php实现登录源码
以下是一个基于PHP的简单登录系统实现示例,包含基础功能和安全性考虑:
数据库准备
创建用户表结构(MySQL示例):
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
email VARCHAR(100) NOT NULL UNIQUE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);登录表单页面 (login.php)
<form action="authenticate.php" method="post">
<label for="username">用户名:</label>
<input type="text" id="username" name="username" required>
<label for="password">密码:</label>
<input type="password" id="password" name="password" required>
<button type="submit">登录</button>
</form>认证处理 (authenticate.php)
<?php
session_start();
require 'db_connection.php'; // 数据库连接文件
$username = trim($_POST['username']);
$password = $_POST['password'];
$stmt = $pdo->prepare("SELECT id, username, password FROM users WHERE username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
header("Location: dashboard.php");
exit();
} else {
$_SESSION['login_error'] = "无效的用户名或密码";
header("Location: login.php");
exit();
}
?>数据库连接 (db_connection.php)
<?php
$host = 'localhost';
$db = 'your_database';
$user = 'your_username';
$pass = 'your_password';
$charset = 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
try {
$pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
?>用户注册示例 (register.php)
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
require 'db_connection.php';
$username = trim($_POST['username']);
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
try {
$stmt = $pdo->prepare("INSERT INTO users (username, password, email) VALUES (?, ?, ?)");
$stmt->execute([$username, $password, $email]);
header("Location: login.php");
exit();
} catch (PDOException $e) {
$error = "注册失败: " . $e->getMessage();
}
}
?>
<form method="post">
<input type="text" name="username" required placeholder="用户名">
<input type="email" name="email" required placeholder="邮箱">
<input type="password" name="password" required placeholder="密码">
<button type="submit">注册</button>
</form>安全注意事项
密码必须使用password_hash()函数进行哈希处理
所有数据库查询使用预处理语句防止SQL注入
对用户输入进行适当的清理和验证
考虑添加CSRF保护令牌
实现登录尝试限制防止暴力破解
使用HTTPS保护传输中的敏感数据
会话管理
// 检查登录状态
session_start();
if (!isset($_SESSION['user_id'])) {
header("Location: login.php");
exit();
}
// 登出功能
session_start();
session_destroy();
header("Location: login.php");
exit();这个实现包含了基础登录系统的核心组件,可根据实际需求扩展更多功能如记住我、密码重置等。
