在 PHP 登录脚本中使用会话和会话变量
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10097887/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using sessions & session variables in a PHP Login Script
提问by Penian4
I have just finished creating an entire login and register systsem in PHP, but my problem is I haven't used any sessions yet. I'm kind of a newbie in PHP and I've never used sessions before. What I want to do is, after the user registers and fills out the login form, they will still stay on the same page. So, there will be one part of the which will be if the session is logged_in and the other part will be else (the user is not logged in so display the login form). Can anyone tell me how to get started?
我刚刚在 PHP 中创建了一个完整的登录名并注册了 systsem,但我的问题是我还没有使用任何会话。我是 PHP 的新手,以前从未使用过会话。我想要做的是,在用户注册并填写登录表单后,他们仍然会停留在同一页面上。因此,如果会话已登录,将有一部分是,另一部分是其他(用户未登录,因此显示登录表单)。谁能告诉我如何开始?
回答by Ross
Hope this helps :)
希望这可以帮助 :)
begins the session, you need to say this at the top of a page or before you call session code
开始会话,您需要在页面顶部或在调用会话代码之前说
session_start();
put a user id in the session to track who is logged in
在会话中放置一个用户 ID 以跟踪谁登录
$_SESSION['user'] = $user_id;
Check if someone is logged in
检查是否有人登录
if (isset($_SESSION['user'])) {
// logged in
} else {
// not logged in
}
Find the logged in user ID
查找登录的用户 ID
$_SESSION['user']
So on your page
所以在你的页面上
<?php
session_start();
if (isset($_SESSION['user'])) {
?>
logged in HTML and code here
<?php
} else {
?>
Not logged in HTML and code here
<?php
}
回答by Rahul
here is the simplest session code using php. We are using 3 files.
这是使用 php 的最简单的会话代码。我们正在使用 3 个文件。
login.php
登录.php
<?php session_start(); // session starts with the help of this function
if(isset($_SESSION['use'])) // Checking whether the session is already there or not if
// true then header redirect it to the home page directly
{
header("Location:home.php");
}
if(isset($_POST['login'])) // it checks whether the user clicked login button or not
{
$user = $_POST['user'];
$pass = $_POST['pass'];
if($user == "Ank" && $pass == "1234") // username is set to "Ank" and Password
{ // is 1234 by default
$_SESSION['use']=$user;
echo '<script type="text/javascript"> window.open("home.php","_self");</script>'; // On Successful Login redirects to home.php
}
else
{
echo "invalid UserName or Password";
}
}
?>
<html>
<head>
<title> Login Page </title>
</head>
<body>
<form action="" method="post">
<table width="200" border="0">
<tr>
<td> UserName</td>
<td> <input type="text" name="user" > </td>
</tr>
<tr>
<td> PassWord </td>
<td><input type="password" name="pass"></td>
</tr>
<tr>
<td> <input type="submit" name="login" value="LOGIN"></td>
<td></td>
</tr>
</table>
</form>
</body>
</html>
home.php
主页.php
<?php session_start(); ?>
<html>
<head>
<title> Home </title>
</head>
<body>
<?php
if(!isset($_SESSION['use'])) // If session is not set then redirect to Login Page
{
header("Location:Login.php");
}
echo $_SESSION['use'];
echo "Login Success";
echo "<a href='logout.php'> Logout</a> ";
?>
</body>
</html>
logout.php
登出.php
<?php
session_start();
echo "Logout Successfully ";
session_destroy(); // function that Destroys Session
header("Location: Login.php");
?>
回答by Xenon
Firstly, the PHP documentation has some excellent informationon sessions.
Secondly, you will need some way to store the credentials for each user of your website (e.g. a database). It is a good idea not to store passwords as human-readable, unencrypted plain text. When storing passwords, you should use PHP's crypt()hashing function. This means that if any credentials are compromised, the passwords are notreadily available.
