php项目学习

xiaoxiao2021-02-27  656

github上研究生信息管理系统,重点学习该项目与数据库的交互


首先看该项目数据库结构,共7个表


login.php 点击登陆之后,首先从表单获取账号和密码,查询成功时为即账号密码正确。接着检查该学生的gm_active,查看是否审核通过,通过后修改数据库中该账号的登陆时间和登陆ip。接着判断该登陆用户的权限,如果为学生账号时进入student_s.php。 if ($_GET['action'] == login) { include ROOT_PATH . 'includes/register.func.php'; if ($_system['needcode'] == 1) { _check_code($_SESSION['code'], $_POST['code']); } $clean = array(); $clean['num'] = _check_username($_POST['num']); $clean['password'] = _check_password($_POST['password']); if ($rows = _fetch_array("SELECT gm_num,gm_username,gm_active,gm_level FROM gm_user WHERE gm_num='{$clean['num']}' AND gm_password='{$clean['password']}' LIMIT 1") ) { if ($rows['gm_active'] == 0) { _alert_back('您的资料正在被审核,请耐心等待!'); } else { _query("UPDATE gm_user SET gm_last_time=NOW(), gm_last_ip='{$_SERVER["REMOTE_ADDR"]}' WHERE gm_num='{$rows['gm_num']}'"); //设置session $_SESSION['num'] = $clean['num']; $_SESSION['username'] = $rows['gm_username']; $_SESSION['level'] = $rows['gm_level']; //判断权限分配页面 if ($_SESSION['level'] == 1) { _location(null, 'student_s.php'); } else if ($_SESSION['level'] == 2 or $_SESSION['level'] == 3) { _location(null, 'admin.php'); } else { _alert_back('非法操作!'); } } } else { _alert_back('用户名或密码错误,忘记密码可请管理员重置'); } } register.php

注册页面,

if($_GET['action']==register){ include ROOT_PATH.'includes/register.func.php'; if($_system['needcode']==1){ _check_code($_SESSION['code'], $_POST['code']); } $clean=array(); $clean['username']=_check_username($_POST['username']); $clean['num']=_check_num($_POST['num']); $clean['sex']=_check_sex($_POST['sex']); _checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']); _checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']); $clean['birth']=$_POST['birth_y'].'-'.$_POST['birth_m'].'-'.$_POST['birth_d']; $clean['start_time']=$_POST['start_time_y'].'-'.$_POST['start_time_m'].'-'.$_POST['start_time_d']; $clean['gm_grade']=_time_to_grade($_POST['start_time_y'],$_POST['start_time_m']); $clean['contact']=_check_contact($_POST['contact']); $clean['address']=_check_address_ex($_POST['address']); $clean['subject']=_check_subject($_POST['subject']); $clean['type']=_check_type($_POST['type']); $clean['photoname']=_check_photo(); //判断是否已经注册 _is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'",'该学号已经被注册!如有问题请咨询管理员!'); $newpassword=_check_password($_system['initial_password']); if(_query("INSERT INTO gm_user( gm_username, gm_num, gm_password, gm_reg_time, gm_last_time, gm_last_ip) VALUES( '{$clean['username']}', '{$clean['num']}', '$newpassword', NOW(), NOW(), '{$_SERVER["REMOTE_ADDR"]}')") and _query("INSERT INTO gm_stuinfo( gm_username, gm_num, gm_sex, gm_birth, gm_start_time, gm_grade, gm_contact, gm_address, gm_subject, gm_type, gm_photoname) VALUES( '{$clean['username']}', '{$clean['num']}', '{$clean['sex']}', '{$clean['birth']}', '{$clean['start_time']}', '{$clean['gm_grade']}', '{$clean['contact']}', '{$clean['address']}', '{$clean['subject']}', '{$clean['type']}', '{$clean['photoname']}')")){ _location('你的信息已经提交,请耐心等待审核!', 'login.php'); }else{ _alert_back('注册失败!有问题请咨询管理员!'); } } student_s.php

