问题描述
我正在尝试从 PHPNerds .我在运行他们提到的脚本时遇到了麻烦(我几乎理解了代码的作用,但是我无法获取将使用哪个名称存储的代码).它们如下,
I am trying to learn how to use cookies from PHPNerds. I am having trouble in running the scripts that they have mentioned(I almost understand what the code does but I am unable to get which code will be stored with which name ). They are as below,
<html>
<head>
<title>User Logon</title>
</head>
<body>
<h2>User Login </h2>
<form name="login" method="post" action="login.php">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
Remember Me: <input type="checkbox" name="rememberme" value="1"><br>
<input type="submit" name="submit" value="Login!">
</form>
</body>
</html>
登录代码
<?php
/* These are our valid username and passwords */
$user = 'jonny4';
$pass = 'delafoo';
if (isset($_POST['username']) && isset($_POST['password')) {
if (($_POST['username'] == $user) && ($_POST['password'] == $pass)) {
if (isset($_POST['rememberme'])) {
/* Set cookie to last 1 year */
setcookie('username', $_POST['username'], time()+60*60*24*365, '/account', 'www.example.com');
setcookie('password', md5($_POST['password']), time()+60*60*24*365, '/account', 'www.example.com');
} else {
/* Cookie expires when browser closes */
setcookie('username', $_POST['username'], false, '/account', 'www.example.com');
setcookie('password', md5($_POST['password']), false, '/account', 'www.example.com');
}
header('Location: index.php');
} else {
echo 'Username/Password Invalid';
}
} else {
echo 'You must supply a username and password.';
}
?>
验证
<?php
/* These are our valid username and passwords */
$user = 'jonny4';
$pass = 'delafoo';
if (isset($_COOKIE[['username']) && isset($_COOKIE['password')) {
if (($_POST['username'] != $user) || ($_POST['password'] != md5($pass))) {
header('Location: login.html');
} else {
echo 'Welcome back ' . $_COOKIE['username'];
}
} else {
header('Location: login.html');
}
?>
谢谢.
推荐答案
好,我现在明白了,
PHP是灵活的.您既可以将html与逻辑分开,也可以将其全部放到一个页面中.您将获得关于什么是正确的处理方式的争论,但最终它取决于您自己的喜好以及将来计划如何处理代码.
PHP is flexible. You can either separate your html from your logic or serve it all in one page. You will get arguments about what is the "proper" way to handle this, but ultimately it has to do with your own preference and how you plan on handling the code in the future.
就个人而言,在一个很小的项目中,我会将登录页面的逻辑和html保存在一个文件中...
Personally, on a tiny project I would have the logic and html for the login page in one file...
login.php:
login.php:
<?php
/* These are our valid username and passwords */
$user = 'jonny4';
$pass = 'delafoo';
$error = null;
if (isset($_POST['username']) && isset($_POST['password')) {
if (($_POST['username'] == $user) && ($_POST['password'] == $pass)) {
if (isset($_POST['rememberme'])) {
/* Set cookie to last 1 year */
setcookie('username', $_POST['username'], time()+60*60*24*365, '/account', 'www.example.com');
setcookie('password', md5($_POST['password']), time()+60*60*24*365, '/account', 'www.example.com');
} else {
/* Cookie expires when browser closes */
setcookie('username', $_POST['username'], false, '/account', 'www.example.com');
setcookie('password', md5($_POST['password']), false, '/account', 'www.example.com');
}
header('Location: index.php');
exit;
} else {
$error = 'Username/Password Invalid';
}
} else {
$error = 'You must supply a username and password.';
}
?>
<html>
<head>
<title>User Logon</title>
</head>
<body>
<h2>User Login </h2>
<?php echo $error ? $error.'<br>' : ''; ?>
<form name="login" method="post" action="login.php">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
Remember Me: <input type="checkbox" name="rememberme" value="1"><br>
<input type="submit" name="submit" value="Login!">
</form>
</body>
</html>
index.php:
index.php:
<?php
/* These are our valid username and passwords */
$user = 'jonny4';
$pass = 'delafoo';
if (isset($_COOKIE[['username']) && isset($_COOKIE['password')) {
if (($_POST['username'] != $user) || ($_POST['password'] != md5($pass))) {
header('Location: login.php');
exit;
} else {
echo 'Welcome back ' . $_COOKIE['username'];
}
} else {
header('Location: login.php');
exit;
}
?>
如果您要认真对待,我会研究 MVC (模型视图控制器)和OOP(面向对象的程序设计)以了解其适用性.但是对于基本的事情,在此示例中,在视图顶部处理登录没有什么特别的错误.
If you're going serious, I would look into MVC (model view controller) and OOP (object oriented programming) to see how proper it can be. But for basic things, there's nothing particularly wrong with the login being handled at the top of a view like in this example.
从我的角度-在一家网络公司工作-我绝对不喜欢它,因为我从新客户那里继承了一个项目,而老程序员则将他们可能的一切都分离到一个新文件中.术语正确的工作工具"也可以适用于项目的基本方法.在某些情况下,站点如此之小,以至于浪费时间通过框架或建立精细的文件系统来工作.这一切都取决于您的需求,随着经验的积累,这将变得很清楚.
From my perspective - working for a web firm - I absolutely hate it when I inherit a project from a new client and the old programmer separated everything they possibly could into a new file. The term "right tool for the job" can also apply to the basic approach to a project. In some cases, a site is so small it would be a huge waste of time to work it through a framework or set up an elaborate file system. It all depends on your needs, which will become clear with experience.
可以肯定的是-每个说将用户名和密码存储在cookie中的人都是一个坏主意,这是绝对正确的.通常,您可以执行一些操作,例如存储唯一的ID并与数据库进行交叉引用,以提取相关的用户信息.这样,您的数据就不会被任何新手黑客或白痴劫持,而他们的Cookie仍会在桌面上打开.
One thing's for sure - everyone that said storing usernames and passwords in cookies is a bad idea is absolutely correct. Usually you do something like store a unique ID and cross reference that with a database to pull the relevant user info. That way your data can't be hijacked by any novice hack or idiot leaving their cookies open on their desktop.
这篇关于在PHP中创建Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!