PHP ログイン処理 – テックメモ

PHPほぼ忘れてしまったので勉強中。

<?php
session_start();

ini_set("display_errors", 1);
ini_set("error_reporting", E_ALL);

$usr = filter_input(INPUT_POST, "usr", FILTER_SANITIZE_FULL_SPECIAL_CHARS); 
$pwd = filter_input(INPUT_POST, "pwd", FILTER_SANITIZE_FULL_SPECIAL_CHARS); 
$token = filter_input(INPUT_POST, "token", FILTER_SANITIZE_FULL_SPECIAL_CHARS); 

$auth = [
	"taro" => ["id" => "100", "pwd" => password_hash("123", PASSWORD_DEFAULT)],
	"jiro" => ["id" => "200", "pwd" => password_hash("234", PASSWORD_DEFAULT)],
];

if ($_SERVER["REQUEST_METHOD"] === "POST" && $token === $_SESSION["token"]) {

	if (isset($auth[$usr]) && password_verify($pwd, $auth[$usr]["pwd"])) {

		session_regenerate_id();
		$_SESSOIN["id"] = $auth[$usr]["id"];
	
		echo "OK";

	} else {

		echo "ユーザー名またはパスワードが違います。";

	}
}

$_SESSION["token"] = md5(mt_rand());

?>

<!DOCTYPE html>
<html lang="ja">
<head>
<meta charset="UTF-8">
</head>
<body>
<form method="post">
usr: <input type="text" name="usr">
pwd: <input type="text" name="pwd">
<input type="hidden" name="token" value="<?php echo $_SESSION["token"]; ?>">
<input type="submit">
</form>
</body>
</html>

<?php

session_start();

ini_set("display_errors", 1);

ini_set("error_reporting", E_ALL);

$usr = filter_input(INPUT_POST, "usr", FILTER_SANITIZE_FULL_SPECIAL_CHARS);

$pwd = filter_input(INPUT_POST, "pwd", FILTER_SANITIZE_FULL_SPECIAL_CHARS);

$token = filter_input(INPUT_POST, "token", FILTER_SANITIZE_FULL_SPECIAL_CHARS);

$auth = [

"taro" => ["id" => "100", "pwd" => password_hash("123", PASSWORD_DEFAULT)],

"jiro" => ["id" => "200", "pwd" => password_hash("234", PASSWORD_DEFAULT)],

];

if ($_SERVER["REQUEST_METHOD"] === "POST" && $token === $_SESSION["token"]) {

if (isset($auth[$usr]) && password_verify($pwd, $auth[$usr]["pwd"])) {

session_regenerate_id();

$_SESSOIN["id"] = $auth[$usr]["id"];

echo "OK";

} else {

echo "ユーザー名またはパスワードが違います。";

}

$_SESSION["token"] = md5(mt_rand());

<!DOCTYPE html>

<head>

</head>

<body>

usr: <input type="text" name="usr">

pwd: <input type="text" name="pwd">

</form>

</body>

</html>