通过时间降序查询公告和留言的12条数据。

<?php /** *2012-8-22 | By:NaV! */ //防止恶意调用 define('IN_GM',true); //定义个常量,用来指定本页的内容 define('SCRIPT','student_s'); //引入公共文件 require dirname(__FILE__).'/includes/common.inc.php'; //判断登录状态和权限 _login_state(1); $notice_res=_query("SELECT * FROM gm_notice ORDER BY gm_time DESC LIMIT 12"); $message_res=_query("SELECT * FROM gm_message ORDER BY gm_systime DESC LIMIT 12"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href="styles/student_s.css" rel="stylesheet" type="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php require ROOT_PATH.'includes/title_student.inc.php'; ?> </head>

接着打开title_student.inc.php,为了防止页面被恶意调用,这块代码在底下。(不理解为什么可以做到防止恶意调用???)。

假设有个人成功登陆,然后浏览器解析这个从服务端返回的页面,开始加载student_s.php,当加载到require 语句,进入title_student.inc.php判断是否被恶意调用。在这个过程中从开始加载student_s.php到加载require 语句,这中间改变IN_GM的值才会触发exit,实在感觉是多余。 问题解决,原来无法直接通过获取http报文来查看php的源代码,php脚本经过解释器解析之后才向客户端返回。。

title_student.inc.php

<?php /** *2012-8-22 By:NaV! */ //防止恶意调用 if(!defined('IN_GM')){ exit('Access Defined!'); } //防止非HTML页面调用 if(!defined('SCRIPT')){ exit('SCRIPT Error!'); } global $_system; ?> admin.php

下来的几条查询,通过几个表得到数据

<?php /** *2012-7-30 | By:NaV! */ //防止恶意调用 define('IN_GM',true); //定义个常量,用来指定本页的内容 define('SCRIPT','admin'); //引入公共文件 require dirname(__FILE__).'/includes/common.inc.php'; //判断登录状态和权限 _login_state(2); //得到审核未通过的学生 $active_num=_num_rows("SELECT gm_id FROM gm_stuinfo WHERE gm_active='0'"); //得到12小时内的消息 $message_num=_num_rows("SELECT gm_id FROM gm_message WHERE (NOW()-gm_systime)<12*3600"); $message_re_num=_num_rows("SELECT gm_id FROM gm_message WHERE gm_replytime is null"); $teacher_mat_num=_num_rows("SELECT gm_id FROM gm_stuinfo WHERE (gm_teacher is null OR gm_teacher='') AND gm_active='1' "); $funds_num=_num_rows("SELECT gm_fid FROM gm_funds"); $user_num=_num_rows("SELECT gm_id FROM gm_user WHERE gm_active='1'"); $stu_num=_num_rows("SELECT gm_id FROM gm_stuinfo WHERE gm_active='1'"); $message_res=_query("SELECT * FROM gm_message ORDER BY gm_systime DESC LIMIT 8"); $teacher_num=_num_rows("SELECT gm_id FROM gm_teacher"); ?> stu_active.php 首页的小模块共有9个现在看第一个 <?php /** *2012-7-31 | By:NaV! */ //防止恶意调用 define('IN_GM',true); //定义个常量,用来指定本页的内容 define('SCRIPT','stu_active'); //引入公共文件 require dirname(__FILE__).'/includes/common.inc.php'; //判断登录状态和权限 _login_state(2); //判断是否有学生需要审核 if($num=_num_rows("SELECT gm_active FROM gm_stuinfo WHERE gm_active='0'")){ //分页模块 _page($num,$_system['stu_active_pagesize']); $res=_query("SELECT gm_active,gm_username,gm_num,gm_sex,gm_grade,gm_subject,gm_type FROM gm_stuinfo WHERE gm_active='0' ORDER BY gm_num LIMIT $pagenum,$pagesize"); } //开始激活和删除处理 if(!empty($_GET['num']) and !empty($_GET['action'])){ //判断传过来的学号是否真实存在 if (_fetch_array("SELECT gm_active FROM gm_stuinfo WHERE gm_num='{$_GET['num']}' LIMIT 1")){ //激活 if($_GET['action']==pass){ if(_query("UPDATE gm_stuinfo SET gm_active='1' WHERE gm_num='{$_GET['num']}'") and _query("UPDATE gm_user SET gm_active='1' WHERE gm_num='{$_GET['num']}'")){ _location('审核成功!', 'stu_active.php'); }else{ _location('审核失败!', 'stu_active.php'); } } //删除 if($_GET['action']==del){ if(_query("DELETE FROM gm_user WHERE gm_num='{$_GET['num']}'")){ $r_s=_fetch_array("SELECT gm_photoname FROM gm_stuinfo WHERE gm_num='{$_GET['num']}' LIMIT 1"); $photoname="photos".$r_s['gm_photoname']; chmod($photoname,0777); unlink($photoname); _query("DELETE FROM gm_stuinfo WHERE gm_num='{$_GET['num']}'"); _location('删除成功!', 'stu_active.php'); }else{ _location('删除失败!', 'stu_active.php'); } } } else{ _alert_back('要操作的学号不存在!'); } } ?>

