php登陆注册功能实现

数据库设计

创建用户表存储用户信息，至少包含用户名、密码（需加密）、邮箱等字段。示例SQL：

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(50) NOT NULL UNIQUE,
    password VARCHAR(255) NOT NULL,
    email VARCHAR(100) NOT NULL UNIQUE,
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);

注册功能实现

处理用户提交的表单数据，验证后存入数据库。密码需使用password_hash加密：

// 处理POST请求
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = trim($_POST['username']);
    $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);

    // 插入数据库
    $stmt = $pdo->prepare("INSERT INTO users (username, password, email) VALUES (?, ?, ?)");
    $stmt->execute([$username, $password, $email]);
}

登录功能实现

验证用户凭证，使用password_verify匹配加密密码：

session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
    $stmt->execute([$username]);
    $user = $stmt->fetch();

    if ($user && password_verify($password, $user['password'])) {
        $_SESSION['user_id'] = $user['id'];
        header('Location: dashboard.php');
    }
}

安全防护措施

对输入数据进行过滤和转义，防止SQL注入和XSS攻击：

$username = htmlspecialchars(trim($_POST['username']));
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);

会话管理

登录成功后建立会话，退出时销毁会话：

// 登录成功时
$_SESSION['user_id'] = $user['id'];

// 退出登录时
session_destroy();

前端表单示例

HTML表单需包含必要的字段验证：

<form method="post">
    <input type="text" name="username" required>
    <input type="password" name="password" required>
    <input type="email" name="email" required>
    <button type="submit">注册/登录</button>
</form>