Ｓession控制登陆

Session控制登陆

---

<html>
<head>
    <meta http-equiv="content-type" content="text/html;charset=utf-8"/>
    <script>
        function on_load() {
            console.log("welcome!");
        }
        function on_focus() {
            var name = document.getElementsByName('name');
            if ("请输入用户名：" === name[0].value) {
                name[0].value = '';
            }
            console.log(name[0].value);
        }
        function check(){
            var name = document.getElementsByName('name');
            var password = document.getElementsByName('password');
            if("请输入用户名：" == name[0].value.replace(/[ ]/g,'')){
                alert("用户名错误！");
                return false;
            }
            if("" == name[0].value.replace(/[ ]/g,'')){
                alert("用户名不能为空");
                return false;
            }
            if("" == password[0].value.replace(/[ ]/g,'')){
                alert("密码不能为空");
                return false;
            }
        }
    </script>
</head>
<body onload="on_load()">
<div>
    <form action="#" method="get" name="myForm">
        <table>
            <tr>
                <td>用户名：</td>
                <td><input id="name" name="name" type="text" value="请输入用户名：" onfocus="on_focus()"/></td>
            </tr>
            <tr>
                <td>密码</td>
                <td><input type="password" name="password" value=""/></td>
            </tr>
            <tr>
                <td colspan="2"><input name="submit" type="submit" value="登陆" style="vertical-align: center" onclick="check()"/></td>
            </tr>
        </table>
    </form>
</div>
</body>
</html>


<?php
$mysqli = new mysqli('localhost', 'root', '123456', 'rentalstore');
if(!isset($_GET['submit'])){
    exit;
}


session_start();
$loginSession = $_COOKIE['PHPSESSID'];

if(isset($_SESSION[$_GET['name']]) and $loginSession == $_SESSION[$_GET['name']]){
    header("Location:https://www.baidu.com");
}

$sql = 'select * from user where name ="'.$_GET['name'].'"';
$result = $mysqli->query($sql)->fetch_assoc();
if($_GET['password'] == $result['password']){
    $_SESSION[$_GET['name']] = $loginSession;
    header("Location:https://www.baidu.com");
}else{
    echo "登陆失败";
}