isset($error)) echo "<p>$error</p>"; ?>
<form action="login.php" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required><br>
<input type="submit" value="Login">
</form>
<p>Don't have an account? <a href="register.php">Register here</a>.</p>
</body>
</html>
logout.php
<?php
session_start();
session_destroy();
header('Location: login.php');
exit;
dashboard.php
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
// 获取用户信息
require 'db_connect.php';
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id");
$stmt->execute(['id' => $_SESSION['user_id']]);
$user = $stmt->fetch();
echo "Welcome, " . $user['username'];
?>
<p><a href="logout.php">Logout</a></p>
请注意,这个示例不包括前端验证、CSRF保护、密码重置功能、用户输入清理和其他安全措施。在实际应用中,你应该添加这些功能以提高系统的安全性和健壮性。此外,还应该使用.env文件或其他方式来管理敏感信息,如数据库凭据。
没有回复内容