分页函数

/** * _page分页函数 * @access public * @param int $num 总记录数 * @param int $size 每页显示数 */ function _page($num,$size){ //$pagenum,$pagesize作为分页查询的真实参数 //这里需要用全局变量$pagesize,所以不可以把参数命名为$pagesize global $page, $pageabsolute, $pagenum, $pagesize; //检测是否传入page,以及判断各种值得异常情况,异常则将分页设为1,否则将page转换成整数 if(isset($_GET['page'])){ $page = $_GET['page']; if(empty($page) or $page<0 or !is_numeric($page)){ $page = 1; }else { $page = intval($page); } }else{ $page = 1; } $pagesize =$size; //此句在本页多余,但在其他情况下可能有用 if($num == 0){ $pageabsolute=1; }else{ $pageabsolute=ceil($num/$pagesize); } if($page>$pageabsolute){ $page = $pageabsolute; } //此句要放在上面判断语句的下面 $pagenum = ($page-1)*$pagesize; } /** * _paging分页选择函数 * @access public * @param $type 1数字分页,2文本分页 */ function _paging($type){ global $pageabsolute,$page,$num; if($type==1){ echo '<div id="page_num">'; echo '<ul>'; for($i=1;$i<=$pageabsolute;$i++) if($page==$i){ echo '<li><a href="'.SCRIPT.'.php?page='.$i.'" class="selected">'.$i.'</a></li>'; }else{ echo '<li><a href="'.SCRIPT.'.php?page='.$i.'">'.$i.'</a></li>'; } echo '</ul>'; echo '</div>'; }elseif ($type==2){ echo '<div id="page_text">'; echo '<ul>'; echo '<li>'.$page.'/'.$pageabsolute.' | </li>'; echo '<li>共有<strong>'.$num.'</strong>条记录 | </li>'; if($page==1){ echo '<li>首页 | </li>'; echo '<li>上一页 | </li>'; }else{ echo '<li><a href="'.SCRIPT.'.php">首页</a> | </li>'; echo '<li><a href="'.SCRIPT.'.php?page='.($page-1).'">上一页</a> | </li>'; } if($page==$pageabsolute){ echo '<li>下一页 | </li>'; echo '<li>尾页</li>'; }else{ echo '<li><a href="'.SCRIPT.'.php?page='.($page+1).'">下一页</a> | </li>'; echo '<li><a href="'.SCRIPT.'.php?page='.$pageabsolute.'">尾页</a></li>'; } echo '</ul>'; echo '</div>'; } }

php的变量作用域与c、java之类的不同(用起来很别扭,但是php的作用域个人感觉是要比java的要合理)。global原理

转载请注明原文地址: https://www.6miu.com/read-110.html

最新回复(0)