網路程式設計
登入機制
學習目標
- 什麼是session
- session與登入
什麼是PHP Session
什麼是PHP session
頁面操作流程
登入
後台管理
登出
新增產品
修改產品
頁面各自獨立
共用記憶體
自有記憶體
自有記憶體
自有記憶體
自有記憶體
username
購物車內容
...
什麼是PHP session
多人登入?
session各自獨立
什麼是PHP session範例操作
session_start();$_SESSION['自訂名稱'] = '儲存值';Session與登入
Session與登入
index.php登入表單
register.php註冊表單
signin.php
檢查帳密
新增session
signup.php
新增帳密email
(新增)
signout.php
刪除session
index.php使用session
Session與登入範例專案
Session與登入資料庫
CREATE TABLE `users` (
`uid` INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR(65) NOT NULL ,
`password` VARCHAR(32) NOT NULL ,
`email` VARCHAR(255) NOT NULL
);
Session與登入範例專案
<?php
require 'lib/medoo.php';
session_start();
$database = new medoo([
// required
'database_type' => 'mysql',
'database_name' => 'product_db',
'server' => 'localhost',
'username' => 'product_db',
'password' => '1234',
'charset' => 'utf8',
]);
function db_action($data = array()) {
global $database;
switch ($data['action']) {
case 'insert': // 新增
$database->insert($data['table'], $data['data']);
return;
case 'update': // 修改
$database->update($data['table'], $data['data'], $data['where']);
return;
case 'select': // 查詢
if (isset($data['where'])) {
$result = $database->select($data['table'], $data['column'], $data['where']);
} else {
$result=$database->select($data['table'], $data['column']);
}
return $result;
case 'delete': //刪除
$database->delete($data['table'], $data['where']);
return;
}
}
db.inc.php
注意:多加一行session_start()
Session與登入範例專案
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<h1>首頁</h1>
<?php
session_start();
if (!empty($_SESSION['loggedIn']) && !empty($_SESSION['username'])) {
?>
<p> 感謝登入!您是 <code><?= $_SESSION['username'] ?></code> 你的email是: <code><?= $_SESSION['email'] ?></code>.</p>
<form method="POST" action="signout.php">
<input type="submit" value="我要登出">
</form>
<?php
} else {
?>
<form name="form" method="post" action="signin.php">
帳號:<input type="text" name="username" /> <br>
密碼:<input type="password" name="password" /> <br>
<input type="submit" name="button" value="登入" />
<a href="register.php">申請帳號</a>
</form>
<?php
}
?>
</body>
</html>
index.php
已登入:$_SESSION['loggedIn']==1
Session與登入範例專案
<?php
include_once 'db.inc.php';
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
// 檢查登入
$where = array(
'AND' => array(
'username' => $username,
'password' => $password
)
);
$options = array(
'action' => 'select',
'table' => 'users',
'column' => '*',
'where' => $where
);
$checklogin = db_action($options);
if (!empty($checklogin) && count($checklogin) == 1) {
$row = $checklogin[0]; // 第一筆
$email = $row['email'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['loggedIn'] = 1; // 已登入
echo "<h1>登入成功</h1>";
?>
<a href="index.php">回首頁</a>
<?php
} else {
echo "<h1>登入失敗</h1>";
echo "<p>登入失敗. 請 <a href=\"index.php\">點此重新登入</a>.</p>";
}
}
?>
signin.php
mysql_real_escape_string()
密碼加密:md5()
Session與登入範例專案
<?php
include_once 'db.inc.php';
$_SESSION = array();
session_destroy();
header("Location: index.php");
die();
?>
signout.php
結束session:session_destroy()
資料清空:$_SESSION = array();
Session與登入範例專案
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php
session_start();
if (!empty($_SESSION['loggedIn']) && !empty($_SESSION['username'])) {
?>
<h1>會員</h1>
<p> 您已登入,請先登出</p>
<form method="POST" action="signout.php">
<input type="submit" value="登出">
</form>
<?php
} else {
?>
<h1>註冊</h1>
<p>輸入註冊資訊</p>
<form method="post" action="signup.php" name="registerform" id="registerform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
<input type="submit" name="register" id="register" value="Register" />
</fieldset>
</form>
<?php
}
?>
</body>
</html>
register.php
session_start()
檢查是否已登入
Session與登入範例專案
<?php
include_once 'db.inc.php';
if (!empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
// 檢查帳號是否存在
// 檢查登入
$where = array(
'username' => $username
);
$options = array(
'action' => 'select',
'table' => 'users',
'column' => '*',
'where' => $where
);
$checkusername = db_action($options);
if (!empty($checkusername) && count($checkusername) == 1) {
echo "<h1>註冊錯誤</h1>";
echo "<p>帳號已存在,請重新註冊.</p>";
} else {
$options = array(
'action' => 'insert',
'table' => 'users',
'data' => array(
'username' => $username,
'password' => $password,
'email' => $email
)
);
db_action($options);
echo "<h1>註冊成功</h1>";
echo "<p>帳號已註冊成功。請從<a href=\"index.php\">此處登入</a>.</p>";
}
} else {
echo "<h1>輸入不完整</h1>";
echo "<p>請重新註冊</p>";
}
?>
signup.php
檢查帳號是否已存在
新增帳號至資料庫
與product專案整合
- 管理功能須先登入
- 登入後根據權限登記session資料
- 編修產品資料頁面須先檢查$_SESSION
- 未登入:導向登入頁面
- 未具權限:提示訊息,導向首頁