其次,您需要某种方式来存储您网站的每个用户的凭据(例如数据库)。最好不要将密码存储为人类可读的未加密纯文本。在存储密码时,您应该使用 PHP 的crypt()散列函数。这意味着,如果任何凭据被泄露,密码就不容易获得。
Most log-in systems will hash/crypt the password a user enters then compare the result to the hash in the storage system (e.g. database) for the corresponding username. If the hash of the entered password matches the stored hash, the user has entered the correct password.
大多数登录系统会散列/加密用户输入的密码,然后将结果与存储系统(例如数据库)中对应用户名的散列值进行比较。如果输入的密码的哈希值与存储的哈希值匹配,则用户输入了正确的密码。
You can use session variables to store information about the current state of the user - i.e. are they logged in or not, and if they are you can also store their unique user ID or any other information you need readily available.
您可以使用会话变量来存储有关用户当前状态的信息 - 即他们是否已登录,如果他们已登录,您还可以存储他们的唯一用户 ID 或您需要的任何其他随时可用的信息。
To start a PHP session, you need to call session_start(). Similarly, to destroy a session and its data, you need to call session_destroy()(for example, when the user logs out):
要启动 PHP 会话,您需要调用session_start(). 同样,要销毁会话及其数据,您需要调用session_destroy()(例如,当用户注销时):
// Begin the session
session_start();
// Use session variables
$_SESSION['userid'] = $userid;
// E.g. find if the user is logged in
if($_SESSION['userid']) {
// Logged in
}
else {
// Not logged in
}
// Destroy the session
if($log_out)
session_destroy();
I would also recommend that you take a look at this. There's some good, easy to follow information on creating a simple log-in system there.
我还建议你看看这个。那里有一些关于创建简单登录系统的很好的、易于理解的信息。
回答by Alsaket
I always do OOP and use this class to maintain the session so u can use the function is_logged_in to check if the user is logged in or not, and if not you do what you wish to.
我总是做 OOP 并使用这个类来维护会话,所以你可以使用函数 is_logged_in 来检查用户是否登录,如果没有,你就做你想做的事。
<?php
class Session
{
private $logged_in=false;
public $user_id;
function __construct() {
session_start();
$this->check_login();
if($this->logged_in) {
// actions to take right away if user is logged in
} else {
// actions to take right away if user is not logged in
}
}
public function is_logged_in() {
return $this->logged_in;
}
public function login($user) {
// database should find user based on username/password
if($user){
$this->user_id = $_SESSION['user_id'] = $user->id;
$this->logged_in = true;
}
}
public function logout() {
unset($_SESSION['user_id']);
unset($this->user_id);
$this->logged_in = false;
}
private function check_login() {
if(isset($_SESSION['user_id'])) {
$this->user_id = $_SESSION['user_id'];
$this->logged_in = true;
} else {
unset($this->user_id);
$this->logged_in = false;
}
}
}
$session = new Session();
?>
回答by David Jaw Hpan
//start use session
$session_start();
extract($_POST);
//extract data from submit post
if(isset($submit))
{
if($user=="user" && $pass=="pass")
{
$_SESSION['user']= $user;
//if correct password and name store in session
}
else {
echo "Invalid user and password";
header("Locatin:form.php");
}
if(isset($_SESSION['user']))
{
//your home page code here
exit;
}
回答by Nilesh Sarkale
You need to begin the session at the top of a page or before you call session code
您需要在页面顶部或在调用会话代码之前开始会话
session_start();
回答by sriram
$session_start();
extract($_POST);
//extract data from submit post
if(isset($submit))
{
if($user=="user" && $pass=="pass")
{
$_SESSION['user']= $user;
//if correct password and name store in session
}
else {
echo "Invalid user and password";
header("Locatin:form.php");
}
if(isset($_SESSION['user']))
{
//your home page code here
exit;
}
回答by samrtaty
$session_start();
extract($_POST);
//extract data from submit post
if(isset($submit))
{
if($user=="user" && $pass=="pass")
{
$_SESSION['user']= $user;
//if correct password and name store in session
} else {
echo "Invalid user and password";
header("Locatin:form.php")
}
if(isset($_SESSION['user']))
{
}
