好吧,這裏是一個簡單的登錄,它並不意味着對於真實情況。請閱讀代碼中包含的評論,以瞭解我對每個評論的看法。做很多原因,登錄是非常棘手的,所以這個例子並不是要展示真實世界的工作代碼庫,而是一個非常簡單的用戶名/密碼檢查。
與更復雜的使用相關的安全問題可能超出了這個答案,但下面的代碼是我將解釋你上面發佈的內容的方式,而不需要詳細說明(可能使其難以理解最簡單的步驟發生)。
讓我知道如果您有任何問題。在行動中看到的形式,檢查:
http://jfcoder.com/test/simplelogin.php
還有,我用PHP的定界符,而不是引用的字符串爲簡單起見。要了解更多關於此有時適用的表單,請參閱
http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc。
<html>
<head>
<style type="text/css">
.error {
color: red;
}
</style>
</head>
<body>
<?php
// Note, in most cases you will set a SESSION variable
// of $_SESSION['loggedin'], which would require you to
// use session_start() before you access any session
// variables.
// Note, this defaults to false.
$loggedin = false;
// If I get an error, I will put it in this variable.
$error = '';
// If the username is provided, run the code. Otherwise,
// act as if the login form was not submitted. This makes
// a hidden `submitted` value superfluous, and guarantees
// your users at least provide a username.
if ($_POST['username']) {
// NOTE!!! In mose cases, you're querying a database
// for a username/password match. In PHP, this often
// means a MySQL query. DO NOT USE THE BELOW IF YOU
// ARE DOING SO!!! This will allow what's called a
// SQL injection. You MUST wash your data with something
// like mysql_real_escape_string() for the $_POST
// values (NEVER trust submitted data, always validate
// and escape as necessary), or use the PHP PDO library.
// In this example, though, I use a switch to check the
// values for exact matches, which means I do not need
// to escape (and mysql_real_escape_string() requires
// a database connection to use).
$username = $_POST['username'];
$password = $_POST['password'];
// Here, I check if the username and password match.
// This is, of course, hardcoded, but to match your
// attempt, I chose to keep the form, although you
// rarely see this in use in the real world.
switch ($username) {
// My one case. For each additional user, you
// would need to add a new entry with password
// check. And I set my error text according to
// the result of the code.
case 'user':
if ($password === 'abc123') {
$loggedin = true;
} else {
$error = 'Username/Password did not match.';
}
break;
default:
// Note, I don't give a descriptive error
// here. If someone reports this error, I
// know what may have gone wrong, but the
// user is not told the username does not
// exist.
$error = 'Unknown error. Try again.';
}
}
// I will only show the welcome message if the user has
// successfully logged in.
if ($loggedin === true) {
echo <<<HTML
<h1>Welcome!</h1>
<p>Thank you for logging in $username</p>
HTML;
} else {
// If an error text is set, display that error.
if ($error != '') {
$error = "<h4>Login error</h4><p class='error'>$error</p>";
}
// Here's my form, only shown if the user has not
// successfully logged in (note, this is only a one-
// time check when the POST data is submitted; I
// would need to use sessions to "remember" the requestor
// had logged in across page accesses.
echo <<<FORM
<h1>Login Form</h1>
<form action="simplelogin.php" method="POST">
$error
<p><label>Username: <input type="text" name="username"/></label></p>
<p><label>Password: <input type="password" name="password"/></label></p>
<p><input type="submit" value="Login"/> <input type="reset"/></p>
</form>
FORM;
}
?>
</body>
</html>
這只是一個學習練習,對吧? –
我在教自己的PHP和我目前正在嘗試瞭解更多關於窗體。我已經建立了一些,但我想嘗試一些新技術。 – Chris
我希望我不會傷害你的感情,但是這裏有很多問題。讓我看看我是否可以用一個簡單的腳本來做你想做的事情,作爲一個演示。 –