在下面的php代码中,我想包含一个函数,将cookie设置为保持登录状态。问题是,我在谷歌上找到的样本不起作用。如果用户已经登录,则应该获得一个cookie,而不需要额外的“保持登录”按钮。在每个新请求中,cookie都应该立即登录用户。
<?php
// Initialize the session
session_start();
// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location: index.php");
exit;
}
// Include config file
require_once "configuser.php";
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = "Bitte Benutzernamen eingeben.";
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty(trim($_POST["password"]))){
$password_err = "Bitte Passwort eingeben.";
} else{
$password = trim($_POST["password"]);
}
// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT id, username, password FROM users WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
//Angemeldet bleiben:
// Redirect user to welcome page
header("location: index.php");
} else{
// Display an error message if password is not valid
$password_err = "Passwort falsch.";
}
}
} else{
// Display an error message if username doesn't exist
$username_err = "Benutzername oder Passwort falsch.";
}
} else{
echo "Störung.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
1条答案
按热度按时间mgdq6dx11#
验证密码后设置cookie:
在检查之前
loggedin在会话中,检查cookie(请密切注意此处的注解行):为了在注销用户时销毁cookie,请使用
unset正如@dakshmehta已经说过的:注意:由于安全问题,不建议将用户密码存储在cookie中。因此,您可能希望实现一个基于令牌的身份验证,在短时间内或至少在每次登录时刷新令牌。使用json web tokens(jwt)在这个主题上可能会很有帮助,有一个在php中实现jwt的包:firebase/php jwt您应该知道令牌的行为与密码完全一样,所以当您将其存储在cookie中时,您应该考虑本文最后一节中提到的一些安全提示:在何处存储jwts–cookies与html5web存储