php登陆注册功能实现
PHP 登录注册功能实现
数据库准备
创建一个名为 users 的表,包含以下字段:
id:自增主键username:用户名,唯一email:邮箱,唯一password:密码(存储哈希值)created_at:注册时间
SQL 示例:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
email VARCHAR(100) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);注册功能实现
创建一个 register.php 文件,处理用户注册逻辑。
<?php
// 连接数据库
$conn = new mysqli('localhost', 'username', 'password', 'database');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
// 检查用户名或邮箱是否已存在
$check = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$check->bind_param("ss", $username, $email);
$check->execute();
$check->store_result();
if ($check->num_rows > 0) {
echo "用户名或邮箱已存在";
} else {
// 插入新用户
$stmt = $conn->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $username, $email, $password);
if ($stmt->execute()) {
echo "注册成功";
} else {
echo "注册失败";
}
}
}
?>登录功能实现
创建一个 login.php 文件,处理用户登录逻辑。
<?php
session_start();
$conn = new mysqli('localhost', 'username', 'password', 'database');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $conn->prepare("SELECT id, username, password FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$user = $result->fetch_assoc();
if (password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
echo "登录成功";
} else {
echo "密码错误";
}
} else {
echo "用户不存在";
}
}
?>登录状态检查
创建一个 check_login.php 文件,检查用户是否已登录。
<?php
session_start();
if (isset($_SESSION['user_id'])) {
echo "已登录,用户ID: " . $_SESSION['user_id'];
} else {
echo "未登录";
}
?>注销功能
创建一个 logout.php 文件,处理用户注销逻辑。
<?php
session_start();
session_destroy();
header("Location: login.php");
exit();
?>安全注意事项
- 使用
password_hash()和password_verify()处理密码 - 使用预处理语句防止 SQL 注入
- 对用户输入进行验证和过滤
- 使用 HTTPS 加密传输数据
- 设置 CSRF 防护措施
前端表单示例
注册表单 (register_form.php):
<form action="register.php" method="post">
<input type="text" name="username" placeholder="用户名" required>
<input type="email" name="email" placeholder="邮箱" required>
<input type="password" name="password" placeholder="密码" required>
<button type="submit">注册</button>
</form>登录表单 (login_form.php):
<form action="login.php" method="post">
<input type="text" name="username" placeholder="用户名" required>
<input type="password" name="password" placeholder="密码" required>
<button type="submit">登录</button>
</form>
